Lucene search
K

800 matches found

Nuclei
Nuclei
added 13 hours ago82 views

WordPress Easy Digital Downloads <= 3.2.12 - SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Easy Digital Downloads allows SQL Injection.This issue affects Easy Digital Downloads: from n/a through 3.2.12. id: CVE-2024-5057 info: name: WordPress Easy Digital Downloads = 3.2.12 - SQL Injecti...

9.8CVSS6.1AI score0.02588EPSS
Exploits0References3
Nuclei
Nuclei
added 13 hours ago126 views

LiteSpeed Cache <= 5.7 - Unauthenticated Stored XSS

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache- from n/a through 5.7. id: CVE-2023-40000 info: name: LiteSpeed Cache = 5.7 - Unauthenticated Stored XSS...

8.3CVSS6.8AI score0.54872EPSS
Exploits5References3
Nuclei
Nuclei
added 13 hours ago48 views

Spam protection, AntiSpam, FireWall by CleanTalk < 5.153.4 - Unauthenticated Blind SQL Injection

It was possible to exploit an Unauthenticated Time-Based Blind SQL Injection vulnerability in the Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin before 5.153.4. The updatelog function in lib/Cleantalk/ApbctWP/Firewall/SFW.php included a vulnerable query that could be injected v...

7.5CVSS7AI score0.04691EPSS
Exploits1References2
Nuclei
Nuclei
added 13 hours ago21 views

tagDiv Composer < 4.2 - Stored Cross-Site Scripting

tagDiv Composer plugin versions before 4.2 for WordPress are vulnerable to unauthenticated stored XSS via the /wp-json/tdw/savecss endpoint. An attacker can inject malicious JavaScript code through the compiledcss parameter, which gets stored and executed when the CSS is loaded. id: CVE-2023-3169...

6.1CVSS6.8AI score0.01582EPSS
Exploits2References2
Patchstack
Patchstack
added 2 days ago7 views

WordPress Booking Package plugin <= 1.7.20 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by PRISM in WordPress Plugin Booking Package versions = 1.7.20...

7.5CVSS6.1AI score0.00481EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 5 days ago10 views

WordPress LoginPress Pro plugin <= 6.2.3 - Unauthenticated Authentication Bypass vulnerability

Unauthenticated Authentication Bypass vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin LoginPress Pro versions = 6.2.3...

8.1CVSS5.9AI score0.00347EPSS
Exploits0References1Affected Software1
NVD
NVD
added 6 days ago7 views

CVE-2026-0281

An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to the management web interface to obtain web session tokens. This requires a legitimate user to first click on a malicious link provided by the attacker. The...

7.1CVSS0.00278EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 6 days ago11 views

PT-2026-56938

Missing Authorization vulnerability in vowelweb VW Food Corner vw-food-corner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Food Corner: from n/a through = 1.1.0...

5.3CVSS6.1AI score0.00293EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/07/06 8:56 a.m.5 views

WordPress CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x plugin <= 2.2.14 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by sterva - Teletronics in WordPress Plugin CURCY versions = 2.2.14...

5.4CVSS6AI score0.00255EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/07/02 11:15 a.m.7 views

EUVD-2026-41303

Unauthenticated Cross Site Request Forgery CSRF in Booked = 3.0.0 versions...

6.5CVSS5.8AI score0.00124EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:15 a.m.23 views

CVE-2026-57671

Technical details are not publicly available in the provided documents. Monitor for updates.

7.1CVSS5.8AI score0.00191EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.38 views

CVE-2026-57359 WordPress ReviewX plugin <= 2.3.10 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in ReviewX = 2.3.10 versions...

7.1CVSS0.00191EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:14 a.m.17 views

CVE-2026-27426

CVE-2026-27426 affects the WordPress Automotive Car Dealership Business theme

7.1CVSS5.8AI score0.00191EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.9 views

PT-2026-55038

Name of the Vulnerable Software and Affected Versions ez Form Calculator Premium versions prior to 2.14.1.3 Description The plugin contains a broken access control issue that allows unauthenticated users to bypass authorization restrictions. Recommendations Update to a version newer than 2.14.1.2...

5.3CVSS6AI score0.00184EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.9 views

PT-2026-54974

Name of the Vulnerable Software and Affected Versions NativeChurch versions prior to 4.8.8.3 Description An unauthenticated Cross Site Scripting XSS issue exists, allowing attackers to execute malicious scripts without authentication. Recommendations Update NativeChurch to a version newer than...

7.1CVSS6AI score0.0018EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/07/02 12:0 a.m.4 views

WordPress MotoPress Appointment Booking plugin <= 2.4.4 - Unauthenticated Insecure Direct Object Reference to 'payment_details.booking_id' Parameter vulnerability

Unauthenticated Insecure Direct Object Reference to 'paymentdetails.bookingid' Parameter vulnerability discovered by g0wthr in WordPress Plugin MotoPress Appointment Booking versions = 2.4.4...

5.3CVSS5.9AI score0.00342EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/30 9:52 a.m.9 views

WordPress Ajax Load More - Filters plugin <= 3.4.1 - Filters <= 3.4.1 - Unauthenticated Stored Cross-Site Scripting vulnerability

WordPress Ajax Load More - Filters plugin = 3.4.1 - Filters = 3.4.1 - Unauthenticated Stored Cross-Site Scripting vulnerability discovered by jonathan dunn in WordPress Plugin Ajax Load More - Filters versions = 3.4.1...

7.2CVSS5.8AI score0.00261EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/29 1:36 p.m.6 views

EUVD-2026-40107

Unauthenticated Cross Site Scripting XSS in Jobify = 4.3.2 versions...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.8 views

CVE-2026-57630

Unauthenticated Insecure Direct Object References IDOR in Blocksy Companion Pro = 2.1.46 versions...

5.3CVSS0.00228EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.7 views

CVE-2026-56031

Unauthenticated PHP Object Injection in Uncanny Automator = 7.3.1.2 versions...

8.1CVSS0.00317EPSS
Exploits0References1
Rows per page
Query Builder