Lucene search
K

49523 matches found

CVE
CVE
added 1 hour ago3 views

CVE-2026-9282

The W3 Total Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.4 via the setupSources function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS6.2AI score
Exploits0References6
CVE
CVE
added 1 hour ago4 views

CVE-2026-9017

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 9.2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS6.1AI score
Exploits0References8
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-43147

The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 Form Field in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

7.2CVSS6.2AI score
Exploits0References6
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-43148

The SureCart plugin for WordPress is vulnerable to privilege escalation via account takeover in versions up to, and including, 4.2.3. This is due to the plugin not properly validating a user's identity prior to updating their details like email during customer profile synchronization from webhook...

8.1CVSS6.1AI score
Exploits0References3
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-43134

The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.4.12. This is due to missing capability checks and nonce verification on AJAX actions registered under both wpajax and wpajaxnopriv hooks, as the base...

5.3CVSS6.1AI score
Exploits0References13
EUVD
EUVD
added 1 hour ago2 views

EUVD-2026-43143

The Booking Package plugin for WordPress is vulnerable to generic SQL Injection via 'email' Form Parameter form in all versions up to, and including, 1.7.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

7.5CVSS6.1AI score
Exploits0References11
EUVD
EUVD
added 1 hour ago2 views

EUVD-2026-43141

The Solace Extra plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.5.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to permanently delete all...

5.3CVSS6.1AI score
Exploits0References9
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-43144

The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.12. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attacke...

5.3CVSS6.2AI score
Exploits0References11
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-43125

The Members – Membership & User Role Editor Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.22 via the membersfilterprotectedpostsforrest. This makes it possible for unauthenticated attackers to extract determine the existence...

5.3CVSS6.1AI score
Exploits0References7
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-43130

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment Content and User Biographical Info in all versions up to, and including, 1.4.112 due to insufficient input sanitization and output escaping. This makes it possibl...

7.2CVSS6.2AI score
Exploits0References9
CVE
CVE
added 2 hours ago10 views

CVE-2026-6939

The CVE-2026-6939 entry concerns the CorvusPay WooCommerce Payment Gateway for WordPress. It is vulnerable to Unauthenticated Stored Cross-Site Scripting via the approval_code parameter in all versions up to 2.7.4 due to insufficient input sanitization and output escaping. An unauthenticated REST...

7.2CVSS6.2AI score
Exploits0References11
CVE
CVE
added 2 hours ago5 views

CVE-2026-12994

Technical details are not publicly available in the provided documents. The description summarizes the vulnerability but lacks concrete affected versions, components, and remediation specifics beyond general impact. Monitor for updates.

5.3CVSS6.2AI score
Exploits0References12
CVE
CVE
added 2 hours ago6 views

CVE-2026-4661

The CVE-2026-4661 entry concerns the WordPress plugin WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales (versions up to 2.2.2). The flaw is a time-based blind SQL injection in the fildname parameter, caused by insufficient escaping of user-supplied column names in ajaxCheck() and an inco...

7.5CVSS6.1AI score
Exploits0References5
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-43156

The WCFM – Frontend Manager for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.7.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attacker...

5.3CVSS6.2AI score
Exploits0References12
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-43157

The WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'fildname' parameter in all versions up to, and including, 2.2.2. This is due to insufficient escaping of user-supplied column names in the ajaxCheck method...

7.5CVSS6.1AI score
Exploits0References5
CVE
CVE
added 2 hours ago10 views

CVE-2026-6801

The Context Blog theme for WordPress is affected up to version 1.3.5. The vulnerability is an unauthenticated sensitive information exposure via the context_blog_modal_popup, which can let an attacker retrieve the content of password-protected posts. The root cause is exposure through a postID pa...

5.3CVSS6.1AI score
Exploits0References2
CVE
CVE
added 2 hours ago9 views

CVE-2026-10865

CVE-2026-10865 affects the Cost Calculator Builder plugin for WordPress. The vulnerability exists in all versions up to 4.0.11 and arises from exposure in the template body, allowing unauthenticated attackers to read plaintext payment gateway secrets (Stripe secret key, Razorpay secret key, and P...

5.3CVSS6.1AI score
Exploits0References10
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-43153

The Context Blog theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.5 via the contextblogmodalpopup. This makes it possible for unauthenticated attackers to extract the content of password-protected posts...

5.3CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-43152

The Cost Calculator Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.11 via the template body. This makes it possible for unauthenticated attackers to extract the plaintext Stripe secret key, Razorpay secret key, and PayPal...

5.3CVSS6.1AI score
Exploits0References10
CVE
CVE
added 2 hours ago6 views

CVE-2026-11901

Affected software: WordPress WP Hotel Booking plugin (versions ≤ 2.3.1). Vulnerability: Insufficient Verification of Data Authenticity in the PayPal IPN handler (web_hook_process_paypal_standard). The IPN validation endpoint can be chosen from attacker-controlled test_ipn, permitting force-upgrad...

5.3CVSS6.1AI score
Exploits0References10
Rows per page
Query Builder