Lucene search
K

246 matches found

CVE
CVE
added 5 hours ago5 views

CVE-2026-12426

The CVE-2026-12426 affects the WordPress plugin Members – Membership & User Role Editor, up to version 3.2.22. The vulnerability enables unauthenticated attackers to perform sensitive information exposure via the REST API pagination side channel, using the members_filter_protected_posts_for_rest ...

5.3CVSS6.1AI score
Exploits0References6
EUVD
EUVD
added yesterday7 views

EUVD-2026-42881

Capgo before 12.128.2 contains an information disclosure vulnerability in the getorgsv7userid RPC function that remains publicly invokable despite intended private access controls. Unauthenticated attackers can supply arbitrary user UUIDs to retrieve foreign users' organization membership, roles,...

8.7CVSS6.2AI score
Exploits0References2
Nuclei
Nuclei
added yesterday6 views

Gogs < 0.14.3 - Unauthenticated Organization Teams Disclosure

Gogs before version 0.14.3 contains an unauthenticated information disclosure vulnerability. The GET /api/v1/orgs/:orgname/teams endpoint returns all teams for any organization without requiring authentication. The route group lacks the reqToken middleware, exposing team IDs, names, descriptions,...

6.9CVSS5.9AI score0.01553EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday13 views

OpenProject < 12.5.4 - Project Identifiers Exposure

OpenProject versions before 12.5.6 generate a publicly accessible robots.txt file revealing project identifiers, even if the instance is set to 'Login required', letting attackers gather project info, exploit requires no authentication. id: CVE-2023-33960 info: name: OpenProject 12.5.4 - Project...

7.5CVSS7.1AI score0.01268EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday44 views

WP Directory Kit < 1.5.0 - Unauthenticated Email Exposure

WP Directory Kit plugin for WordPress = 1.4.9 contains a sensitive information exposure caused by improper access control in wdkpublicaction AJAX handler, letting unauthenticated attackers extract email addresses of users with Directory Kit-specific roles. id: CVE-2025-13920 info: name: WP...

5.3CVSS5.9AI score0.00669EPSS
Exploits0References3
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-11571 Everest Forms < 3.5.0 - Unauthenticated Sensitive Information Exposure via Residual CSV Artifacts

The Everest Forms WordPress plugin before 3.5.0 does not reliably delete temporary CSV files generated during email-notification processing and leaves them publicly accessible in the uploads directory, allowing unauthenticated attackers to retrieve other users' form submission records via...

0.00256EPSS
Exploits0References1
Nuclei
Nuclei
added 2 days ago25 views

WordPress AI Engine Plugin - Token Exposure

Unauthenticated sensitive information exposure in AI Engine WordPress plugin = 3.1.3 exposes bearer tokens via REST API endpoints when No-Auth URL is enabled. id: CVE-2025-11749 info: name: WordPress AI Engine Plugin - Token Exposure author: 4m3rr0r severity: critical description: | Unauthenticat...

9.8CVSS7.2AI score0.75063EPSS
Exploits5References2
NVD
NVD
added 2026/07/02 12:17 p.m.8 views

CVE-2026-57753

Unauthenticated Sensitive Data Exposure in Kit formerly ConvertKit for WooCommerce = 2.1.5 versions...

5.3CVSS0.00206EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/02 11:15 a.m.6 views

EUVD-2026-41309

Unauthenticated Sensitive Data Exposure in Kit formerly ConvertKit for WooCommerce = 2.1.5 versions...

5.3CVSS5.8AI score0.00206EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.9 views

PT-2026-55041

Name of the Vulnerable Software and Affected Versions Kit formerly ConvertKit for WooCommerce versions prior to 2.1.6 Description An unauthenticated sensitive data exposure issue exists in the plugin, allowing unauthorized users to access confidential information without providing credentials...

5.3CVSS5.9AI score0.00206EPSS
Exploits0References5
NVD
NVD
added 2026/06/26 3:16 p.m.10 views

CVE-2026-57664

Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder = 1.1.6 versions...

4.3CVSS0.00176EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2026-56060

Unauthenticated Sensitive Data Exposure in Print Invoice & Delivery Notes for WooCommerce = 7.1.1 versions...

7.5CVSS0.00303EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2026-54824

Unauthenticated Sensitive Data Exposure in Ads by WPQuads = 3.0.3 versions...

7.5CVSS0.00294EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2026-54834

Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone = 2.3.2 versions...

7.5CVSS0.00294EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:53 p.m.7 views

EUVD-2026-39669

Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder = 1.1.6 versions...

4.3CVSS5.8AI score0.00176EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:53 p.m.15 views

CVE-2026-57664

The CVE-2026-57664 entry concerns a vulnerability in the WordPress plugin Bopo – WooCommerce Product Bundle Builder, specifically versions

4.3CVSS5.8AI score0.00176EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 2:53 p.m.9 views

CVE-2026-57664

Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder = 1.1.6 versions...

4.3CVSS5.8AI score0.00176EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 2:53 p.m.11 views

CVE-2026-57633

CVE-2026-57633 describes an unauthenticated sensitive data exposure affecting the WordPress plugin WCBoost – Products Compare for versions up to 1.1.0 . The connected sources confirm the affected component and the exposure but do not provide attacker vectors, specific data exposed, root cause det...

5.3CVSS5.8AI score0.0024EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 2:53 p.m.7 views

CVE-2026-57633

Unauthenticated Sensitive Data Exposure in WCBoost - Products Compare = 1.1.0 versions...

5.3CVSS5.8AI score0.0024EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 2:52 p.m.7 views

EUVD-2026-39714

Unauthenticated Sensitive Data Exposure in Print Invoice & Delivery Notes for WooCommerce = 7.1.1 versions...

7.5CVSS5.8AI score0.00303EPSS
Exploits0References1
Rows per page
Query Builder