Lucene search
K

41 matches found

NVD
NVD
added 2026/06/15 9:17 p.m.9 views

CVE-2026-45437

Unauthenticated Cross Site Scripting XSS in Product Filter Widget for Elementor = 1.0.6 versions...

7.1CVSS0.00175EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/22 7:45 a.m.6 views

CVE-2026-5820

The Zypento Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 1.0.6. This is due to the front-end TOC rendering script reading heading text via innerText and inserting it into the page using innerHTML...

6.4CVSS5.9AI score0.00227EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/05 6:30 a.m.4 views

EUVD-2026-9624

Missing Authorization vulnerability in kamleshyadav WP Bakery Autoresponder Addon vc-autoresponder-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Bakery Autoresponder Addon: from n/a through = 1.0.6...

5.9AI score0.00242EPSS
Exploits0References2
NVD
NVD
added 2026/03/05 6:16 a.m.6 views

CVE-2026-27363

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kamleshyadav WP Bakery Autoresponder Addon vc-autoresponder-addon allows Stored XSS.This issue affects WP Bakery Autoresponder Addon: from n/a through = 1.0.6...

7.1CVSS0.0018EPSS
Exploits0References1
CVE
CVE
added 2026/03/05 5:53 a.m.8 views

CVE-2026-27362

CVE-2026-27362 concerns a missing/broken authorization vulnerability in the WordPress plugin WP Bakery Autoresponder Addon (vc-autoresponder-addon). Affected versions are up to 1.0.6 (

6.5CVSS5.9AI score0.00242EPSS
Exploits0References1
NVD
NVD
added 2026/02/20 4:22 p.m.10 views

CVE-2026-24950

Authorization Bypass Through User-Controlled Key vulnerability in themeplugs Authorsy authorsy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Authorsy: from n/a through = 1.0.6...

7.5CVSS0.0025EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/20 3:47 p.m.4 views

CVE-2026-24950

Authorization Bypass Through User-Controlled Key vulnerability in themeplugs Authorsy authorsy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Authorsy: from n/a through = 1.0.6...

7.5CVSS5.4AI score0.0025EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/19 8:27 a.m.3 views

CVE-2026-25393 WordPress Hello FSE theme <= 1.0.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in sparklewpthemes Hello FSE hello-fse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hello FSE: from n/a through = 1.0.6...

4.3CVSS5.5AI score0.00185EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/19 8:27 a.m.1 views

CVE-2026-25394 WordPress Fitness FSE theme <= 1.0.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in sparklewpthemes Fitness FSE fitness-fse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fitness FSE: from n/a through = 1.0.6...

4.3CVSS5.5AI score0.00185EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.9 views

PT-2026-20642

The Dealia – Request a quote plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on multiple AJAX handlers in all versions up to, and including, 1.0.6. The admin nonce DEALIA ADMIN NONCE is exposed to all users with edit posts capability...

4.3CVSS5.5AI score0.00208EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/01/30 2:24 p.m.5 views

WordPress Fitness FSE theme <= 1.0.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by 0xd4rk5id3 in WordPress Theme Fitness FSE versions = 1.0.6...

4.3CVSS5.4AI score0.00185EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/01/23 3:16 p.m.9 views

CVE-2026-24591

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in yasir129 Turn Yoast SEO FAQ Block to Accordion faq-schema-block-to-accordion allows Stored XSS.This issue affects Turn Yoast SEO FAQ Block to Accordion: from n/a through = 1.0.6...

6.5CVSS0.00204EPSS
Exploits0References1
NVD
NVD
added 2026/01/22 5:16 p.m.4 views

CVE-2025-69190

Missing Authorization vulnerability in e-plugins Listihub listihub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Listihub: from n/a through = 1.0.6...

7.3CVSS0.00219EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/22 4:52 p.m.2 views

CVE-2025-69190 WordPress Listihub theme <= 1.0.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in e-plugins Listihub listihub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Listihub: from n/a through = 1.0.6...

7.3CVSS5.9AI score0.00219EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/22 4:52 p.m.2 views

CVE-2025-69190

Missing Authorization vulnerability in e-plugins Listihub listihub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Listihub: from n/a through = 1.0.6...

7.3CVSS5.2AI score0.00219EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/01/06 11:10 p.m.6 views

WordPress Reviewify plugin <= 1.0.6 - Missing Authorization to Authenticated (Contributor+) Arbitrary WooCommerce Coupon Creation vulnerability

Missing Authorization to Authenticated Contributor+ Arbitrary WooCommerce Coupon Creation vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin Reviewify versions = 1.0.6...

7.5CVSS6.8AI score0.0039EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/12/31 11:59 a.m.25 views

CVE-2025-62749 WordPress User Specific Content plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bainternet User Specific Content user-specific-content allows DOM-Based XSS.This issue affects User Specific Content: from n/a through = 1.0.6...

6.5CVSS0.00173EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/17 10:3 a.m.4 views

CVE-2025-68085

Missing Authorization vulnerability in merkulove Buttoner for Elementor buttoner-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Buttoner for Elementor: from n/a through = 1.0.6...

5.4CVSS7AI score0.00141EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/17 10:3 a.m.4 views

CVE-2025-68087

Missing Authorization vulnerability in merkulove Modalier for Elementor modalier-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Modalier for Elementor: from n/a through = 1.0.6...

5.4CVSS7AI score0.00138EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/16 9:31 a.m.13 views

EUVD-2025-203532

Missing Authorization vulnerability in merkulove Modalier for Elementor modalier-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Modalier for Elementor: from n/a through = 1.0.6...

5.4CVSS6.5AI score0.00138EPSS
Exploits0References2
Rows per page
Query Builder