Lucene search
K

43 matches found

NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2026-57633

Unauthenticated Sensitive Data Exposure in WCBoost Products Compare = 1.1.0 versions...

5.3CVSS0.0024EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:53 p.m.32 views

CVE-2026-57633 WordPress WCBoost &#8211; Products Compare plugin <= 1.1.0 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in WCBoost Products Compare = 1.1.0 versions...

5.3CVSS0.0024EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:53 p.m.5 views

EUVD-2026-39749

Unauthenticated Sensitive Data Exposure in WCBoost Products Compare = 1.1.0 versions...

5.3CVSS5.8AI score0.0024EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:53 p.m.10 views

CVE-2026-57633

CVE-2026-57633 describes an unauthenticated sensitive data exposure affecting the WordPress plugin WCBoost – Products Compare for versions up to 1.1.0 . The connected sources confirm the affected component and the exposure but do not provide attacker vectors, specific data exposed, root cause det...

5.3CVSS5.8AI score0.0024EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.8 views

CVE-2026-27400

Unauthenticated Arbitrary File Deletion in BookPro = 1.1.0 versions...

8.6CVSS0.0054EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.3 views

CVE-2026-4022

The Show Posts list – Easy designs, filters and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'posttype' shortcode attribute in the 'swiftpost-list' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on...

6.4CVSS6AI score0.00235EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/05 11:18 a.m.8 views

WordPress Triompher theme <= 1.1.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Triompher versions = 1.1.0...

5.8AI score0.00519EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/19 8:27 a.m.2 views

CVE-2026-27050

Cross-Site Request Forgery CSRF vulnerability in ThimPress RealPress realpress allows Cross Site Request Forgery.This issue affects RealPress: from n/a through = 1.1.0...

5.5AI score0.00095EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/19 8:27 a.m.3 views

CVE-2026-27050 WordPress RealPress plugin <= 1.1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in ThimPress RealPress realpress allows Cross Site Request Forgery.This issue affects RealPress: from n/a through = 1.1.0...

5.4CVSS5.5AI score0.00095EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/19 8:27 a.m.26 views

CVE-2026-27050 WordPress RealPress plugin <= 1.1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in ThimPress RealPress realpress allows Cross Site Request Forgery.This issue affects RealPress: from n/a through = 1.1.0...

5.4CVSS0.00095EPSS
Exploits0References1
CVE
CVE
added 2026/02/19 8:27 a.m.10 views

CVE-2026-27050

CVE-2026-27050 is a CSRF vulnerability affecting the WordPress RealPress plugin (RealPress) for versions up to and including 1.1.0. The issue is documented across multiple sources (NVD, Red Hat, CVE List, etc.) with a consistent description and does not provide additional exploit details in the c...

5.4CVSS5.4AI score0.00095EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.7 views

PT-2026-20759

Cross-Site Request Forgery CSRF vulnerability in ThimPress RealPress realpress allows Cross Site Request Forgery.This issue affects RealPress: from n/a through = 1.1.0...

5.5AI score0.00095EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/01/13 11:2 p.m.8 views

WordPress Sosh Share Buttons plugin <= 1.1.0 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Sosh Share Buttons versions = 1.1.0...

4.3CVSS7AI score0.0014EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/31 11:5 a.m.4 views

CVE-2025-68988

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in o2oe E-Invoice App Malaysia einvoiceapp-malaysia allows Retrieve Embedded Sensitive Data.This issue affects E-Invoice App Malaysia: from n/a through = 1.3.0...

5.3CVSS5.9AI score0.00251EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/31 5:34 a.m.28 views

CVE-2025-68885 WordPress Custom Post Status plugin <= 1.1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in page-carbajal Custom Post Status custom-post-status allows Stored XSS.This issue affects Custom Post Status: from n/a through = 1.1.0...

7.1CVSS0.00096EPSS
Exploits0References1
CVE
CVE
added 2025/12/31 5:34 a.m.13 views

CVE-2025-68885

CVE-2025-68885: Cross-Site Request Forgery in the Page Carbajal Custom Post Status plugin enables Stored XSS, affecting Custom Post Status up to version 1.1.0. CVSS 3.1 base 7.1 (HIGH). No exploitation details or fixes are provided in the initial or connected documents; refer to Patchstack listin...

7.1CVSS5.9AI score0.00096EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/29 4:0 p.m.2 views

CVE-2025-68878 WordPress Advanced Custom CSS plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in prasadkirpekar Advanced Custom CSS advanced-custom-css allows Reflected XSS.This issue affects Advanced Custom CSS: from n/a through = 1.1.0...

7.1CVSS5.7AI score0.00146EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/12 3:21 a.m.3 views

CVE-2025-13975 Contact Form 7 with ChatWork <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'api_token' and 'roomid' Settings

The Contact Form 7 with ChatWork plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'apitoken' and 'roomid' settings in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS4.7AI score0.00195EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/09 2:14 p.m.2 views

CVE-2025-67581 WordPress TrueBooker plugin <= 1.1.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in themetechmount TrueBooker truebooker-appointment-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TrueBooker: from n/a through = 1.1.0...

5.3CVSS6.6AI score0.00176EPSS
Exploits0References1
CVE
CVE
added 2025/12/09 2:14 p.m.11 views

CVE-2025-67581

CVE-2025-67581 is reported in the WordPress plugin “Appointment Booking and Scheduler Plugin – Truebooker” as an unauthenticated Missing Authorization vulnerability (misconfigured access control levels). The Wordfence vulnerability entry in the connected document confirms this issue affecting Tru...

5.3CVSS6.6AI score0.00176EPSS
Exploits0References1
Rows per page
Query Builder