Lucene search
K

37 matches found

NVD
NVD
added 2026/06/17 1:20 p.m.10 views

CVE-2026-40749

Subscriber Arbitrary File Upload in Charity Zone = 1.1.1 versions...

9.9CVSS0.00434EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:17 p.m.42 views

CVE-2026-9691 WordPress Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms = 1.1.1 versions...

9.8CVSS0.00476EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/08 8:30 a.m.21 views

CVE-2026-39680 WordPress Diet Calorie Calculator plugin <= 1.1.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in MWP Development Diet Calorie Calculator diet-calorie-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Diet Calorie Calculator: from n/a through = 1.1.1...

5.3CVSS0.0019EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 8:30 a.m.8 views

CVE-2026-39672

The connected sources confirm CVE-2026-39672 relates to the WordPress plugin ShipTime: Discounted Shipping Rates (shiptime-discount-shipping) with a Broken Access Control (Missing Authorization) vulnerability affecting version

5.3CVSS5.9AI score0.0025EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.8 views

PT-2026-27944

Name of the Vulnerable Software and Affected Versions Nexa Blocks versions through 1.1.1 Description The software contains a flaw due to deserialization of untrusted data, which allows for object injection. This issue impacts Nexa Blocks. Recommendations Update Nexa Blocks to a version later than...

9.8CVSS5.9AI score0.00375EPSS
Exploits0References4
NVD
NVD
added 2026/03/05 6:16 a.m.5 views

CVE-2025-53335

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Berger berger allows PHP Local File Inclusion.This issue affects Berger: from n/a through = 1.1.1...

8.1CVSS0.00504EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.7 views

PT-2026-21115

Name of the Vulnerable Software and Affected Versions Mopinion Feedback Form versions through 1.1.1 Description The Mopinion Feedback Form software contains a flaw related to improper input handling during web page generation, specifically a DOM-Based Cross-site Scripting issue. This allows for t...

5.3AI score0.0023EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/28 6:43 a.m.3 views

CVE-2025-14039

The Simple Folio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'simplefolioitemclientname' and 'simplefolioitemlink' meta fields in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6AI score0.00281EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/01/27 7:16 a.m.5 views

WordPress Mopinion Feedback Form plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin Mopinion Feedback Form versions = 1.1.1...

7.1CVSS5.9AI score0.0023EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/31 5:16 p.m.17 views

WordPress Appender plugin <= 1.1.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Appender versions = 1.1.1...

5.4CVSS6.8AI score0.00173EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/17 10:2 a.m.4 views

CVE-2025-66164

Missing Authorization vulnerability in merkulove Laser laser allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Laser: from n/a through = 1.1.1...

5.4CVSS7AI score0.00168EPSS
Exploits0References1
CVE
CVE
added 2025/11/11 6:58 p.m.18 views

CVE-2025-61843

CVE-2025-61843 concerns Adobe Format Plugins. The issue is an Out-of-bounds Read affecting versions 1.1.1 and earlier, leading to memory exposure. Exploitation requires user interaction (victim opens a malicious file). The vulnerability is documented across multiple sources in the Connected docum...

5.5CVSS5.6AI score0.00173EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/29 8:38 a.m.3 views

CVE-2025-64284 WordPress Majestic Support plugin <= 1.0.7 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Majestic Support Majestic Support majestic-support allows PHP Local File Inclusion.This issue affects Majestic Support: from n/a through = 1.0.7...

7.5CVSS5.3AI score0.00363EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-30726

Malicious code in bioql PyPI...

7.2CVSS6.5AI score0.00593EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/09/27 4:6 a.m.8 views

WordPress Popular Posts by Webline plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Popular Posts by Webline versions = 1.1.1...

5.4CVSS6.1AI score0.00191EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/24 12:0 a.m.6 views

PT-2025-39350

Name of the Vulnerable Software and Affected Versions json-schema-editor-visual versions through 1.1.1 Description A Prototype Pollution issue exists in the setData and deleteData functions. Attackers can inject or delete properties on Object.prototype by providing a crafted payload, potentially...

6.5CVSS6.5AI score0.003EPSS
Exploits0References7
Patchstack
Patchstack
added 2025/09/22 7:39 p.m.5 views

WordPress GSheets Connector Plugin <= 1.1.1 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Drew / mcdruid in WordPress Plugin GSheets Connector versions = 1.1.1...

7.2CVSS7AI score0.00593EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/09/05 2:15 p.m.5 views

CVE-2025-58833

Cross-Site Request Forgery CSRF vulnerability in INVELITY Invelity MyGLS connect invelity-mygls-connect allows Object Injection.This issue affects Invelity MyGLS connect: from n/a through = 1.1.1...

8.8CVSS0.00159EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/09/05 1:32 p.m.3 views

WordPress Invelity MyGLS connect Plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Martino Spagnuolo r3verii in WordPress Plugin Invelity MyGLS connect versions = 1.1.1...

8.8CVSS6.6AI score0.00159EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/05 12:0 a.m.4 views

PT-2025-36172

Name of the Vulnerable Software and Affected Versions: INVELITY Invelity MyGLS connect versions through 1.1.1 Description: This issue is a Cross-Site Request Forgery CSRF vulnerability that allows Object Injection. Recommendations: At the moment, there is no information about a newer version that...

8.8CVSS6.2AI score0.00159EPSS
Exploits0References7
Rows per page
Query Builder