Lucene search
K

122 matches found

Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-57646 WordPress Majestic Support plugin <= 1.1.7 - Insecure Direct Object References (IDOR) vulnerability

Subscriber Insecure Direct Object References IDOR in Majestic Support = 1.1.7 versions...

5.4CVSS0.00181EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 7:16 a.m.10 views

CVE-2026-8622

The Image Sizes on Demand plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF Server Variable in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

6.1CVSS0.00168EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 8:19 p.m.6 views

EUVD-2026-36887

Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot = 1.3.7 versions...

9.8CVSS5.3AI score0.00383EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.8 views

CVE-2026-9014

The WP Promoter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetstats function in versions up to, and including, 1.3. The function is hooked to both the wpajaxwpp-resetstats and wpajaxnoprivwpp-resetstats actions and contains n...

5.3CVSS5.5AI score0.00268EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/19 12:7 p.m.11 views

WordPress Remove Yellow BGBOX plugin <= 1.0 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Remove Yellow BGBOX versions = 1.0...

4.3CVSS5.8AI score0.00158EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.14 views

PT-2026-39948

The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. The vwrsr review AJAX handler lacks both capability checks and nonce verification. The only access control is an is user logged in...

4.3CVSS5.8AI score0.00271EPSS
Exploits0References8
Patchstack
Patchstack
added 2026/05/11 7:7 p.m.15 views

WordPress Next Date plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Next Date versions = 1.0...

6.4CVSS5.8AI score0.00187EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/05 2:26 a.m.6 views

CVE-2026-6696

The Zingaya Click-to-Call plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email', 'firstname', 'lastname', and 'phone' parameters on the plugin's sign-up admin page in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output...

6.1CVSS6AI score0.00219EPSS
Exploits0References7
CVE
CVE
added 2026/04/21 2:25 a.m.15 views

CVE-2026-6674

The CVE refers to the WordPress plugin “Plugin: CMS für Motorrad Werkstätten”, affected through all versions up to and including 1.0.0. The root cause is insufficient escaping of the user-supplied arthtype parameter and lack of proper SQL query preparation, resulting in SQL Injection. The impact ...

6.5CVSS5.8AI score0.00324EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/04/20 11:8 a.m.5 views

WordPress Ashtanga theme <= 1.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Ashtanga versions = 1.2...

5.8AI score0.0032EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/04/16 9:31 a.m.4 views

EUVD-2025-209493

The Career Section plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Path Traversal and Arbitrary File Deletion in all versions up to, and including, 1.6. This is due to missing nonce validation and insufficient file path validation on the delete action in the...

8.8CVSS5.7AI score0.00412EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/05 1:15 a.m.30 views

CVE-2026-5532 ScrapeGraphAI scrapegraph-ai GenerateCodeNode generate_code_node.py create_sandbox_and_execute os command injection

A vulnerability was found in ScrapeGraphAI scrapegraph-ai up to 1.74.0. The affected element is the function createsandboxandexecute of the file scrapegraphai/nodes/generatecodenode.py of the component GenerateCodeNode Component. The manipulation results in os command injection. The attack may be...

7.5CVSS0.01449EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/26 5:0 p.m.6 views

CVE-2026-22495

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Greenville greenville allows PHP Local File Inclusion.This issue affects Greenville: from n/a through = 1.3.2...

8.1CVSS5.8AI score0.00504EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.4 views

CVE-2026-32299

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the page content retrieval feature may allow retrieval of non-public information. Versions 1.41.1 and...

7.5CVSS5.8AI score0.00268EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/23 7:1 p.m.8 views

WordPress myLinksDump plugin <= 1.6 - Authenticated (Administrator+) SQL Injection via 'sort_by' and 'sort_order' Parameters vulnerability

Authenticated Administrator+ SQL Injection via 'sortby' and 'sortorder' Parameters vulnerability discovered by san6051 - PWC in WordPress Plugin myLinksDump versions = 1.6...

7.2CVSS5.9AI score0.00354EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/03/19 8:34 a.m.11 views

CVE-2026-25438

The CVE describes a Reflected XSS in the WordPress Gutenberg Blocks “Unlimited blocks for Gutenberg” plugin, affecting versions up to and including 1.2.8. The root cause is improper neutralization of input during web page generation. The affected component is the WordPress Gutenberg Blocks integr...

7.1CVSS5.9AI score0.00149EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/05 5:54 a.m.5 views

CVE-2026-28104 WordPress Site Suggest plugin <= 1.3.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Aryan Shirani Bid Abadi Site Suggest site-suggest allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Site Suggest: from n/a through = 1.3.9...

5.9AI score0.00242EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/05 5:53 a.m.28 views

CVE-2026-27341 WordPress TopScorer - Sports WordPress Theme theme <= 1.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes TopScorer - Sports WordPress Theme topscorer allows PHP Local File Inclusion.This issue affects TopScorer - Sports WordPress Theme: from n/a through = 1.2...

8.1CVSS0.00415EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/05 5:53 a.m.3 views

CVE-2026-27326 WordPress AC Services | HVAC, Air Conditioning & Heating Company WordPress Theme theme <= 1.2.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes AC Services | HVAC, Air Conditioning & Heating Company WordPress Theme window-ac-services allows PHP Local File Inclusion.This issue affects AC Services | HVAC, Air...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/25 4:6 a.m.7 views

CVE-2026-25501

free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, SMF panics due to nil pointer dereference and the SMF process terminates. This is triggered by a malformed PFCP...

8.7CVSS5.3AI score0.0031EPSS
Exploits1References1
Rows per page
Query Builder