Lucene search
K

133 matches found

Cvelist
Cvelist
added 10 hours ago6 views

CVE-2026-57669 WordPress Advanced Contact form 7 DB plugin <= 2.0.9 - Broken Access Control vulnerability

Subscriber Broken Access Control in Advanced Contact form 7 DB = 2.0.9 versions...

6.5CVSS
Exploits0References1
CVE
CVE
added 6 days ago10 views

CVE-2025-63078

The CVE-2025-63078 entry concerns the WordPress plugin “Restaurant Menu by MotoPress” (MotoPress) &lt;= 2.4.11. Affected component is the plugin’s access control mechanism, with root cause described as Broken Access Control. The vulnerability is reported to affect users of the plugin in WordPress...

4.3CVSS5.8AI score0.00243EPSS
Exploits0References1
Patchstack
Patchstack
added 6 days ago5 views

WordPress Fluent Booking plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Tarcísio LuchesiPoystick in WordPress Plugin Fluent Booking versions = 2.1.0...

6.5CVSS5.8AI score0.00161EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/25 2:16 p.m.4 views

CVE-2026-54838

Subscriber SQL Injection in WC Vendors Marketplace = 2.6.8 versions...

8.5CVSS0.0027EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.8 views

CVE-2026-39595

Author Broken Access Control in W3 Total Cache = 2.9.1 versions...

4.7CVSS0.0021EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.8 views

PT-2026-50105

Unauthenticated Local File Inclusion in Mr. SEO = 2.0 versions...

8.1CVSS5.2AI score0.00423EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/10 2:37 p.m.8 views

WordPress WP Migrate Lite plugin <= 2.7.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin WP Migrate Lite versions = 2.7.8...

4.7CVSS5.3AI score0.00116EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.22 views

PT-2026-47074

Name of the Vulnerable Software and Affected Versions WP User Manager – User Profile Builder & Membership versions prior to 2.9.18 Description The plugin is susceptible to Local File Inclusion, a condition where an application includes files on a local server unexpectedly. This occurs through the...

7.5CVSS6AI score0.02403EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.17 views

PT-2026-44208

The 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS5.9AI score0.00232EPSS
Exploits0References9
NVD
NVD
added 2026/05/27 7:16 a.m.22 views

CVE-2026-8873

The Content Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level acces...

6.4CVSS0.00187EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/20 1:25 a.m.40 views

CVE-2026-8685 Infility Global <= 2.15.16 - Authenticated (Subscriber+) SQL Injection via 'orderby' Parameter

The Infility Global plugin for WordPress is vulnerable to SQL Injection via the 'orderby' and 'order' parameters in all versions up to, and including, 2.15.16. This is due to insufficient escaping on user supplied parameters and lack of sufficient preparation on the existing SQL query within the...

6.5CVSS0.00359EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/05/07 8:36 a.m.13 views

WordPress PDF Poster plugin <= 2.4.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin PDF Poster versions = 2.4.1...

5.3CVSS5.8AI score0.00182EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/04/19 10:0 p.m.40 views

CVE-2026-6579 liangliangyy DjangoBlog Clean Endpoint views.py missing authentication

A weakness has been identified in liangliangyy DjangoBlog up to 2.1.0.0. This impacts an unknown function of the file blog/views.py of the component Clean Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made available to the...

6.9CVSS0.00433EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.5 views

PT-2026-33255

In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint...

4.3CVSS5.8AI score0.00317EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/15 10:21 a.m.6 views

CVE-2026-40744

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Blind SQL Injection.This issue affects Beaver Builder: from n/a through = 2.10.1.2...

5.9AI score0.0022EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/08 8:30 a.m.2 views

CVE-2026-39487

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ameliabooking Amelia ameliabooking allows Blind SQL Injection.This issue affects Amelia: from n/a through = 2.1.1...

5.9AI score0.00271EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/04/07 1:59 p.m.115 views

Exploit for CVE-2026-5465

CVE-2026-5465: Privilege Escalation en Plugin Amelia WordPress...

8.8CVSS5.9AI score0.00632EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/04/04 11:16 a.m.2 views

CVE-2025-14938

The Listeo Core plugin for WordPress is vulnerable to unauthenticated arbitrary media upload in all versions up to, and including, 2.0.27 via the "listeocorehandledroppedmedia" function. This is due to missing authorization and capability checks on the AJAX endpoint handling file uploads. This...

5.3CVSS6.1AI score0.00304EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/03/25 12:11 p.m.6 views

WordPress Amelia plugin <= 2.1.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Amelia versions = 2.1.1...

7.6CVSS5.9AI score0.00271EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.7 views

PT-2026-27870

Name of the Vulnerable Software and Affected Versions NooTheme Organici Library versions through 2.1.2 Description The NooTheme Organici Library contains a flaw related to improper neutralization of special elements within SQL commands, leading to a Blind SQL Injection issue. This allows for...

8.5CVSS5.9AI score0.00253EPSS
Exploits0References3
Rows per page
Query Builder