Lucene search
+L

40 matches found

CVE
CVE
added 2026/07/03 2:9 p.m.25 views

CVE-2026-14459

Vulnerability: TUBITAK BILGEM pardus-software suffers an argument injection due to improper neutralization of command delimiters. Affects pardus-software

8.8CVSS5.9AI score0.00198EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/17 9:50 a.m.34 views

CVE-2026-22327 WordPress Restaurt theme <= 1.0.4 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in Restaurt = 1.0.4 versions...

9.9CVSS0.00465EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 9:30 p.m.9 views

EUVD-2025-210158

Administrator Server Side Request Forgery SSRF in PopAd = 1.0.4 versions...

4.4CVSS5.2AI score0.00168EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 9:16 p.m.9 views

CVE-2025-60175

Administrator Server Side Request Forgery SSRF in PopAd = 1.0.4 versions...

4.4CVSS0.00168EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/09 2:25 a.m.1 views

CVE-2026-3574

The Experto Dashboard for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings fields including 'Navigation Font Size', 'Navigation Font Weight', 'Heading Font Size', 'Heading Font Weight', 'Text Font Size', and 'Text Font Weight' in all versions...

4.4CVSS6AI score0.00207EPSS
Exploits0References7
EUVD
EUVD
added 2026/03/25 6:31 p.m.6 views

EUVD-2026-15709

Path Traversal: '.../...//' vulnerability in Snowray Software File Uploader for WooCommerce file-uploader-for-woocommerce allows Path Traversal.This issue affects File Uploader for WooCommerce: from n/a through = 1.0.4...

5.8AI score0.00431EPSS
Exploits0References2
NVD
NVD
added 2026/03/25 5:17 p.m.4 views

CVE-2026-32520

Incorrect Privilege Assignment vulnerability in Andrew Munro / AffiliateWP RewardsWP rewardswp allows Privilege Escalation.This issue affects RewardsWP: from n/a through = 1.0.4...

9.8CVSS0.00321EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.27 views

CVE-2026-25397 WordPress File Uploader for WooCommerce plugin <= 1.0.4 - Path Traversal vulnerability

Path Traversal: '.../...//' vulnerability in Snowray Software File Uploader for WooCommerce file-uploader-for-woocommerce allows Path Traversal.This issue affects File Uploader for WooCommerce: from n/a through = 1.0.4...

7.5CVSS0.00431EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.5 views

PT-2026-28034

Incorrect Privilege Assignment vulnerability in Andrew Munro / AffiliateWP RewardsWP rewardswp allows Privilege Escalation.This issue affects RewardsWP: from n/a through = 1.0.4...

5.8AI score0.00321EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.5 views

PT-2026-27936

Name of the Vulnerable Software and Affected Versions File Uploader for WooCommerce versions through 1.0.4 Description The File Uploader for WooCommerce software contains a path traversal flaw. The issue is due to insufficient sanitization of user-supplied input, specifically allowing the use of...

7.5CVSS5.9AI score0.00431EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/03/20 5:52 p.m.12 views

WordPress RewardsWP plugin <= 1.0.4 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by daroo in WordPress Plugin RewardsWP versions = 1.0.4...

9.8CVSS5.8AI score0.00321EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/18 11:36 p.m.7 views

WordPress Advance Block Extend plugin <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via TitleColor Block Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via TitleColor Block Attribute vulnerability discovered by WordFence in WordPress Plugin Advance Block Extend versions = 1.0.4...

6.4CVSS5.5AI score0.00228EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 11:36 a.m.6 views

WordPress Shortcodes for Elementor plugin <= 1.0.4 - Authenticated (Contributor+) Post Disclosure vulnerability

Authenticated Contributor+ Post Disclosure vulnerability discovered by Francesco Carlucci in WordPress Plugin Shortcodes for Elementor versions = 1.0.4...

4.3CVSS5.3AI score0.00294EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/12/31 6:32 p.m.29 views

CVE-2025-66151 WordPress Countdowner for Elementor plugin <= 1.0.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Countdowner for Elementor countdowner-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Countdowner for Elementor: from n/a through = 1.0.4...

5.4CVSS0.00173EPSS
Exploits0References1
CVE
CVE
added 2025/12/31 4:29 p.m.10 views

CVE-2025-62083

CVE-2025-62083 affects BoomDevs WordPress Coming Soon Plugin (

4.3CVSS5.9AI score0.00241EPSS
Exploits0References1
CVE
CVE
added 2025/12/31 4:27 p.m.11 views

CVE-2025-62115

Technical details for CVE-2025-62115 are not provided in the supplied documents. Monitor for updates from official advisories or vulnerability databases for affected products, versions, impact, and remediation.

4.3CVSS5.9AI score0.00198EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress Simple Video Management System plugin <= 1.0.4 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Simple Video Management System versions = 1.0.4...

6.1CVSS5.5AI score0.00347EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/12/02 7:27 p.m.19 views

CVE-2025-13542 DesignThemes LMS <= 1.0.4 - Unauthenticated Privilege Escalation

The DesignThemes LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.4. This is due to the 'dtlmsregisteruserfrontend' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to...

9.8CVSS0.00322EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/11 3:30 a.m.9 views

CVE-2025-11822 WP Bootstrap Tabs <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WP Bootstrap Tabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bootstraptab' shortcode in all versions up to, and including, 1.0.4. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00265EPSS
Exploits0References3
NVD
NVD
added 2025/10/29 10:15 a.m.18 views

CVE-2015-10146

The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...

4.9CVSS0.0027EPSS
Exploits0References2
Rows per page
Query Builder