Lucene search
K

36 matches found

EUVD
EUVD
added 2026/06/17 6:35 p.m.12 views

EUVD-2025-210256

Unauthenticated Local File Inclusion in Snow Club = 1.1 versions...

8.1CVSS5.1AI score0.00348EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:19 p.m.9 views

CVE-2025-69173

Unauthenticated Local File Inclusion in Tipsy = 1.1 versions...

8.1CVSS0.00435EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/19 12:6 p.m.9 views

WordPress Amazon Scraper plugin <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Amazon Scraper versions = 1.1...

4.3CVSS5.8AI score0.00191EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/04/08 8:30 a.m.2 views

EUVD-2026-20246

Missing Authorization vulnerability in Pankaj Kumar WpXmas-Snow wpxmas-snow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpXmas-Snow: from n/a through = 1.1...

5.9AI score0.00214EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/05 6:30 a.m.8 views

EUVD-2026-9583

Deserialization of Untrusted Data vulnerability in maximsecudeal Secudeal Payments for Ecommerce secudeal-payments-for-ecommerce allows Object Injection.This issue affects Secudeal Payments for Ecommerce: from n/a through = 1.1...

5.9AI score0.00358EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/28 2:0 p.m.7 views

CVE-2025-14142

The Electric Enquiries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button' parameter of the electric-enquiry shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS6AI score0.0024EPSS
Exploits0References1
CVE
CVE
added 2026/02/20 3:46 p.m.14 views

CVE-2025-69304

CVE-2025-69304 affects WordPress Allmart plugin (allmart-core) up to version 1.1, with an unauthenticated Blind SQL Injection due to improper neutralization of SQL elements. CVSS 3.1 base score 9.3 (CRITICAL). Connected sources confirm the vulnerability description and affected versions, but do n...

9.3CVSS5.8AI score0.00389EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/02/13 10:34 p.m.6 views

WordPress ZoomifyWP Free plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'filename' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'filename' Shortcode Attribute vulnerability discovered by theviper17y in WordPress Plugin ZoomifyWP Free versions = 1.1...

6.4CVSS5.4AI score0.00245EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/01/14 5:28 a.m.30 views

CVE-2025-14502 News and Blog Designer Bundle <= 1.1 - Unauthenticated Local File Inclusion

The News and Blog Designer Bundle plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1 via the template parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution...

9.8CVSS0.01336EPSS
Exploits1References2
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress Webcake plugin <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Settings Update vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Update vulnerability discovered by Legion Hunter in WordPress Plugin Webcake versions = 1.1...

4.3CVSS5.9AI score0.00214EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/10/15 12:24 a.m.5 views

WordPress Dynamically Display Posts plugin <= 1.1 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by dayea song in WordPress Plugin Dynamically Display Posts versions = 1.1...

7.5CVSS8.1AI score0.004EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/09/22 6:24 p.m.2 views

CVE-2025-57985 WordPress Ultimate Watermark Plugin <= 1.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in MantraBrain Ultimate Watermark ultimate-watermark allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Watermark: from n/a through = 1.1...

4.3CVSS5.1AI score0.0023EPSS
Exploits0References1
CVE
CVE
added 2025/09/11 7:24 a.m.25 views

CVE-2025-9860

The WordPress Mixtape plugin is vulnerable to Stored Cross-Site Scripting (XSS) via the mixtape shortcode in all versions up to 1.1. The root cause is insufficient input sanitization and output escaping on user-supplied attributes, enabling authenticated attackers with contributor-level access or...

6.4CVSS4.7AI score0.0018EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/09/02 12:37 p.m.6 views

WordPress Assembly theme <= 1.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Assembly versions = 1.1...

8.1CVSS7AI score0.00445EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2025/08/14 10:34 a.m.1 views

CVE-2025-49433 WordPress Supermalink <= 1.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThanhD Supermalink supermalink allows DOM-Based XSS.This issue affects Supermalink: from n/a through = 1.1...

6.5CVSS5.2AI score0.0019EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/03 1:30 p.m.7 views

CVE-2025-23555 WordPress Ui Slider Filter By Price plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound Ui Slider Filter By Price allows Reflected XSS. This issue affects Ui Slider Filter By Price: from n/a through 1.1...

7.1CVSS7.1AI score0.00342EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/01/18 12:0 a.m.9 views

WordPress EMI Calculator plugin <= 1.1 - Settings Change vulnerability

Settings Change vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin EMI Calculator versions = 1.1...

6.5CVSS7AI score0.00355EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2025/01/16 8:15 p.m.2 views

CVE-2025-23659

Cross-Site Request Forgery CSRF vulnerability in hernanjh MercadoLibre Integration mercadolibre-integration allows Stored XSS.This issue affects MercadoLibre Integration: from n/a through = 1.1...

7.2AI score0.00184EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/01/16 6:42 p.m.3 views

WordPress WP Options Editor plugin <= 1.1 - CSRF to Privilege Escalation vulnerability

CSRF to Privilege Escalation vulnerability discovered by Mika in WordPress Plugin WP Options Editor versions = 1.1...

9.8CVSS7AI score0.00343EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/01/07 12:0 a.m.5 views

WordPress plugin Tock Widget 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

7.1CVSS8.2AI score0.00187EPSS
Exploits0References2
Rows per page
Query Builder