Lucene search
K

22 matches found

EUVD
EUVD
added 2026/03/25 6:31 p.m.3 views

EUVD-2026-15606

Missing Authorization vulnerability in activity-log.com WP System Log winterlock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP System Log: from n/a through = 1.2.7...

5.8AI score0.00363EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/13 9:31 p.m.3 views

EUVD-2026-11880

Missing Authorization vulnerability in raratheme Book Landing Page book-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Book Landing Page: from n/a through = 1.2.7...

5.3CVSS5.8AI score0.00224EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/19 8:27 a.m.37 views

CVE-2026-25399 WordPress Serious Slider plugin <= 1.2.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in CryoutCreations Serious Slider cryout-serious-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Serious Slider: from n/a through = 1.2.7...

4.3CVSS0.0024EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.12 views

PT-2026-20729

Missing Authorization vulnerability in CryoutCreations Serious Slider cryout-serious-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Serious Slider: from n/a through = 1.2.7...

5.5AI score0.0024EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/01/30 3:52 a.m.6 views

WordPress Serious Slider plugin <= 1.2.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Serious Slider versions = 1.2.7...

4.3CVSS5.4AI score0.0024EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/23 9:16 p.m.4 views

CVE-2025-68986

Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Miion miion allows Upload a Web Shell to a Web Server.This issue affects Miion: from n/a through = 1.2.7...

9.9CVSS5.4AI score0.00434EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/23 2:28 p.m.4 views

CVE-2026-24535 WordPress Automatic Featured Images from Videos plugin <= 1.2.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic Featured Images from Videos: from n/a through = 1.2.7...

4.3CVSS5.9AI score0.00201EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/22 4:52 p.m.3 views

CVE-2025-68986

Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Miion miion allows Upload a Web Shell to a Web Server.This issue affects Miion: from n/a through = 1.2.7...

9.9CVSS5.4AI score0.00434EPSS
Exploits0References2
NVD
NVD
added 2025/12/24 1:16 p.m.7 views

CVE-2025-68513

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in boldthemes Bold Timeline Lite bold-timeline-lite allows Stored XSS.This issue affects Bold Timeline Lite: from n/a through = 1.2.7...

6.5CVSS0.00135EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/18 4:49 p.m.29 views

CVE-2025-62998 WordPress WP AI CoPilot plugin <= 1.2.7 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in WP Messiah WP AI CoPilot ai-co-pilot-for-wp allows Retrieve Embedded Sensitive Data.This issue affects WP AI CoPilot: from n/a through = 1.2.7...

5CVSS0.0018EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/09 6:30 p.m.6 views

EUVD-2025-202009

Insertion of Sensitive Information Into Sent Data vulnerability in WP Messiah WP AI CoPilot ai-co-pilot-for-wp allows Retrieve Embedded Sensitive Data.This issue affects WP AI CoPilot: from n/a through = 1.2.7...

6.4AI score0.00223EPSS
Exploits0References2
CVE
CVE
added 2025/12/09 2:52 p.m.11 views

CVE-2025-62994

CVE-2025-62994 relates to the WordPress plugin WP AI CoPilot (ai-co-pilot-for-wp) with versions up to and including 1.2.7. The issue is described as an insertion of sensitive information into sent data, enabling retrieval of embedded sensitive data (information disclosure). The CVSS 3.1 vector in...

4.3CVSS6.5AI score0.00223EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/08 3:10 p.m.7 views

WordPress WP AI CoPilot plugin <= 1.2.7 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by benzdeus in WordPress Plugin WP AI CoPilot versions = 1.2.7...

5CVSS6.7AI score0.0018EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2025/11/27 6:42 a.m.14 views

CVE-2025-13157 QODE Wishlist for WooCommerce <= 1.2.7 - Unauthenticated Insecure Direct Object Reference to Wishlist Update

The QODE Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.7 via the 'qodewishlistforwoocommercewishlisttableitemcallback' function due to missing validation on a user controlled key. This makes it possible fo...

5.3CVSS0.00229EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/07/16 11:27 a.m.7 views

CVE-2025-52787 WordPress Tennis Court Bookings plugin <= 1.2.7 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in EZiHosting Tennis Court Bookings allows Reflected XSS. This issue affects Tennis Court Bookings: from n/a through 1.2.7...

7.1CVSS6.5AI score0.00191EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 11:34 a.m.5 views

CVE-2025-22579

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Arefly WP Header Notification wp-header-notification allows Stored XSS.This issue affects WP Header Notification: from n/a through = 1.2.7...

5.9CVSS7.2AI score0.00214EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:39 a.m.11 views

CVE-2024-47630

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Stored XSS.This issue affects ElementInvader Addons for Elementor: from n/a through = 1.2.7...

6.5CVSS5.9AI score0.00241EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/02/03 4:12 p.m.5 views

WordPress BookPress – For Book Authors Plugin <= 1.2.7 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Phat RiO - Fore-Z co.ltd in WordPress Plugin BookPress – For Book Authors versions = 1.2.7...

7.1CVSS6.2AI score0.00144EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/02/02 4:8 p.m.4 views

WordPress BookPress – For Book Authors Plugin <= 1.2.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - Fore-Z co.ltd in WordPress Plugin BookPress – For Book Authors versions = 1.2.7...

9.8CVSS7AI score0.0045EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/12/09 1:15 p.m.5 views

CVE-2023-28688

Cross-Site Request Forgery CSRF vulnerability in ThemeHunk TH Variation Swatches allows Cross Site Request Forgery.This issue affects TH Variation Swatches: from n/a through 1.2.7...

5.4CVSS5.8AI score0.00194EPSS
Exploits0References1
Rows per page
Query Builder