Lucene search
+L

23 matches found

NVD
NVD
added 2026/07/03 6:16 a.m.6 views

CVE-2026-8892

The CM Business Directory – Optimise and showcase local business plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Business Address Meta Fields in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00212EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/06/12 8:31 a.m.11 views

WordPress Fediverse Embeds plugin <= 1.5.7 - Unauthenticated SSRF vulnerability

Unauthenticated SSRF vulnerability discovered by 0xBassia in WordPress Plugin Fediverse Embeds versions = 1.5.7...

7.5CVSS5.2AI score0.00234EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.28 views

CVE-2025-69096 WordPress Zorka theme <= 1.5.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in G5Theme Zorka zorka allows Reflected XSS.This issue affects Zorka: from n/a through = 1.5.7...

7.1CVSS0.0023EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.4 views

PT-2026-27806

CVE-2025-69096 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in G5Theme Zorka zorka allows Reflected XSS.This issue affects Zork… https://t.co/7vIIzsCyr0...

7.1CVSS5.9AI score0.0023EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/21 7:30 p.m.8 views

CVE-2025-69404

Deserialization of Untrusted Data vulnerability in ThemeREX Extreme Store extremestore allows Object Injection.This issue affects Extreme Store: from n/a through = 1.5.10...

9.8CVSS5.9AI score0.00375EPSS
Exploits0References1
CVE
CVE
added 2026/01/23 2:28 p.m.34 views

CVE-2026-24534

CVE-2026-24534 describes a Missing Authorization vulnerability in the uPress Booter plugin, specifically in the booter-bots-crawlers-manager component. Affected versions are Booter up to and including 1.5.7, where incorrectly configured access control security levels can allow unauthorized action...

4.3CVSS5.4AI score0.00235EPSS
Exploits0References1
NVD
NVD
added 2026/01/08 10:15 a.m.3 views

CVE-2026-0676

Missing Authorization vulnerability in G5Theme Zorka zorka allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zorka: from n/a through = 1.5.7...

5.3CVSS0.00229EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/08 9:17 a.m.33 views

CVE-2026-0676 WordPress Zorka theme <= 1.5.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in G5Theme Zorka zorka allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zorka: from n/a through = 1.5.7...

5.3CVSS0.00229EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/07 5:32 p.m.3 views

CVE-2025-53324

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodeYatri Gutenify gutenify allows Stored XSS.This issue affects Gutenify: from n/a through = 1.5.7...

7.1CVSS6AI score0.0021EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-30591

Malicious code in bioql PyPI...

5.9CVSS6.5AI score0.0021EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/24 6:31 p.m.3 views

CVE-2025-58223

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chris Taylor VoucherPress voucherpress allows Stored XSS.This issue affects VoucherPress: from n/a through = 1.5.7...

5.9CVSS5.9AI score0.0021EPSS
Exploits0References1
CVE
CVE
added 2025/09/22 6:23 p.m.8 views

CVE-2025-58223

CVE-2025-58223 describes a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin VoucherPress. Affected: VoucherPress versions from n/a up to and including 1.5.7. The CVE notes an input handling issue during web page generation that enables stored XSS. The vulnerability is rated...

5.9CVSS5.9AI score0.0021EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/28 12:0 a.m.4 views

WordPress plugin Site Offline 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

4.3CVSS6.4AI score0.0022EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/04/03 3:34 p.m.6 views

CVE-2025-31766

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PhotoShelter PhotoShelter for Photographers Blog Feed Plugin photoshelter-official-plugin allows Stored XSS.This issue affects PhotoShelter for Photographers Blog Feed Plugin: from n/a through =...

6.5CVSS7.2AI score0.00331EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/17 12:0 a.m.4 views

WordPress plugin Tube Video Ads Lite 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

7.1CVSS8.1AI score0.00552EPSS
Exploits1References2
OSV
OSV
added 2024/12/13 3:15 p.m.6 views

CVE-2023-35051

Missing Authorization vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Forms by Cimatti: from n/a through 1.5.7...

8.8CVSS5.8AI score0.00541EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2024/12/13 3:15 p.m.5 views

CVE-2023-35051

Missing Authorization vulnerability in cimatti Contact Forms by Cimatti contact-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Forms by Cimatti: from n/a through = 1.5.7...

8.8CVSS5.8AI score0.00541EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/11/20 9:33 a.m.4 views

WordPress Meteor Slides plugin <= 1.5.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by UKO Patchstack Alliance in WordPress Plugin Meteor Slides versions = 1.5.7...

5.9CVSS6.1AI score0.00325EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/10/20 11:15 a.m.3 views

CVE-2024-49274

Cross-Site Request Forgery CSRF vulnerability in Infomaniak Staff VOD Infomaniak allows Cross Site Request Forgery.This issue affects VOD Infomaniak: from n/a through 1.5.7...

8.8CVSS5.8AI score0.00186EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/10/14 1:26 p.m.9 views

WordPress VOD Infomaniak plugin <= 1.5.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin VOD Infomaniak versions = 1.5.7...

8.8CVSS7AI score0.00186EPSS
Exploits0Affected Software1
Rows per page
Query Builder