Lucene search
+L

7 matches found

CVE
CVE
added 2026/07/10 4:31 a.m.9 views

CVE-2026-15296

The CVE-2026-15296 entry identifies a Stored Cross-Site Scripting vulnerability in the affiliate-toolkit – WP Affiliate Plugin with Amazon for WordPress, exploitable via the atkp_product shortcode in all versions

6.4CVSS6.1AI score0.00266EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/07 4:27 a.m.8 views

CVE-2026-4348

The BetterDocs Pro plugin for WordPress is vulnerable to SQL Injection via the getcurrentletterdocs and docssortbyletter AJAX actions in all versions up to, and including, 3.7.0. This is due to the limit POST parameter being interpolated directly into a SQL query string before being passed to...

7.5CVSS5.9AI score0.00395EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/10 7:27 a.m.26 views

CVE-2026-1722 WCFM Marketplace <= 3.7.0 - Insecure Direct Object Reference to Unauthenticated Arbitrary Refund Request Creation

The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0. This is due to the plugin not implementing authorization checks in the wcfm-refund-requests-form AJAX controller. This...

5.3CVSS0.00294EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/11/10 1:21 a.m.9 views

WordPress Groups plugin <= 3.7.0 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by shark3y in WordPress Plugin Groups versions = 3.7.0...

4.3CVSS7AI score0.00214EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-24547

Malicious code in bioql PyPI...

8.8CVSS6.5AI score0.0035EPSS
Exploits0References3
CVE
CVE
added 2025/08/20 8:3 a.m.28 views

CVE-2025-53195

CVE-2025-53195: WordPress JetEngine plugin

6.5CVSS5.9AI score0.0025EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/15 7:17 a.m.4 views

CVE-2025-6184

The Tutor LMS Pro – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter used in the getsubmittedassignments function in all versions up to, and including, 3.7.0 due to insufficient escaping on the user supplied parameter an...

8.8CVSS7.7AI score0.0035EPSS
Exploits0References1
Rows per page
Query Builder