Lucene search
K

107 matches found

Patchstack
Patchstack
added yesterday6 views

WordPress WP EasyCart plugin <= 5.9.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by HaiND in WordPress Plugin WP EasyCart versions = 5.9.0...

8.5CVSS5.8AI score
Exploits0Affected Software1
NVD
NVD
added 2 days ago6 views

CVE-2026-12133

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Group Deletion in versions up to, and including, 5.7.8. This is due to a missing capability check in the joomsportseasongroupdel AJAX handler, which only...

4.3CVSS0.0025EPSS
Exploits0References10
Patchstack
Patchstack
added 4 days ago4 views

WordPress Tourmaster plugin <= 5.4.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Tourmaster versions = 5.4.5...

7.5CVSS5.8AI score
Exploits0Affected Software1
NVD
NVD
added 6 days ago14 views

CVE-2026-11987

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.4 via the 'id' parameter due to missing validation on a user controlled key. This...

4.3CVSS0.00271EPSS
Exploits0References14
NVD
NVD
added 2026/06/26 3:16 p.m.5 views

CVE-2026-52701

Unauthenticated Broken Access Control in User Registration = 5.2.2 versions...

6.5CVSS0.00194EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.8 views

CVE-2026-56030

CVE-2026-56030 affects WordPress Paytium plugin (versions

9.8CVSS5.8AI score0.00331EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.13 views

CVE-2026-52701

CVE-2026-52701 is an unauthenticated broken access control vulnerability affecting WordPress User Registration plugin versions

6.5CVSS5.8AI score0.00194EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 9:30 p.m.10 views

EUVD-2026-36989

Subscriber Broken Authentication in AutomatorWP = 5.6.7 versions...

7.1CVSS5.2AI score0.00385EPSS
Exploits0References2
CVE
CVE
added 2026/06/15 8:19 p.m.15 views

CVE-2026-52697

CVE-2026-52697 affects the WordPress Taskbuilder plugin (versions &lt;= 5.0.7). The vulnerability is an SQL Injection in the Taskbuilder component, with CVSSv3.1 metrics indicating a high-severity issue (8.5) that is network-exploitable, requires low privileges, and does not require user interact...

8.5CVSS5.7AI score0.00339EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:18 p.m.27 views

CVE-2026-40785 WordPress AutomatorWP plugin <= 5.6.7 - Broken Authentication vulnerability

Subscriber Broken Authentication in AutomatorWP = 5.6.7 versions...

7.1CVSS0.00385EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.10 views

PT-2026-49516

Name of the Vulnerable Software and Affected Versions Dokan versions prior to 5.0.3 Description A privilege escalation issue exists that allows a user with customer privileges to gain higher access levels. Recommendations Update to a version later than 5.0.2...

8.8CVSS5.9AI score0.00283EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/13 4:17 a.m.7 views

CVE-2026-11769 Operator - Namespaced User Path Traversal

We have released version 5.24.0 of the Grafana Operator. This patch includes a CRITICAL severity security fix for a path traversal/privilege escalation vulnerability in the Grafana Operator. Summary The Grafana Operator supports loading dashboards & library panels using the jsonnet data templatin...

6.4CVSS5.5AI score0.00361EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2026/06/11 12:0 a.m.58 views

📄 Craft CMS 5.9.5 Missing Authorization / Authentication Bypass

This script is an assessment and exploitation framework targeting a missing authorization vulnerability in affected versions of Craft CMS that may permit unauthorized access to privileged migration functionality. Versions 5.9.5 and below are affected...

7.3CVSS5.5AI score0.00283EPSS
Exploits3
CVE
CVE
added 2026/06/10 7:50 a.m.24 views

CVE-2026-8853

The CVE-2026-8853 entry concerns the WordPress plugin MW WP Form (versions up to and including 5.1.3) with a Stored Cross-Site Scripting vulnerability via the memo parameter. The root cause is insufficient input sanitization and output escaping, enabling authenticated attackers with editor-level ...

4.4CVSS5.7AI score0.00201EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/06/01 2:41 p.m.8 views

WordPress MW WP Form plugin <= 5.1.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by VanTastic in WordPress Plugin MW WP Form versions = 5.1.3...

7.1CVSS5.8AI score0.00175EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/05/28 5:0 a.m.28 views

CVE-2026-9673

CVE-2026-9673 affects json-2-csv versions 3.15.0 and earlier up to 5.5.11, vulnerable to CSV Injection via the preventCsvInjection option, which can be bypassed. An attacker can inject formulas into CSV files that execute when opened in spreadsheet apps. The SNYK entry describes a PoC and recomme...

7CVSS5.9AI score0.00166EPSS
Exploits0References5
NVD
NVD
added 2026/05/21 10:16 p.m.13 views

CVE-2026-6960

The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpressvalidatesubmittedbookingformfunc' function in all versions up to, and including, 5.6. This makes it possible for unauthenticated attackers to upload arbitrary...

9.8CVSS0.00672EPSS
Exploits1References2
Patchstack
Patchstack
added 2026/05/14 10:33 a.m.14 views

WordPress InfusedWoo Pro plugin <= 5.1.2 - Authenticated (Subscriber+) Missing Authorization to Privilege Escalation vulnerability

Authenticated Subscriber+ Missing Authorization to Privilege Escalation vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin InfusedWoo Pro versions = 5.1.2...

8.8CVSS5.8AI score0.0029EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/13 1:27 p.m.42 views

EUVD-2026-29954

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the pminviteuser function in all versions up to, and including, 5.9.8.4. This makes it possible for authenticated attackers, with Subscriber-level...

7.1CVSS5.8AI score0.00219EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/05/01 9:15 a.m.8 views

WordPress WP fail2ban – Advanced Security plugin <= 5.3.4 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin WP fail2ban versions = 5.3.4...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder