Lucene search
+L

41 matches found

NVD
NVD
added 3 days ago7 views

CVE-2026-15306

The Product Feed Manager For WooCommerce – Sell on 200+ Online Marketplaces plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via 's' Search Parameter in all versions up to, and including, 7.6.1 due to insufficient input sanitization and output escaping. This makes it possible...

6.1CVSS0.00215EPSS
Exploits0References6
NVD
NVD
added 2026/07/11 5:16 a.m.19 views

CVE-2026-15097

The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'heightslider' Slider Module Field in all versions up to, and including, 7.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00201EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/07/07 8:52 a.m.5 views

WordPress WPJAM Basic plugin <= 7.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by hhhai in WordPress Plugin WPJAM Basic versions = 7.0...

8.8CVSS5.9AI score0.00355EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.39 views

CVE-2026-56057 WordPress Uncanny Automator Pro plugin <= 7.3.0.6 - PHP Object Injection vulnerability

Subscriber PHP Object Injection in Uncanny Automator Pro = 7.3.0.6 versions...

9.8CVSS0.00426EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.8 views

EUVD-2026-39694

Unauthenticated PHP Object Injection in Uncanny Automator = 7.3.1.2 versions...

8.1CVSS5.8AI score0.00317EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:16 p.m.8 views

CVE-2026-40741

Unauthenticated Broken Access Control in Redsys for WooCommerce Light = 7.0.0 versions...

7.5CVSS0.00246EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:16 p.m.8 views

CVE-2026-27333

Unauthenticated Deserialization of untrusted data in Paid Videochat Turnkey Site = 7.3.23 versions...

8.1CVSS0.00317EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:18 p.m.30 views

CVE-2026-40741 WordPress Redsys for WooCommerce Light plugin <= 7.0.0 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Redsys for WooCommerce Light = 7.0.0 versions...

7.5CVSS0.00246EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/19 8:43 p.m.9 views

WordPress Slider Revolution plugin <= 7.0.9 - Unauthenticated Sensitive Information Exposure vulnerability

Unauthenticated Sensitive Information Exposure vulnerability discovered by Nos1x0 in WordPress Plugin Slider Revolution versions = 7.0.9...

5.3CVSS5.8AI score0.00332EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/04/16 5:29 a.m.28 views

CVE-2026-5050

The CVE-2026-5050 entry details a vulnerability in the Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress. Affected versions are up to and including 7.0.0. The root cause is improper verification of cryptographic signatures: successful_request() handlers compute a local signature ...

7.5CVSS5.8AI score0.00206EPSS
Exploits0References2
NVD
NVD
added 2026/03/03 2:16 a.m.9 views

CVE-2026-2269

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.0.0.3 via the downloadurl function. This makes it possible for authenticated attackers, with...

7.2CVSS0.00655EPSS
Exploits0References2
NVD
NVD
added 2026/02/19 9:16 a.m.12 views

CVE-2026-23542

Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Object Injection.This issue affects Grand Restaurant: from n/a through = 7.0.10...

9.8CVSS0.00391EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/01/27 6:13 a.m.14 views

WordPress Hustle plugin <= 7.8.9.2 - Authenticated (Subscriber+) Arbitrary File Upload via Module Import vulnerability

Authenticated Subscriber+ Arbitrary File Upload via Module Import vulnerability discovered by Williwollo CybrX in WordPress Plugin Hustle versions = 7.8.9.2...

7.5CVSS5.9AI score0.00542EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/24 9:8 a.m.7 views

CVE-2026-1189

The LeadBI Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'formid' parameter of the 'leadbiform' shortcode in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

6.4CVSS6AI score0.00192EPSS
Exploits0References5
NVD
NVD
added 2025/12/18 8:16 a.m.7 views

CVE-2025-64206

Deserialization of Untrusted Data vulnerability in TieLabs Jannah jannah allows Object Injection.This issue affects Jannah: from n/a through = 7.6.0...

9.8CVSS0.004EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/18 7:20 a.m.5 views

EUVD-2025-204249

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'eventslistgrouped' shortcode in all versions up to, and including, 7.2.2.1 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS4.7AI score0.0037EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2025/11/21 12:0 a.m.4 views

phpPgAdmin <= 7.13.0 Multiple Vulnerabilities

phpPgAdmin is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phppgadmin:phppgadmin"; if...

6.5CVSS7.8AI score0.0028EPSS
Exploits0References4
CVE
CVE
added 2025/10/30 9:16 p.m.30 views

CVE-2021-4461

CVE-2021-4461 affects Seeyon Zhiyuan OA Web Application System

9.3CVSS6.5AI score0.00602EPSS
In wildExploits0References4
EUVD
EUVD
added 2025/10/27 3:30 a.m.6 views

EUVD-2025-35990

Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through = 7.3.0...

6.5AI score0.00217EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/27 12:0 a.m.5 views

WordPress plugin Coupon Affiliates 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

5.3CVSS6.6AI score0.00249EPSS
Exploits0References1
Rows per page
Query Builder