Lucene search
K

21 matches found

EUVD
EUVD
added 5 days ago6 views

EUVD-2025-210353

Contributor Broken Access Control in Live Copy Paste for Elementor = 1.5.3 versions...

4.3CVSS5.8AI score0.00197EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.9 views

CVE-2026-22332

Unauthenticated SQL Injection in Tutor LMS Pro = 3.9.6 versions...

9.3CVSS0.00283EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 8:57 p.m.20 views

CVE-2025-69159 WordPress Printo theme <= 1.11 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Printo = 1.11 versions...

8.1CVSS0.00435EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/05 3:37 a.m.59 views

CVE-2026-4803 Royal Addons for Elementor <= 1.7.1056 - Unauthenticated Stored Cross-Site Scripting via 'status' Parameter in wpr_update_form_action_meta

The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'status' parameter in the wprupdateformactionmeta AJAX action in all versions up to, and including, 1.7.1056. This is due to insufficient input sanitization and output escaping, combined with a...

7.2CVSS0.00359EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/09 7:23 p.m.7 views

CVE-2026-39659

Missing Authorization vulnerability in Ultimate Member Ultimate Member ultimate-member allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Member: from n/a through = 2.11.3...

5.9AI score0.00037EPSS
Exploits0References1
NVD
NVD
added 2026/03/05 6:16 a.m.5 views

CVE-2026-27358

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Architecturer architecturer allows Reflected XSS.This issue affects Architecturer: from n/a through 3.9.5...

7.1CVSS0.0018EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/23 9:15 p.m.3 views

CVE-2026-22466

Missing Authorization vulnerability in Chandni Patel WP MapIt wp-mapit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP MapIt: from n/a through = 3.0.3...

4.3CVSS5.4AI score0.00185EPSS
Exploits0References1
OSV
OSV
added 2025/12/24 1:16 p.m.2 views

CVE-2025-68494

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Premium Addons for Elementor: from n/a through = 4.11.53...

7.5CVSS5.8AI score0.00305EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/18 7:22 a.m.29 views

CVE-2025-66088 WordPress PropertyHive plugin <= 2.1.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in Property Hive PropertyHive propertyhive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through = 2.1.12...

7.5CVSS0.0023EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/18 7:22 a.m.2 views

EUVD-2025-204134

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Rare Radio rareradio allows PHP Local File Inclusion.This issue affects Rare Radio: from n/a through = 1.0.15.1...

8.2CVSS6.6AI score0.00415EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/02 12:0 a.m.4 views

PT-2025-48609

The BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘timestamp’ attribute in all versions up to, and including, 2.2.13 due to insufficient input sanitization and...

6.4CVSS4.9AI score0.00156EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/11 3:30 a.m.7 views

CVE-2025-11999 Add Multiple Marker <= 1.2 - Missing Authorization to Unauthenticated Settings Update

The Add Multiple Marker plugin for WordPress is vulnerable to unauthorized modification of data to due to a missing capability check on the addmultiplemarkerresetmap and ammsavemapapi functions in all versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to upda...

5.3CVSS0.00241EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/27 3:30 a.m.4 views

EUVD-2025-36028

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rock Content Rock Convert rock-convert allows Stored XSS.This issue affects Rock Convert: from n/a through = 3.0.1...

5.5AI score0.00186EPSS
Exploits0References2
OSV
OSV
added 2025/10/19 7:8 p.m.4 views

JLSEC-2025-105 FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_pa...

FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645parse because allocrbspbuffer in libavcodec/h2645parse.c mishandles rbspbuffer...

8.8CVSS7AI score0.02024EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/10/16 12:0 a.m.5 views

Ilevia EVE X1 Server 安全漏洞

Ilevia EVE X1 Server is a smart home and building automation from Ilevia, Italy. A security vulnerability exists in Ilevia EVE X1 Server version 4.7.18.0.eden and prior versions, which stems from storing passwords using the unsalted MD5 hash algorithm, which could lead to an offline dictionary...

8.2CVSS6.6AI score0.0028EPSS
Exploits2References3
CVE
CVE
added 2025/09/22 6:23 p.m.9 views

CVE-2025-58237

CVE-2025-58237: LC Wizard (Connector Wizard) for WordPress has a stored XSS in LC Wizard/Connector Wizard up to version 1.4.0 (initial cites 1.3.0). Root cause: improper input neutralization during web page generation. Affected plugin: Connector Wizard (formerly LC Wizard); vulnerability context ...

6.5CVSS5.9AI score0.00196EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-21662

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users like author ...

8CVSS6.7AI score0.63418EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 5:17 a.m.4 views

CVE-2023-30747

Unauth. Reflected Cross-Site Scripting XSS vulnerability in WPGem WooCommerce Easy Duplicate Product plugin = 0.3.0.0 versions...

7.1CVSS5.8AI score0.00379EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/09/01 12:0 a.m.5 views

PT-2024-34307 · Unknown · Fluent Forms

Name of the Vulnerable Software and Affected Versions: Fluent Forms versions up to, and including, 5.1.18 Description: The issue is related to an insufficient capability check on the verifyRequest function, allowing Form Managers with a Subscriber-level access and above to modify the Mailchimp AP...

4.3CVSS6.7AI score0.00402EPSS
Exploits0References21
OSV
OSV
added 2023/10/03 10:15 a.m.3 views

CVE-2023-38381

Cross-Site Request Forgery CSRF vulnerability in Cyle Conoly WP-FlyBox plugin = 6.46 versions...

8.8CVSS7.3AI score0.00208EPSS
Exploits0References1
Rows per page
Query Builder