Lucene search
K

11278 matches found

Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-57356 WordPress MC Woocommerce Wishlist plugin <= 1.9.19 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in MC Woocommerce Wishlist = 1.9.19 versions...

7.1CVSS0.00191EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-57348 WordPress Paid Member Subscriptions plugin <= 3.0.4 - Server Side Request Forgery (SSRF) vulnerability

Unauthenticated Server Side Request Forgery SSRF in Paid Member Subscriptions = 3.0.4 versions...

7.2CVSS0.00203EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-42382 WordPress Audrey theme <= 1.5 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Audrey = 1.5 versions...

8.1CVSS0.00303EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-41337

Unauthenticated Broken Access Control in Motors = 5.6.80 versions...

6.5CVSS5.8AI score0.00253EPSS
Exploits0References1
CVE
CVE
added 4 days ago11 views

CVE-2026-27419

CVE-2026-27419 affects WordPress Zegen theme versions

9.9CVSS5.8AI score0.00362EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago6 views

EUVD-2025-210401

Subscriber Sensitive Data Exposure in Corpkit = 1.0.5 versions...

6.5CVSS5.8AI score0.00355EPSS
Exploits0References1
Patchstack
Patchstack
added 4 days ago6 views

WordPress WP EasyCart plugin <= 5.9.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by HaiND in WordPress Plugin WP EasyCart versions = 5.9.1...

8.5CVSS6AI score0.0022EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 4 days ago7 views

WordPress Simple URLs plugin <= 151 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jitlada in WordPress Plugin Simple URLs versions = 151...

5.9CVSS5.8AI score0.00148EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 4 days ago6 views

WordPress Structured Content plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Structured Content versions = 1.7.0...

6.5CVSS5.8AI score0.00139EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 4 days ago6 views

WordPress Livemesh Addons for WPBakery Page Builder plugin <= 3.9.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by timomangcut in WordPress Plugin Livemesh Addons for WPBakery Page Builder versions = 3.9.4...

6.5CVSS5.8AI score0.00139EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 4 days ago5 views

WordPress Mosaic Gallery &#8211; Advanced Gallery plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Mosaic Gallery Advanced Gallery versions = 1.2.0...

6.5CVSS5.8AI score0.00139EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-10104 Product Video Gallery for Woocommerce <= 1.5.1.8 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via custom_thumbnail Parameter

The Product Video Gallery for Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via customthumbnail Parameter in all versions up to, and including, 1.5.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS0.00263EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 4 days ago4 views

CVE-2026-13704

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sequoiaintroductionimage' parameter in all versions up to, and including, 4.16.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.9AI score0.00235EPSS
Exploits0References10
NVD
NVD
added 5 days ago7 views

CVE-2026-12133

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Group Deletion in versions up to, and including, 5.7.8. This is due to a missing capability check in the joomsportseasongroupdel AJAX handler, which only...

4.3CVSS0.0025EPSS
Exploits0References10
Patchstack
Patchstack
added 6 days ago5 views

WordPress Download Manager plugin <= 3.3.60 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by PRISM in WordPress Plugin Download Manager versions = 3.3.60...

6.4CVSS5.8AI score0.00206EPSS
Exploits0References1Affected Software1
CVE
CVE
added 6 days ago14 views

CVE-2026-12560

The Editorial Rating – Product Review & Rating System plugin for WordPress (versions up to 4.0.5) is vulnerable to Stored Cross-Site Scripting via the Link URL field due to insufficient input sanitization and output escaping. Authenticated attackers with administrator-level access can store a pay...

4.4CVSS5.9AI score0.0024EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 6 days ago12 views

PT-2026-53811

Name of the Vulnerable Software and Affected Versions Editorial Rating – Product Review & Rating System versions prior to 4.0.6 Description Insufficient input sanitization and output escaping allow authenticated attackers with administrator-level access and above to perform Stored Cross-Site...

4.4CVSS6.1AI score0.0024EPSS
Exploits0References15
NVD
NVD
added 2026/06/29 6:16 p.m.8 views

CVE-2026-57949

ruoyi-vue-pro through 2026.05, fixed in commit c779a47, contains a missing authorization vulnerability in the CRM module's GET /admin-api/crm/follow-up-record/get endpoint that allows authenticated users to read any follow-up record by iterating sequential numeric IDs. Attackers can exploit this ...

7.1CVSS0.00231EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/29 5:19 p.m.30 views

CVE-2026-57949 ruoyi-vue-pro - Missing Authorization in CRM Follow-up Record GET Endpoint

ruoyi-vue-pro through 2026.05, fixed in commit c779a47, contains a missing authorization vulnerability in the CRM module's GET /admin-api/crm/follow-up-record/get endpoint that allows authenticated users to read any follow-up record by iterating sequential numeric IDs. Attackers can exploit this ...

7.1CVSS0.00231EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/29 5:19 p.m.7 views

EUVD-2026-40166

ruoyi-vue-pro through 2026.05, fixed in commit c779a47, contains a missing authorization vulnerability in the CRM module's GET /admin-api/crm/follow-up-record/get endpoint that allows authenticated users to read any follow-up record by iterating sequential numeric IDs. Attackers can exploit this ...

7.1CVSS5.9AI score0.00231EPSS
Exploits0References3
Rows per page
Query Builder