Lucene search
K

271 matches found

EUVD
EUVD
added 2026/05/05 3:31 a.m.8 views

EUVD-2026-27207

The Publish 2 Ping.fm plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the '/wp-admin/options-general.php?page=admin.php' page. This makes it possible for unauthenticated attackers t...

6.1CVSS5.7AI score0.0012EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/05 2:26 a.m.6 views

CVE-2026-6701

The addfreespace plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scrip...

4.3CVSS5.7AI score0.00158EPSS
Exploits0References12
Kaspersky
Kaspersky
added 2026/04/28 12:0 a.m.9 views

KLA91011 DoS vulnerability in Microsoft Browser

Denial of service vulnerability was found in Microsoft Browser. Malicious users can exploit this vulnerability to cause denial of service. Original advisories CVE-2026-6920 Exploitation Related products Microsoft-Edge CVE list CVE-2026-6920 critical Solution Install necessary updates from the...

9.6CVSS5.3AI score0.00211EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/14 3:30 p.m.7 views

EUVD-2026-22269

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to arbitrary code execution RCE via /scheduler/classes/SystemSettings.php?f=updatesettings...

2.7CVSS6.3AI score0.00239EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/14 12:0 a.m.3 views

CVE-2026-37598

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to arbitrary code execution RCE via /scheduler/classes/SystemSettings.php?f=updatesettings...

6.3AI score0.00239EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/14 12:0 a.m.28 views

CVE-2026-37598

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to arbitrary code execution RCE via /scheduler/classes/SystemSettings.php?f=updatesettings...

0.00239EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/14 12:0 a.m.2 views

CVE-2026-37598

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to arbitrary code execution RCE via /scheduler/classes/SystemSettings.php?f=updatesettings...

6.3AI score0.00239EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.6 views

PT-2026-32639

CVE-2026-37598 SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to arbitrary code execution RCE via /scheduler/classes/SystemSettings.php?f=update settings. https://t.co/fzop5JczL7...

2.7CVSS6.4AI score0.00239EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.21 views

WordPress plugin Link Whisper Free 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.8AI score0.00186EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/31 11:18 a.m.1 views

CVE-2026-3191

The Minify HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.12. This is due to missing or incorrect nonce validation on the 'minifyhtmlmenuoptions' function. This makes it possible for unauthenticated attackers to update plugin settin...

5.4CVSS5.8AI score0.00154EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/26 3:1 p.m.3 views

CVE-2026-1993

The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Improper Privilege Management in versions 7.1.0 through 9.0.2. This is due to the updatesettings function accepting arbitrary plugin setting names without a whitelist of allowed settings. This makes it possible fo...

8.8CVSS6AI score0.0038EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/23 6:5 p.m.7 views

WordPress Punnel plugin <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Settings Update via 'punnel_save_config' AJAX Action vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Update via 'punnelsaveconfig' AJAX Action vulnerability discovered by Poli - CMC Global in WordPress Plugin Punnel – Landing Page Builder versions = 1.3.1...

5.3CVSS5.8AI score0.00292EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/21 3:26 a.m.1 views

CVE-2026-1392

The SR WP Minify HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing nonce validation on the srminifyhtmltheme function. This makes it possible for unauthenticated attackers to update plugin settings via a forged...

4.3CVSS5.7AI score0.0014EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.8 views

WordPress plugin Group Chat & Video Chat by AtomChat 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00285EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.10 views

PT-2026-26808

The SR WP Minify HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing nonce validation on the sr minify html theme function. This makes it possible for unauthenticated attackers to update plugin settings via a forg...

4.3CVSS5.7AI score0.0014EPSS
Exploits0References4
Kaspersky
Kaspersky
added 2026/03/12 12:0 a.m.4 views

KLA90937 OSI vulnerability in Microsoft Browser

An information disclosure vulnerability was found in Microsoft Browser. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories CVE-2026-26133 Exploitation Related products Microsoft-Edge CVE list CVE-2026-26133 high Solution Install necessary updates...

7.1CVSS5.8AI score0.00433EPSS
Exploits0References3
NVD
NVD
added 2026/03/11 10:16 a.m.6 views

CVE-2026-1993

The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Improper Privilege Management in versions 7.1.0 through 9.0.2. This is due to the updatesettings function accepting arbitrary plugin setting names without a whitelist of allowed settings. This makes it possible fo...

8.8CVSS0.0038EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/11 9:25 a.m.2 views

CVE-2026-1993 ExactMetrics 7.1.0 - 9.0.2 - Authenticated (Custom) Improper Privilege Management to Role Privilege Escalation via Settings Update

The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Improper Privilege Management in versions 7.1.0 through 9.0.2. This is due to the updatesettings function accepting arbitrary plugin setting names without a whitelist of allowed settings. This makes it possible fo...

8.8CVSS5.9AI score0.0038EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/11 9:25 a.m.28 views

CVE-2026-1993 ExactMetrics 7.1.0 - 9.0.2 - Authenticated (Custom) Improper Privilege Management to Role Privilege Escalation via Settings Update

The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Improper Privilege Management in versions 7.1.0 through 9.0.2. This is due to the updatesettings function accepting arbitrary plugin setting names without a whitelist of allowed settings. This makes it possible fo...

8.8CVSS0.0038EPSS
Exploits0References5
CVE
CVE
added 2026/03/11 9:25 a.m.17 views

CVE-2026-1993

CVE-2026-1993 describes an vulnerability in the ExactMetrics – Google Analytics Dashboard for WordPress plugin. Affected versions 7.1.0 through 9.0.2 suffer from Improper Privilege Management: the update_settings() function accepts arbitrary plugin setting names without a whitelist of allowed nam...

8.8CVSS5.9AI score0.0038EPSS
Exploits0References5
Rows per page
Query Builder