Lucene search
K

265 matches found

EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42686

The UsersWP plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 1.2.65. This is due to insufficient validation of file-field values in the UsersWPValidation::validatefields function which falls through to sanitizetextfield for fields of type 'file',...

8.8CVSS6AI score0.00525EPSS
Exploits0References8
NVD
NVD
added 6 days ago8 views

CVE-2026-11571

The Everest Forms WordPress plugin before 3.5.0 does not reliably delete temporary CSV files generated during email-notification processing and leaves them publicly accessible in the uploads directory, allowing unauthenticated attackers to retrieve other users' form submission records via...

7.5CVSS0.00256EPSS
Exploits0References1
CVE
CVE
added 6 days ago10 views

CVE-2026-11571

The CVE concerns the Everest Forms WordPress plugin prior to version 3.5.0. It does not reliably delete temporary CSV files created during email-notification processing, leaving them publicly accessible in the uploads directory. This enables unauthenticated attackers to retrieve other users’ form...

7.5CVSS6AI score0.00256EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42508

The Everest Forms WordPress plugin before 3.5.0 does not reliably delete temporary CSV files generated during email-notification processing and leaves them publicly accessible in the uploads directory, allowing unauthenticated attackers to retrieve other users' form submission records via...

7.5CVSS6AI score0.00256EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-11571 Everest Forms < 3.5.0 - Unauthenticated Sensitive Information Exposure via Residual CSV Artifacts

The Everest Forms WordPress plugin before 3.5.0 does not reliably delete temporary CSV files generated during email-notification processing and leaves them publicly accessible in the uploads directory, allowing unauthenticated attackers to retrieve other users' form submission records via...

0.00256EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/07 1:32 p.m.6 views

EUVD-2026-42041

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Arbitrary File Write in versions up to and including 1.1.12. This is due to unsafe ZIP file extraction in the ampforwpsavelocalfont function combined with inadequate cleanup that fails to remove nested directories and...

7.5CVSS6.7AI score0.00646EPSS
Exploits0References10
NVD
NVD
added 2026/07/07 6:16 a.m.9 views

CVE-2026-10834

The WP Travel Engine WordPress plugin before 6.8.1 does not properly validate the source of a user-supplied profile image path before moving the file, allowing authenticated users with subscriber-level access and above to relocate arbitrary files within the WordPress uploads directory into their...

4.6CVSS0.00142EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/07 6:0 a.m.36 views

CVE-2026-10834 WP Travel Engine < 6.8.1 - Subscriber+ Arbitrary Media File Move via user_profile_image

The WP Travel Engine WordPress plugin before 6.8.1 does not properly validate the source of a user-supplied profile image path before moving the file, allowing authenticated users with subscriber-level access and above to relocate arbitrary files within the WordPress uploads directory into their...

0.00142EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/07 6:0 a.m.7 views

EUVD-2026-42010

The WP Travel Engine WordPress plugin before 6.8.1 does not properly validate the source of a user-supplied profile image path before moving the file, allowing authenticated users with subscriber-level access and above to relocate arbitrary files within the WordPress uploads directory into their...

6AI score0.00142EPSS
Exploits0References1
CVE
CVE
added 2026/07/07 6:0 a.m.18 views

CVE-2026-10834

The CVE covers the WP Travel Engine WordPress plugin (pre-6.8.1) where input validation for a user-supplied profile image path is insufficient before the file is moved. The vulnerability allows authenticated users with subscriber-level access or higher to relocate arbitrary files within the WordP...

4.6CVSS6AI score0.00142EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.9 views

PT-2026-56146

Name of the Vulnerable Software and Affected Versions WP Travel Engine versions prior to 6.8.1 Description Authenticated users with subscriber-level access and above can relocate arbitrary files within the WordPress uploads directory into their own profile-image path. This occurs because the plug...

4.6CVSS6.2AI score0.00142EPSS
Exploits0References5
NVD
NVD
added 2026/07/02 1:17 p.m.12 views

CVE-2026-5524

The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and including 5.1.8. This is due to insufficient file extension validation in the doimageupload function where user-supplied input from the acceptFileTypes POST...

9.8CVSS0.00542EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 12:34 p.m.8 views

EUVD-2026-41368

The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and including 5.1.8. This is due to insufficient file extension validation in the doimageupload function where user-supplied input from the acceptFileTypes POST...

9.8CVSS6AI score0.00542EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 3:43 a.m.7 views

EUVD-2026-40895

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.7.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS5.9AI score0.00272EPSS
Exploits0References10
CVE
CVE
added 2026/07/01 3:43 a.m.17 views

CVE-2026-12902

Kadence Blocks — Page Builder Toolkit for Gutenberg Editor (WordPress) contains an authorization bypass in all versions up to 3.7.7. Authenticated attackers with contributor-level access can create arbitrary Media Library attachments by downloading remote images into the uploads directory via wp_...

4.3CVSS5.9AI score0.00272EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/07/01 3:43 a.m.7 views

CVE-2026-12902

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.7.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS5.9AI score0.00272EPSS
Exploits0References11
EUVD
EUVD
added 2026/06/30 11:19 a.m.8 views

EUVD-2026-40293

An Unrestricted File Upload vulnerability in Redeight CMS version 1.0 allows authenticated attackers to achieve Remote Code Execution via the POST "/admin/index.php?module=pages&mode=FileAdd" endpoint. The application fails to validate file extensions and MIME types, permitting the upload of...

9.3CVSS6.1AI score0.00488EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/30 11:19 a.m.6 views

CVE-2026-53691 Remote Code Execution in Redeight CMS

An Unrestricted File Upload vulnerability in Redeight CMS version 1.0 allows authenticated attackers to achieve Remote Code Execution via the POST "/admin/index.php?module=pages&mode=FileAdd" endpoint. The application fails to validate file extensions and MIME types, permitting the upload of...

8.6CVSS6.1AI score0.00488EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 11:19 a.m.37 views

CVE-2026-53691 Remote Code Execution in Redeight CMS

An Unrestricted File Upload vulnerability in Redeight CMS version 1.0 allows authenticated attackers to achieve Remote Code Execution via the POST "/admin/index.php?module=pages&mode=FileAdd" endpoint. The application fails to validate file extensions and MIME types, permitting the upload of...

8.6CVSS0.00488EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 5:33 a.m.6 views

CVE-2026-9612

The WhatsOrder – Instant Checkout for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1 via the yapacdevgenerateorderpdf. This makes it possible for unauthenticated attackers to extract sensitive customer PII and order...

5.3CVSS5.9AI score0.00308EPSS
Exploits0References8
Rows per page
Query Builder