Lucene search
+L

461 matches found

Cvelist
Cvelist
added 2026/04/02 7:39 a.m.35 views

CVE-2026-5032 W3 Total Cache <= 2.9.3 - Unauthenticated Security Token Exposure via User-Agent Header

The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.3. This is due to the plugin bypassing its entire output buffering and processing pipeline when the request's User-Agent header contains "W3 Total Cache", which causes raw...

7.5CVSS0.00956EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/02 7:39 a.m.4 views

CVE-2026-5032

The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.3. This is due to the plugin bypassing its entire output buffering and processing pipeline when the request's User-Agent header contains "W3 Total Cache", which causes raw...

7.5CVSS6.4AI score0.00956EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/02 7:39 a.m.1 views

CVE-2026-5032 W3 Total Cache <= 2.9.3 - Unauthenticated Security Token Exposure via User-Agent Header

The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.3. This is due to the plugin bypassing its entire output buffering and processing pipeline when the request's User-Agent header contains "W3 Total Cache", which causes raw...

7.5CVSS5.8AI score0.00956EPSS
Exploits0References3
CVE
CVE
added 2026/04/02 7:39 a.m.25 views

CVE-2026-5032

CVE-2026-5032 affects the WordPress plugin W3 Total Cache (versions

7.5CVSS6.4AI score0.00956EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/04/02 7:21 a.m.6 views

WordPress W3 Total Cache plugin <= 2.9.3 - Unauthenticated Security Token Exposure via User-Agent Header vulnerability

Unauthenticated Security Token Exposure via User-Agent Header vulnerability discovered by wesley wcraft in WordPress Plugin W3 Total Cache versions = 2.9.3...

7.5CVSS5.9AI score0.00956EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.10 views

WordPress plugin W3 Total Cache 信息泄露漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.5CVSS5.8AI score0.00956EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/03/30 1:3 p.m.17 views

WordPress Blackhole for Bad Bots plugin <= 3.8 - Unauthenticated Stored Cross-Site Scripting via User-Agent HTTP Header vulnerability

Unauthenticated Stored Cross-Site Scripting via User-Agent HTTP Header vulnerability discovered by Huynh Pham Thanh Luc in WordPress Plugin Blackhole for Bad Bots versions = 3.8...

7.2CVSS5.9AI score0.00315EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2026/03/28 12:28 a.m.8 views

SUSE CVE-2026-25783

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly validate User-Agent header tokens which allows an authenticated attacker to cause a request panic via a specially crafted User-Agent header. Mattermost Advisory ID: MMSA-2026-00586...

4.3CVSS5.9AI score0.00285EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/27 4:59 a.m.5 views

CVE-2026-4329

The Blackhole for Bad Bots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User-Agent HTTP header in all versions up to and including 3.8. This is due to insufficient input sanitization and output escaping. The plugin uses sanitizetextfield when capturing bot data which...

7.2CVSS6AI score0.00315EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:13 p.m.5 views

CVE-2026-25783

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly validate User-Agent header tokens which allows an authenticated attacker to cause a request panic via a specially crafted User-Agent header. Mattermost Advisory ID: MMSA-2026-00586...

4.3CVSS5.8AI score0.00285EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/26 6:30 a.m.11 views

EUVD-2026-16102

The Blackhole for Bad Bots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User-Agent HTTP header in all versions up to and including 3.8. This is due to insufficient input sanitization and output escaping. The plugin uses sanitizetextfield when capturing bot data which...

7.2CVSS6AI score0.00315EPSS
Exploits0References13
NVD
NVD
added 2026/03/26 5:16 a.m.7 views

CVE-2026-4329

The Blackhole for Bad Bots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User-Agent HTTP header in all versions up to and including 3.8. This is due to insufficient input sanitization and output escaping. The plugin uses sanitizetextfield when capturing bot data which...

7.2CVSS0.00315EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/03/26 3:37 a.m.37 views

CVE-2026-4329 Blackhole for Bad Bots <= 3.8 - Unauthenticated Stored Cross-Site Scripting via User-Agent HTTP Header

The Blackhole for Bad Bots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User-Agent HTTP header in all versions up to and including 3.8. This is due to insufficient input sanitization and output escaping. The plugin uses sanitizetextfield when capturing bot data which...

7.2CVSS0.00315EPSS
Exploits0References12
Vulnrichment
Vulnrichment
added 2026/03/26 3:37 a.m.2 views

CVE-2026-4329 Blackhole for Bad Bots <= 3.8 - Unauthenticated Stored Cross-Site Scripting via User-Agent HTTP Header

The Blackhole for Bad Bots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User-Agent HTTP header in all versions up to and including 3.8. This is due to insufficient input sanitization and output escaping. The plugin uses sanitizetextfield when capturing bot data which...

7.2CVSS6AI score0.00315EPSS
Exploits0References12
CVE
CVE
added 2026/03/26 3:37 a.m.29 views

CVE-2026-4329

The CVE-2026-4329 entry concerns the WordPress plugin “Blackhole for Bad Bots” (versions

7.2CVSS6AI score0.00315EPSS
Exploits0References12
ATTACKERKB
ATTACKERKB
added 2026/03/26 3:37 a.m.3 views

CVE-2026-4329

The Blackhole for Bad Bots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User-Agent HTTP header in all versions up to and including 3.8. This is due to insufficient input sanitization and output escaping. The plugin uses sanitizetextfield when capturing bot data which...

7.2CVSS6AI score0.00315EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.14 views

PT-2026-28202

The Blackhole for Bad Bots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User-Agent HTTP header in all versions up to and including 3.8. This is due to insufficient input sanitization and output escaping. The plugin uses sanitize text field when capturing bot data whic...

7.2CVSS6AI score0.00315EPSS
Exploits0References13
EUVD
EUVD
added 2026/03/19 3:31 p.m.5 views

EUVD-2026-13111

Devome GRR v4.5.0 was discovered to contain multiple authenticated SQL injection vulnerabilities in the include/session.inc.php file via the referer and user-agent...

5.8AI score0.00259EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/16 3:30 p.m.11 views

Improper Validation of Specified Type of Input

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input due to improper validation of User-Agent header tokens. An attacker can trigger a panic in the...

5.3CVSS5.8AI score0.00285EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/16 3:30 p.m.4 views

EUVD-2026-12416

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly validate User-Agent header tokens which allows an authenticated attacker to cause a request panic via a specially crafted User-Agent header. Mattermost Advisory ID: MMSA-2026-00586...

4.3CVSS5.8AI score0.00285EPSS
Exploits0References2
Rows per page
Query Builder