Lucene search
K

176 matches found

NVD
NVD
added 11 hours ago5 views

CVE-2026-57756

Contributor SQL Injection in nicen-localize-image = 1.4.9 versions...

8.5CVSS
Exploits0References1
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-39667

Contributor SQL Injection in Contest Gallery = 30.0.0 versions...

8.5CVSS5.8AI score0.00211EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago4 views

EUVD-2026-39738

Contributor Broken Access Control in SEOPress PRO = 9.1.1 versions...

4.3CVSS5.8AI score0.00185EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:50 a.m.27 views

CVE-2026-27041 WordPress Unlimited Elements for Elementor (Premium) plugin <= 2.0.6 - Arbitrary File Upload vulnerability

Contributor Arbitrary File Upload in Unlimited Elements for Elementor Premium = 2.0.6 versions...

9.9CVSS0.00319EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 8:57 p.m.19 views

CVE-2025-69177 WordPress Roneous theme <= 2.1.5 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Roneous = 2.1.5 versions...

8.1CVSS0.00474EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 9:30 p.m.7 views

EUVD-2026-36967

Subscriber Broken Access Control in RepairBuddy = 4.1132 versions...

6.5CVSS5.1AI score0.00326EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.9 views

CVE-2026-4074

The Quran Live Multilanguage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cheikh' and 'lang' shortcode attributes in all versions up to, and including, 1.0.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Th...

6.4CVSS5.5AI score0.00378EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/04 1:55 p.m.6 views

WordPress Happyforms plugin <= 1.26.13 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by longnv719 in WordPress Plugin Happyforms versions = 1.26.13...

9.8CVSS5.5AI score0.00383EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/12 5:11 p.m.21 views

WordPress ilGhera Support System for WooCommerce plugin <= 1.3.0 - Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability

Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Woocommerce Support System versions = 1.3.0...

5.3CVSS5.8AI score0.00256EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/21 4:35 p.m.31 views

CVE-2026-40576 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in excel-mcp-server

excel-mcp-server is a Model Context Protocol server for Excel file manipulation. A path traversal vulnerability exists in excel-mcp-server versions up to and including 0.1.7. When running in SSE or Streamable-HTTP transport mode the documented way to use this server remotely, an unauthenticated...

9.4CVSS0.00391EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/04/07 3:28 a.m.3 views

WordPress WPFunnels plugin <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpf_optin_form' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'wpfoptinform' Shortcode vulnerability discovered by Paolo Tresso - Wordfence in WordPress Plugin WPFunnels versions = 3.7.9...

6.4CVSS5.9AI score0.00199EPSS
Exploits0References1Affected Software1
vulnersOsv
vulnersOsv
added 2026/03/29 3:48 p.m.9 views

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (=0.8.3-beta.1) +12 more potentially affected by CVE-2026-35640 via openclaw (>=0.0.1 <=2026.3.24)

openclaw NPM version =0.0.1, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.1.0, =3.3.2, =3.3.7 Source cves: CVE-2026-35640 Source advisory: OSV:GHSA-3H52-CX59-C456...

7.5CVSS5.4AI score0.00436EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/02/20 3:46 p.m.2 views

CVE-2025-69373 WordPress VidoRev theme <= 2.9.9.9.9.9.7 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in beeteam368 VidoRev vidorev allows PHP Local File Inclusion.This issue affects VidoRev: from n/a through = 2.9.9.9.9.9.7...

7.5CVSS5.5AI score0.00397EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/19 4:36 a.m.3 views

CVE-2026-2502 xmlrpc attacks blocker <= 1.0 - Unauthenticated Stored Cross-Site Scripting via 'X-Forwarded-For'

The xmlrpc attacks blocker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0, via the 'X-Forwarded-For' HTTP header. This is due to the plugin trusting and logging attacker-controlled IP header data and rendering debug log entries without outp...

6.1CVSS5.8AI score0.00265EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/02/18 11:34 p.m.5 views

WordPress Toret Manager plugin <= 1.2.7 - Authenticated (Subscriber+) Arbitrary Options Update via AJAX actions vulnerability

Authenticated Subscriber+ Arbitrary Options Update via AJAX actions vulnerability discovered by vgo0 in WordPress Plugin Toret Manager versions = 1.2.7...

8.8CVSS5.5AI score0.00292EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/13 7:18 p.m.5 views

CVE-2026-1320

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' HTTP header in all versions up to, and including, 4.9.8 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS5.8AI score0.00257EPSS
Exploits0References1
NVD
NVD
added 2026/02/02 5:16 p.m.10 views

CVE-2026-1232

A medium-severity vulnerability has been identified in BeyondTrust Privilege Management for Windows versions =25.7. Under certain conditions, a local authenticated user with elevated privileges may be able to bypass the product’s anti-tamper protections, which could allow access to protected...

6.8CVSS0.0012EPSS
Exploits0References2
NVD
NVD
added 2026/01/22 5:16 p.m.4 views

CVE-2025-69097

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in VibeThemes WPLMS wplmsplugin allows Path Traversal.This issue affects WPLMS: from n/a through = 1.9.9.5.4...

8.6CVSS0.00479EPSS
Exploits0References1
NVD
NVD
added 2026/01/22 5:16 p.m.3 views

CVE-2025-68011

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GLS GLS Shipping for WooCommerce gls-shipping-for-woocommerce allows Reflected XSS.This issue affects GLS Shipping for WooCommerce: from n/a through = 1.4.0...

7.1CVSS0.00237EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:38 p.m.6 views

CVE-2023-29440

Cross-Site Request Forgery CSRF vulnerability in PressTigers Simple Job Board plugin = 2.10.3 versions...

8.8CVSS8.5AI score0.00315EPSS
Exploits0References1
Rows per page
Query Builder