Lucene search
K

41 matches found

Cvelist
Cvelist
added 2026/06/17 9:51 a.m.31 views

CVE-2026-54185 WordPress Cornerstone plugin < 7.8.8 - SQL Injection vulnerability

Subscriber SQL Injection in Cornerstone 7.8.8 versions...

8.5CVSS0.00342EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/09 12:45 p.m.8 views

WordPress Coupon Affiliates plugin <= 7.8.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Stefano in WordPress Plugin Coupon Affiliates versions = 7.8.1...

7.5CVSS5.5AI score0.00386EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/02 1:29 p.m.9 views

WordPress GamiPress plugin <= 7.8.7 - SQL Injection vulnerability

SQL Injection vulnerability discovered by kai63001 in WordPress Plugin GamiPress versions = 7.8.7...

8.5CVSS5.9AI score0.00332EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/04/23 3:37 p.m.6 views

CVE-2026-41460

SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerability in the /activity/index/get-memberall endpoint where user-supplied input passed via the text parameter is not sanitized before being incorporated into a SQL query. An unauthenticated remote attacker can exploit this...

9.8CVSS0.00972EPSS
Exploits2References5
RedhatCVE
RedhatCVE
added 2026/02/20 7:22 a.m.9 views

CVE-2025-12500

The Checkout Field Manager Checkout Manager for WooCommerce plugin for WordPress is vulnerable to unauthenticated limited file upload in all versions up to, and including, 7.8.1. This is due to the plugin not properly verifying that a user is authorized to perform file upload actions via the...

5.3CVSS5.5AI score0.00328EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/19 4:36 a.m.26 views

CVE-2025-13930 Checkout Field Manager (Checkout Manager) for WooCommerce <= 7.8.5 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion

The Checkout Field Manager Checkout Manager for WooCommerce plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 7.8.5. This is due to the plugin not properly verifying that a user is authorized to delete an attachment combined with flawed guest order...

5.3CVSS0.00407EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.9 views

PT-2026-20584

Name of the Vulnerable Software and Affected Versions Checkout Field Manager Checkout Manager for WooCommerce versions prior to 7.8.2 Description The Checkout Field Manager Checkout Manager for WooCommerce plugin for WordPress is susceptible to unauthenticated limited file upload. This is caused ...

5.3CVSS5.2AI score0.00328EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.5 views

PT-2026-6243

Name of the Vulnerable Software and Affected Versions Hustle versions through 7.8.9.2 Description A flaw exists in the wordpress-popup component of WPMU DEV - Your All-in-One WordPress Platform Hustle that allows the retrieval of embedded sensitive data. This could lead to an exposure of sensitiv...

5.3CVSS5.4AI score0.00197EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/31 4:35 a.m.6 views

EUVD-2025-206596

The Ajax Load More – Infinite Scroll, Load More, & Lazy Load plugin for WordPress is vulnerable to unauthorized access of data due to incorrect authorization on the parsecustomargs function in all versions up to, and including, 7.8.1. This makes it possible for unauthenticated attackers to expose...

5.3CVSS5.9AI score0.00264EPSS
Exploits0References2
NVD
NVD
added 2026/01/15 10:16 p.m.4 views

CVE-2025-67822

A vulnerability in the Provisioning Manager component of Mitel MiVoice MX-ONE 7.3 7.3.0.0.50 through 7.8 SP1 7.8.1.0.14 could allow an unauthenticated attacker to conduct an authentication bypass attack due to improper authentication mechanisms. A successful exploit could allow an attacker to gai...

9.4CVSS0.00373EPSS
Exploits0References2
OSV
OSV
added 2026/01/13 11:15 p.m.4 views

CVE-2021-47750

YouPHPTube = 7.8 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the redirectUri parameter in the signup page. Attackers can craft special signup URLs with embedded script tags to execute arbitrary JavaScript in victims' browsers when they...

6.1CVSS5.5AI score
Exploits0References3
NVD
NVD
added 2025/12/24 1:16 p.m.6 views

CVE-2025-68600

Server-Side Request Forgery SSRF vulnerability in Yannick Lefebvre Link Library link-library allows Server Side Request Forgery.This issue affects Link Library: from n/a through = 7.8.7...

4.9CVSS0.00119EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/20 12:0 a.m.11 views

PT-2025-52551

Name of the Vulnerable Software and Affected Versions WP JobHunt plugin for WordPress versions prior to 7.8 Description The WP JobHunt plugin for WordPress is susceptible to unauthorized data modification. A missing capability check within the cs update application status callback function allows...

7.6CVSS5.5AI score0.00189EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/12/20 12:0 a.m.9 views

PT-2025-52550

Name of the Vulnerable Software and Affected Versions WP JobHunt plugin for WordPress versions prior to 7.8 Description The WP JobHunt plugin for WordPress is susceptible to an Insecure Direct Object Reference issue. This affects versions up to and including 7.7, stemming from a lack of validatio...

4.3CVSS6AI score0.00171EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/10/29 12:0 a.m.6 views

WordPress plugin WooCommerce 信息泄露漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin WooCommerce, which stems...

5.3CVSS5.7AI score0.00303EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/24 1:35 p.m.13 views

CVE-2025-60206

Improper Control of Generation of Code 'Code Injection' vulnerability in Beplusthemes Alone alone allows Code Injection.This issue affects Alone: from n/a through = 7.8.3...

10CVSS5.9AI score0.00482EPSS
Exploits0References1
CVE
CVE
added 2025/10/22 2:32 p.m.18 views

CVE-2025-60206

CVE-2025-60206 refers to a code injection vulnerability in Bearsthemes WordPress Alone theme (Alone) that enables remote code execution. Affected: Alone theme versions up to and including 7.8.3. Root cause: improper control of code generation leading to code injection. Impact: high severity with ...

10CVSS5.9AI score0.00482EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/22 12:0 a.m.5 views

WordPress plugin SUMO Memberships for WooCommerce 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. The WordPress plugin...

7.1CVSS6.6AI score0.00123EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/09/26 9:31 a.m.5 views

WSO2's Input Validation Management Service contains Observable Discrepancy when Multi-Attribute Login is enabled

A username enumeration vulnerability exists in multiple WSO2 products when Multi-Attribute Login is enabled. In this configuration, the system returns a distinct "User does not exist" error message to the login form, regardless of the validateusername setting. This behavior allows malicious actor...

5.3CVSS6.8AI score0.00234EPSS
Exploits0References4Affected Software1
HackRead
HackRead
added 2025/09/25 10:36 a.m.8 views

Critical CVSS 10 Flaw in GoAnywhere File Transfer Threatens 20,000 Systems

Urgent warning for Fortra GoAnywhere MFT users. A CVSS 10.0 deserialization vulnerability CVE-2025-10035 in the License Servlet allows command injection. Patch to v7.8.4 immediately to prevent system takeover...

10CVSS7.3AI score0.99614EPSS
Exploits2
Rows per page
Query Builder