Lucene search
K

873 matches found

ATTACKERKB
ATTACKERKB
added 2 days ago5 views

CVE-2026-11778

The The CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.2.14. This is due to the software allowing users to execute an action that does not properly validate a value...

5.4CVSS6.3AI score0.00255EPSS
Exploits0References5
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-57747 WordPress Booked plugin <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF in Booked = 3.0.0 versions...

6.5CVSS0.00124EPSS
Exploits0References1
CVE
CVE
added 3 days ago6 views

CVE-2026-57682

The CVE-2026-57682 entry affects the WordPress plugin “Simple Link Directory” version ≤ 15.0.5, with an unauthenticated Cross Site Scripting (XSS) vulnerability. The connected records confirm the vulnerability type (XSS) and affected version, but do not provide concrete root-cause details, exploi...

7.1CVSS5.8AI score0.00191EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-42382 WordPress Audrey theme <= 1.5 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Audrey = 1.5 versions...

8.1CVSS0.00303EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-10104 Product Video Gallery for Woocommerce <= 1.5.1.8 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via custom_thumbnail Parameter

The Product Video Gallery for Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via customthumbnail Parameter in all versions up to, and including, 1.5.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS0.00263EPSS
Exploits0References8
CVE
CVE
added 6 days ago9 views

CVE-2026-57332

The CVE affects the WordPress Wallet System for WooCommerce plugin, specifically versions

7.1CVSS5.8AI score0.00256EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-53292

Name of the Vulnerable Software and Affected Versions Paid Videochat Turnkey Site versions 7.4.8 and earlier Description An issue exists that allows a performer to perform arbitrary file deletion within the system. Recommendations At the moment, there is no information about a newer version that...

9.9CVSS5.9AI score0.00344EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/26 3:32 p.m.4 views

EUVD-2026-39778

Mattermost Plugins versions =11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries...

6.8CVSS5.8AI score0.00325EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 3:16 p.m.5 views

CVE-2026-57635

Unauthenticated Cross Site Request Forgery CSRF in FunnelKit Payment Gateway for Stripe WooCommerce = 1.14.0.3 versions...

6.5CVSS0.00123EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:53 p.m.7 views

EUVD-2026-39764

Subscriber Broken Access Control in Shoppable Images Lite = 1.3 versions...

4.3CVSS5.8AI score0.00213EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:53 p.m.34 views

CVE-2026-57646 WordPress Majestic Support plugin <= 1.1.7 - Insecure Direct Object References (IDOR) vulnerability

Subscriber Insecure Direct Object References IDOR in Majestic Support = 1.1.7 versions...

5.4CVSS0.00181EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.6 views

EUVD-2026-39694

Unauthenticated PHP Object Injection in Uncanny Automator = 7.3.1.2 versions...

8.1CVSS5.8AI score0.00317EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.13 views

CVE-2026-52701

CVE-2026-52701 is an unauthenticated broken access control vulnerability affecting WordPress User Registration plugin versions

6.5CVSS5.8AI score0.00194EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:12 p.m.4 views

EUVD-2026-39384

Unauthenticated Cross Site Scripting XSS in Forminator = 1.53.1 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/24 8:38 a.m.7 views

WordPress WP Forms Connector plugin <= 1.8 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by jamaal in WordPress Plugin WP Forms Connector versions = 1.8...

7.5CVSS6AI score0.00376EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/17 2:17 p.m.10 views

CVE-2025-60230

Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection. This issue affects The Barber Shop: from n/a through 1.9...

9.8CVSS0.00426EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.8 views

CVE-2026-22329

Unauthenticated Cross Site Scripting XSS in Skillate = 1.2.10 versions...

7.1CVSS0.00186EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:19 p.m.11 views

CVE-2025-69125

Unauthenticated Local File Inclusion in Food Drop = 1.3 versions...

8.1CVSS0.00348EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.28 views

CVE-2026-40738 WordPress Eldon theme <= 1.4.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Eldon = 1.4.1 versions...

8.1CVSS0.00308EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 8:57 p.m.19 views

CVE-2026-40759 WordPress Esmée theme <= 1.4 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Esmée = 1.4 versions...

8.1CVSS0.0032EPSS
Exploits0References1
Rows per page
Query Builder