Lucene search
K

20 matches found

CVE
CVE
added 5 days ago12 views

CVE-2026-52701

CVE-2026-52701 is an unauthenticated broken access control vulnerability affecting WordPress User Registration plugin versions

6.5CVSS5.8AI score0.00194EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 5:0 a.m.26 views

CVE-2026-9673

CVE-2026-9673 affects json-2-csv versions 3.15.0 and earlier up to 5.5.11, vulnerable to CSV Injection via the preventCsvInjection option, which can be bypassed. An attacker can inject formulas into CSV files that execute when opened in spreadsheet apps. The SNYK entry describes a PoC and recomme...

7CVSS5.9AI score0.00166EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/08 8:30 a.m.1 views

CVE-2026-39682 WordPress linkPizza-Manager plugin <= 5.5.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Arjan Pronk linkPizza-Manager linkpizza-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects linkPizza-Manager: from n/a through = 5.5.5...

5.9AI score0.0019EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/19 8:26 a.m.3 views

CVE-2026-25368 WordPress Calculated Fields Form plugin <= 5.4.4.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in codepeople Calculated Fields Form calculated-fields-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Calculated Fields Form: from n/a through = 5.4.4.1...

6.5CVSS5.4AI score0.00248EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/12 2:23 a.m.3 views

CVE-2026-1537

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the loadstep function in all versions up to, and including, 5.2.6. This makes it possible for unauthenticated attackers to vie...

5.3CVSS5.5AI score0.00244EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/10 3:13 p.m.5 views

CVE-2025-63069

Missing Authorization vulnerability in Vinod Dalvi Ivory Search add-search-to-menu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ivory Search: from n/a through = 5.5.12...

5.3CVSS7AI score0.00289EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/05 9:27 a.m.3 views

CVE-2025-12876 Projectopia – WordPress Project Management <= 5.1.19 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion

The Projectopia – WordPress Project Management plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ptodeletefile AJAX action in all versions up to, and including, 5.1.19. This makes it possible for unauthenticated attackers to delete...

5.3CVSS5.1AI score0.00286EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/29 4:2 a.m.4 views

CVE-2025-57931 WordPress Popup box plugin <= 5.5.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Ays Pro Popup box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through 5.5.4...

5.3CVSS6.5AI score0.00125EPSS
Exploits0References1
CVE
CVE
added 2025/10/22 2:32 p.m.9 views

CVE-2025-62042

CVE-2025-62042 is a Cross-Site Scripting (XSS) vulnerability in the WordPress plugin “Event post” (event-post) affecting versions up to and including 5.10.3. The issue stems from improper input neutralization during web page generation, enabling an attacker to inject malicious scripts. Exploitati...

6.5CVSS6AI score0.0016EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-27956

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/03 11:17 a.m.6 views

CVE-2025-7721 JoomSport <= 5.7.3 - Unauthenticated Directory Traversal to Local File Inclusion

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.7.3 via the task parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the...

9.8CVSS7AI score0.00621EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/09/05 3:22 p.m.6 views

CVE-2025-58625

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Spiffy Plugins WP Flow Plus wp-imageflow2 allows Stored XSS.This issue affects WP Flow Plus: from n/a through = 5.2.5...

5.9CVSS5.9AI score0.00165EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/08 1:19 p.m.17 views

CVE-2025-30997

Server-Side Request Forgery SSRF vulnerability in SmartDataSoft Car Repair Services car-repair-services allows Server Side Request Forgery.This issue affects Car Repair Services: from n/a through = 5.0...

5.4CVSS6.1AI score0.00214EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:6 a.m.11 views

CVE-2024-30530

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar allows Stored XSS.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 5.1...

6.5CVSS8.6AI score0.00337EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:54 a.m.9 views

CVE-2024-0829

The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.0. This is due to missing or incorrect capability checks on several ajax actions. This makes it possible for authenticated attackers, with subscribe...

4.3CVSS6.5AI score0.00533EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:4 a.m.4 views

CVE-2023-46639

Missing Authorization vulnerability in FeedbackWP kk Star Ratings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects kk Star Ratings: from n/a through 5.4.5...

5.3CVSS8.5AI score0.0034EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/29 12:32 a.m.18 views

CVE-2025-25686

semcms =5.0 is vulnerable to SQL Injection in SEMCMSFuction.php...

9.8CVSS8.4AI score0.00475EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2025/01/16 8:15 p.m.2 views

CVE-2025-23627

Cross-Site Request Forgery CSRF vulnerability in frenchsquared Comment-Emailer comment-emailer allows Stored XSS.This issue affects Comment-Emailer: from n/a through = 1.0.5...

7.2AI score0.00158EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2024/05/03 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-40000

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through 5.7...

8.3CVSS7.4AI score0.54872EPSS
Exploits5References1
ATTACKERKB
ATTACKERKB
added 2022/10/12 9:15 p.m.3 views

CVE-2022-41136

Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS in Vladimir Anokhin's Shortcodes Ultimate plugin = 5.12.0 on WordPress...

8.8CVSS5.8AI score0.00293EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder