Lucene search
K

43 matches found

CVE
CVE
added 5 days ago5 views

CVE-2026-6802

The CVE-2026-6802 entry concerns the WordPress plugin Easy Upload Files During Checkout, affected up to version 3.0.1. The vulnerability stems from missing authorization checks in the ufdc_custom_init() function, which processes the eufdc-delete parameter without nonce verification, capability ch...

5.3CVSS6.2AI score0.00243EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.36 views

CVE-2026-57747 WordPress Booked plugin <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF in Booked = 3.0.0 versions...

6.5CVSS0.00124EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 8:30 a.m.15 views

CVE-2026-39665

The CVE describes a DOM-Based XSS vulnerability in the WordPress plugin SEO Friendly Images (seo-image) by Vladimir Prelovac, affecting versions from n/a up to 3.0.5. Root cause: Improper neutralization of input during web page generation. Impact stated across sources as cross-site scripting acce...

6.5CVSS5.9AI score0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/06 6:45 a.m.31 views

CVE-2026-5632 assafelovic gpt-researcher HTTP REST API Endpoint missing authentication

A vulnerability was found in assafelovic gpt-researcher up to 3.4.3. This impacts an unknown function of the component HTTP REST API Endpoint. Performing a manipulation results in missing authentication. It is possible to initiate the attack remotely. The exploit has been made public and could be...

7.5CVSS0.00414EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/19 8:27 a.m.32 views

CVE-2026-25372 WordPress Academy LMS plugin <= 3.5.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Kodezen LLC Academy LMS academy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Academy LMS: from n/a through = 3.5.3...

6.5CVSS0.00212EPSS
Exploits0References1
OSV
OSV
added 2026/01/26 1:15 a.m.5 views

CVE-2026-1412

A vulnerability has been found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. The impacted element is an unknown function of the file /fort/audit/getclipimg of the component HTTP POST Request Handler. Such manipulation of the argument frame/dirno leads to command...

9.8CVSS5.6AI score0.03946EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/01/10 12:0 a.m.7 views

PT-2026-1779

Name of the Vulnerable Software and Affected Versions Sangfor Operation and Maintenance Management System versions up to 3.0.8 Description A remote OS command injection issue exists in the SessionController function within the /isomp-protocol/protocol/session file of the software. Manipulation of...

7.5CVSS7.7AI score0.05577EPSS
Exploits1References10
RedhatCVE
RedhatCVE
added 2026/01/09 9:26 a.m.11 views

CVE-2023-4716

The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mlagallery' shortcode in versions up to, and including, 3.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5AI score0.00474EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/08 9:17 a.m.5 views

CVE-2025-67917 WordPress Traveler theme <= 3.2.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Traveler: from n/a through = 3.2.6...

6.5CVSS6.6AI score0.00242EPSS
Exploits0References1
NVD
NVD
added 2025/12/31 5:15 p.m.10 views

CVE-2025-62078

Missing Authorization vulnerability in Fahad Mahmood Easy Upload Files During Checkout easy-upload-files-during-checkout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Upload Files During Checkout: from n/a through = 3.0.0...

4.3CVSS0.00198EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/31 4:33 p.m.6 views

CVE-2025-62101 WordPress Pardakht Delkhah plugin <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Omid Shamloo Pardakht Delkhah allows Cross Site Request Forgery.This issue affects Pardakht Delkhah: from n/a through 3.0.0...

4.3CVSS6.5AI score0.00124EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/19 1:9 p.m.7 views

CVE-2025-14437

The Hummingbird Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.18.0 via the 'request' function. This makes it possible for unauthenticated attackers to extract sensitive data including Cloudflare API credentials...

7.5CVSS6AI score0.01986EPSS
Exploits0References1
CVE
CVE
added 2025/12/19 9:29 a.m.18 views

CVE-2025-14455

CVE-2025-14455 affects Image Photo Gallery Final Tiles Grid for WordPress. Public details in Wordfence report show an authenticated-by-design authorization bypass (Contributor+ and above) for gallery management actions, enabling deletion/modification/cloning of any user galleries. A fix exists in...

5.4CVSS5.5AI score0.00251EPSS
Exploits0References5
EUVD
EUVD
added 2025/12/18 12:22 p.m.7 views

EUVD-2025-204263

The Hummingbird Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.18.0 via the 'request' function. This makes it possible for unauthenticated attackers to extract sensitive data including Cloudflare API credentials...

7.5CVSS5.5AI score0.01986EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/12 3:20 a.m.4 views

CVE-2025-13846 Easy Map Creator <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Easy Map Creator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acces...

6.4CVSS4.7AI score0.00237EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/12 3:20 a.m.5 views

CVE-2025-13972 WatchTowerHQ <= 3.15.0 - Authenticated (Administrator+) Arbitrary File Read via 'wht_download_big_object_origin' Parameter

The WatchTowerHQ plugin for WordPress is vulnerable to arbitrary file read via the 'whtdownloadbigobjectorigin' parameter in all versions up to, and including, 3.15.0. This is due to insufficient path validation in the handlebigobjectdownloadrequest function. This makes it possible for...

4.9CVSS5.5AI score0.00464EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/06 5:49 a.m.5 views

CVE-2025-12577 Listar – Directory Listing & Classifieds WordPress Plugin <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) Listing Update

The Listar – Directory Listing & Classifieds WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/listar/v1/place/save' REST API endpoint in all versions up to, and including, 3.0.0. This makes it possible for...

4.3CVSS4.8AI score0.00164EPSS
Exploits0References2
CVE
CVE
added 2025/11/13 9:24 a.m.11 views

CVE-2025-64262

CVE-2025-64262 is a CSRF vulnerability in the WordPress plugin Auto Prune Posts (versions

6.5CVSS6.5AI score0.0013EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/27 1:33 a.m.3 views

CVE-2025-62911 WordPress Rock Convert plugin <= 3.0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rock Content Rock Convert rock-convert allows Stored XSS.This issue affects Rock Convert: from n/a through = 3.0.1...

6.5CVSS5.6AI score0.00186EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/22 2:32 p.m.12 views

CVE-2025-49913 WordPress CoSchedule plugin <= 3.4.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in CoSchedule CoSchedule coschedule-by-todaymade allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CoSchedule: from n/a through = 3.4.0...

5.3CVSS0.00317EPSS
Exploits0References1
Rows per page
Query Builder