Lucene search
K

24 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/03 7:53 a.m.6 views

CVE-2026-11778

The The CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.2.14. This is due to the software allowing users to execute an action that does not properly validate a value...

5.4CVSS6.3AI score0.00255EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/20 1:25 a.m.44 views

CVE-2026-8685 Infility Global <= 2.15.16 - Authenticated (Subscriber+) SQL Injection via 'orderby' Parameter

The Infility Global plugin for WordPress is vulnerable to SQL Injection via the 'orderby' and 'order' parameters in all versions up to, and including, 2.15.16. This is due to insufficient escaping on user supplied parameters and lack of sufficient preparation on the existing SQL query within the...

6.5CVSS0.00359EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.7 views

PT-2026-33255

In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint...

4.3CVSS5.8AI score0.00317EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/04 11:16 a.m.2 views

CVE-2025-14938

The Listeo Core plugin for WordPress is vulnerable to unauthenticated arbitrary media upload in all versions up to, and including, 2.0.27 via the "listeocorehandledroppedmedia" function. This is due to missing authorization and capability checks on the AJAX endpoint handling file uploads. This...

5.3CVSS6.1AI score0.00304EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/13 11:41 a.m.1 views

CVE-2026-32343

Cross-Site Request Forgery CSRF vulnerability in Magazine3 Easy Table of Contents easy-table-of-contents allows Cross Site Request Forgery.This issue affects Easy Table of Contents: from n/a through = 2.0.80...

5.8AI score0.00107EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/04 7:28 p.m.5 views

CVE-2026-24997

Missing Authorization vulnerability in Wired Impact Wired Impact Volunteer Management wired-impact-volunteer-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wired Impact Volunteer Management: from n/a through = 2.8...

5.3CVSS5.3AI score0.00176EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:27 a.m.10 views

CVE-2023-45752

Cross-Site Request Forgery CSRF vulnerability in 10 Quality Post Gallery plugin = 2.3.12 versions...

8.8CVSS7.1AI score0.00214EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:17 a.m.6 views

CVE-2025-23897

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ivobrett Apply with LinkedIn buttons apply-with-linkedin-buttons allows DOM-Based XSS.This issue affects Apply with LinkedIn buttons: from n/a through = 2.3...

6.5CVSS7.2AI score0.00357EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/13 11:7 p.m.6 views

CVE-2025-67749

PCSX2 is a free and open-source PlayStation 2 PS2 emulator. In versions 2.5.377 and below, an unchecked offset and size used in a memcpy operation inside PCSX2's CDVD SCMD 0x91 and SCMD 0x8F handlers allow a specially crafted disc image or ELF to cause an out-of-bounds read from emulator memory...

5.3CVSS6.5AI score0.00301EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/07 5:33 p.m.4 views

CVE-2025-60202

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Kyle Phillips Favorites favorites allows PHP Local File Inclusion.This issue affects Favorites: from n/a through = 2.3.6...

7.5CVSS7.1AI score0.0042EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/22 3:31 p.m.7 views

EUVD-2025-35517

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jonatan Jumbert WPCode Content Ratio wpcode-content-ratio allows Reflected XSS.This issue affects WPCode Content Ratio: from n/a through = 2.0...

5.9AI score0.00283EPSS
Exploits0References2
CVE
CVE
added 2025/09/22 6:22 p.m.11 views

CVE-2025-58703

CVE-2025-58703: Stored XSS in Skyword API Plugin (WordPress) affecting Skyword API Plugin versions up to 2.5.3. Impact per CVSS: NETWORK attack, Low to Low confidentiality/integrity/availability, UI interaction required. Connected sources indicate the issue is currently Unpatched (no public fix d...

6.5CVSS5.9AI score0.00196EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/09 3:53 p.m.7 views

CVE-2025-48141 WordPress Multi CryptoCurrency Payments <= 2.0.3 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Alex Zaytseff Multi CryptoCurrency Payments allows SQL Injection. This issue affects Multi CryptoCurrency Payments: from n/a through 2.0.3...

9.3CVSS7.9AI score0.00284EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/09 3:53 p.m.21 views

CVE-2025-48141 WordPress Multi CryptoCurrency Payments plugin <= 2.0.7 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Alex Zaytseff Multi CryptoCurrency Payments multi-crypto-currency-payment allows SQL Injection.This issue affects Multi CryptoCurrency Payments: from n/a through = 2.0.7...

9.3CVSS0.00284EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/06 12:54 p.m.26 views

CVE-2025-49445 WordPress Interactive UK Regional Map plugin <= 2.0 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery CSRF vulnerability in WP Map Plugins Interactive UK Regional Map interactive-uk-regional-map allows Cross Site Request Forgery.This issue affects Interactive UK Regional Map: from n/a through = 2.0...

4.3CVSS0.00128EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:7 a.m.8 views

CVE-2023-52136

Cross-Site Request Forgery CSRF vulnerability in Smash Balloon Custom Twitter Feeds – A Tweets Widget or X Feed Widget.This issue affects Custom Twitter Feeds – A Tweets Widget or X Feed Widget: from n/a through 2.1.2...

8.8CVSS8.5AI score0.00223EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:22 a.m.9 views

CVE-2023-34179

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Groundhogg Inc. Groundhogg allows SQL Injection.This issue affects Groundhogg: from n/a through 2.7.11...

7.6CVSS7.8AI score0.00675EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:54 a.m.5 views

CVE-2023-46151

Cross-Site Request Forgery CSRF vulnerability in AWESOME TOGI Product Category Tree plugin = 2.5 versions...

8.8CVSS7.1AI score0.00271EPSS
Exploits0
Cvelist
Cvelist
added 2025/01/16 8:6 p.m.15 views

CVE-2025-23547 WordPress LH Login Page plugin <= 2.14 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in shawfactor LH Login Page lh-login-page allows Reflected XSS.This issue affects LH Login Page: from n/a through = 2.14...

7.1CVSS0.00397EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/16 12:0 a.m.4 views

PT-2025-5081 · Wpbakery · Gmaps For Wpbakery Page Builder

Name of the Vulnerable Software and Affected Versions: GMAPS for WPBakery Page Builder Free versions n/a through 1.2 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting XSS. This means that an attacker can...

6.5CVSS9.1AI score0.00354EPSS
Exploits0References3
Rows per page
Query Builder