Lucene search
K

1763 matches found

NVD
NVD
added yesterday6 views

CVE-2026-12133

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Group Deletion in versions up to, and including, 5.7.8. This is due to a missing capability check in the joomsportseasongroupdel AJAX handler, which only...

4.3CVSS0.0025EPSS
Exploits0References10
NVD
NVD
added 3 days ago8 views

CVE-2026-57328

Subscriber Cross Site Scripting XSS in Business Directory = 6.4.22 versions...

6.5CVSS0.00211EPSS
Exploits0References1
Patchstack
Patchstack
added 3 days ago5 views

WordPress Ads by WPQuads plugin <= 3.0.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Ads by WPQuads versions = 3.0.3...

6.5CVSS5.8AI score0.00229EPSS
Exploits0Affected Software1
NVD
NVD
added 5 days ago12 views

CVE-2026-11987

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.4 via the 'id' parameter due to missing validation on a user controlled key. This...

4.3CVSS0.00271EPSS
Exploits0References14
NVD
NVD
added 6 days ago8 views

CVE-2026-57631

Administrator SQL Injection in Popup box = 6.0.1 versions...

7.6CVSS0.00279EPSS
Exploits0References1
NVD
NVD
added 6 days ago5 views

CVE-2026-52701

Unauthenticated Broken Access Control in User Registration = 5.2.2 versions...

6.5CVSS0.00194EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-39763

Contributor Broken Access Control in Nelio Content = 4.3.4 versions...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-39757

Contributor SQL Injection in Gallery = 4.7.8 versions...

8.5CVSS5.8AI score0.00211EPSS
Exploits0References1
CVE
CVE
added 6 days ago10 views

CVE-2026-57618

CVE-2026-57618 describes a Cross Site Scripting (XSS) vulnerability in the WordPress plugin/theme set for Neve PRO, affecting versions ≤ 3.1.2. The initial data specifies Neve PRO

6.5CVSS5.8AI score0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-56057 WordPress Uncanny Automator Pro plugin <= 7.3.0.6 - PHP Object Injection vulnerability

Subscriber PHP Object Injection in Uncanny Automator Pro = 7.3.0.6 versions...

9.8CVSS0.00426EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago4 views

EUVD-2026-39705

Unauthenticated Cross Site Scripting XSS in Blog2Social = 8.9.2 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-56039 WordPress Quick Interest Slider plugin <= 3.1.6 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Quick Interest Slider = 3.1.6 versions...

7.1CVSS0.0018EPSS
Exploits0References1
CVE
CVE
added 6 days ago8 views

CVE-2026-56030

CVE-2026-56030 affects WordPress Paytium plugin (versions

9.8CVSS5.8AI score0.00331EPSS
Exploits0References1
CVE
CVE
added 6 days ago9 views

CVE-2025-63078

The CVE-2025-63078 entry concerns the WordPress plugin “Restaurant Menu by MotoPress” (MotoPress) &lt;= 2.4.11. Affected component is the plugin’s access control mechanism, with root cause described as Broken Access Control. The vulnerability is reported to affect users of the plugin in WordPress...

4.3CVSS5.8AI score0.00243EPSS
Exploits0References1
Patchstack
Patchstack
added 6 days ago5 views

WordPress Fluent Booking plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Tarcísio LuchesiPoystick in WordPress Plugin Fluent Booking versions = 2.1.0...

6.5CVSS5.8AI score0.00161EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 6 days ago11 views

PT-2026-52832

Name of the Vulnerable Software and Affected Versions Contest Gallery versions prior to 30.0.1 Description A SQL Injection issue exists that allows attackers with contributor-level permissions to execute unauthorized database queries remotely. Recommendations Update to a version newer than 30.0.0...

8.5CVSS5.9AI score0.00211EPSS
Exploits0References3
NVD
NVD
added last week4 views

CVE-2026-54838

Subscriber SQL Injection in WC Vendors Marketplace = 2.6.8 versions...

8.5CVSS0.0027EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.13 views

PT-2026-52431

Name of the Vulnerable Software and Affected Versions Post Snippets versions prior to 4.0.20 Description Remote attackers with contributor-level permissions can execute arbitrary code on the server. Recommendations Update Post Snippets to version 4.0.20 or later...

8.5CVSS6.2AI score0.00351EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/06/24 2:55 p.m.7 views

WordPress Gutenverse Form plugin <= 2.4.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by hivesec in WordPress Plugin Gutenverse Form versions = 2.4.7...

7.1CVSS5.8AI score0.0018EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/24 7:16 a.m.10 views

CVE-2026-8622

The Image Sizes on Demand plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF Server Variable in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

6.1CVSS0.00168EPSS
Exploits0References2
Rows per page
Query Builder