Lucene search
K

74 matches found

NVD
NVD
added 2026/06/24 7:16 a.m.10 views

CVE-2026-8622

The Image Sizes on Demand plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF Server Variable in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

6.1CVSS0.00168EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 8:19 p.m.7 views

EUVD-2026-36887

Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot = 1.3.7 versions...

9.8CVSS5.3AI score0.00383EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.8 views

CVE-2026-9014

The WP Promoter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetstats function in versions up to, and including, 1.3. The function is hooked to both the wpajaxwpp-resetstats and wpajaxnoprivwpp-resetstats actions and contains n...

5.3CVSS5.5AI score0.00268EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/19 12:7 p.m.12 views

WordPress Remove Yellow BGBOX plugin <= 1.0 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Remove Yellow BGBOX versions = 1.0...

4.3CVSS5.8AI score0.00158EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.15 views

PT-2026-39948

The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. The vwrsr review AJAX handler lacks both capability checks and nonce verification. The only access control is an is user logged in...

4.3CVSS5.8AI score0.00271EPSS
Exploits0References8
Patchstack
Patchstack
added 2026/05/11 7:7 p.m.16 views

WordPress Next Date plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Next Date versions = 1.0...

6.4CVSS5.8AI score0.00187EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/04/21 2:25 a.m.15 views

CVE-2026-6674

The CVE refers to the WordPress plugin “Plugin: CMS für Motorrad Werkstätten”, affected through all versions up to and including 1.0.0. The root cause is insufficient escaping of the user-supplied arthtype parameter and lack of proper SQL query preparation, resulting in SQL Injection. The impact ...

6.5CVSS5.8AI score0.00324EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/04/20 11:8 a.m.5 views

WordPress Ashtanga theme <= 1.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Ashtanga versions = 1.2...

5.8AI score0.0032EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/04/16 9:31 a.m.4 views

EUVD-2025-209493

The Career Section plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Path Traversal and Arbitrary File Deletion in all versions up to, and including, 1.6. This is due to missing nonce validation and insufficient file path validation on the delete action in the...

8.8CVSS5.7AI score0.00412EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/05 1:15 a.m.31 views

CVE-2026-5532 ScrapeGraphAI scrapegraph-ai GenerateCodeNode generate_code_node.py create_sandbox_and_execute os command injection

A vulnerability was found in ScrapeGraphAI scrapegraph-ai up to 1.74.0. The affected element is the function createsandboxandexecute of the file scrapegraphai/nodes/generatecodenode.py of the component GenerateCodeNode Component. The manipulation results in os command injection. The attack may be...

7.5CVSS0.01449EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.4 views

CVE-2026-32299

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the page content retrieval feature may allow retrieval of non-public information. Versions 1.41.1 and...

7.5CVSS5.8AI score0.00268EPSS
Exploits0References1
CVE
CVE
added 2026/03/19 8:34 a.m.11 views

CVE-2026-25438

The CVE describes a Reflected XSS in the WordPress Gutenberg Blocks “Unlimited blocks for Gutenberg” plugin, affecting versions up to and including 1.2.8. The root cause is improper neutralization of input during web page generation. The affected component is the WordPress Gutenberg Blocks integr...

7.1CVSS5.9AI score0.00149EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/05 5:53 a.m.28 views

CVE-2026-27341 WordPress TopScorer - Sports WordPress Theme theme <= 1.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes TopScorer - Sports WordPress Theme topscorer allows PHP Local File Inclusion.This issue affects TopScorer - Sports WordPress Theme: from n/a through = 1.2...

8.1CVSS0.00415EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/25 4:6 a.m.7 views

CVE-2026-25501

free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, SMF panics due to nil pointer dereference and the SMF process terminates. This is triggered by a malformed PFCP...

8.7CVSS5.3AI score0.0031EPSS
Exploits1References1
NVD
NVD
added 2026/02/20 4:22 p.m.3 views

CVE-2025-53231

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpdevstudio Easy Taxonomy Images easy-taxonomy-images allows Stored XSS.This issue affects Easy Taxonomy Images: from n/a through = 1.0.1...

7.1CVSS0.00263EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/20 3:46 p.m.27 views

CVE-2025-67970 WordPress Schedula plugin <= 1.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in vertim Schedula schedula-smart-appointment-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Schedula: from n/a through = 1.0...

5.9CVSS0.00293EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.5 views

PT-2026-21148

Name of the Vulnerable Software and Affected Versions TeconceTheme Emerce Core versions through 1.8 Description A flaw exists in TeconceTheme Emerce Core that allows for Blind SQL Injection due to improper neutralization of special elements used in SQL commands. This issue affects the emerce-core...

5.7AI score0.00372EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.9 views

PT-2026-21147

Name of the Vulnerable Software and Affected Versions TeconceTheme Uroan Core versions through 1.4.4 Description A flaw exists in TeconceTheme Uroan Core that allows for Blind SQL Injection. This is due to improper neutralization of special elements used in an SQL command. Recommendations Update...

5.6AI score0.00283EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/02/11 11:56 p.m.6 views

WordPress WP Server Log Viewer <= 1.0 - Stored Cross Site Scripting vulnerability

Stored Cross Site Scripting vulnerability discovered by strider in WordPress Plugin WP Server Log Viewer versions = 1.0...

6.4CVSS5.4AI score0.00184EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/02/11 9:15 a.m.16 views

CVE-2026-1748

The Invoct – PDF Invoices & Billing for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, with Subscriber-level access...

4.3CVSS0.00309EPSS
Exploits0References6
Rows per page
Query Builder