Lucene search
K

100 matches found

CVE
CVE
added 2026/06/26 2:52 p.m.10 views

CVE-2025-63078

The CVE-2025-63078 entry concerns the WordPress plugin “Restaurant Menu by MotoPress” (MotoPress) <= 2.4.11. Affected component is the plugin’s access control mechanism, with root cause described as Broken Access Control. The vulnerability is reported to affect users of the plugin in WordPress...

4.3CVSS5.8AI score0.00243EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/26 12:30 p.m.5 views

WordPress Fluent Booking plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Tarcísio LuchesiPoystick in WordPress Plugin Fluent Booking versions = 2.1.0...

6.5CVSS5.8AI score0.00161EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/25 2:16 p.m.4 views

CVE-2026-54838

Subscriber SQL Injection in WC Vendors Marketplace = 2.6.8 versions...

8.5CVSS0.0027EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.10 views

PT-2026-50105

Unauthenticated Local File Inclusion in Mr. SEO = 2.0 versions...

8.1CVSS5.2AI score0.00423EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/10 2:37 p.m.9 views

WordPress WP Migrate Lite plugin <= 2.7.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin WP Migrate Lite versions = 2.7.8...

4.7CVSS5.3AI score0.00116EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.23 views

PT-2026-47074

Name of the Vulnerable Software and Affected Versions WP User Manager – User Profile Builder & Membership versions prior to 2.9.18 Description The plugin is susceptible to Local File Inclusion, a condition where an application includes files on a local server unexpectedly. This occurs through the...

7.5CVSS6AI score0.02403EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.19 views

PT-2026-44208

The 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS5.9AI score0.00232EPSS
Exploits0References9
NVD
NVD
added 2026/05/27 7:16 a.m.23 views

CVE-2026-8873

The Content Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level acces...

6.4CVSS0.00187EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/05/07 8:36 a.m.13 views

WordPress PDF Poster plugin <= 2.4.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin PDF Poster versions = 2.4.1...

5.3CVSS5.8AI score0.00182EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/04/19 10:0 p.m.42 views

CVE-2026-6579 liangliangyy DjangoBlog Clean Endpoint views.py missing authentication

A weakness has been identified in liangliangyy DjangoBlog up to 2.1.0.0. This impacts an unknown function of the file blog/views.py of the component Clean Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made available to the...

6.9CVSS0.00433EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/15 10:21 a.m.6 views

CVE-2026-40744

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Blind SQL Injection.This issue affects Beaver Builder: from n/a through = 2.10.1.2...

5.9AI score0.0022EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/08 8:30 a.m.2 views

CVE-2026-39487

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ameliabooking Amelia ameliabooking allows Blind SQL Injection.This issue affects Amelia: from n/a through = 2.1.1...

5.9AI score0.00271EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/04/07 1:59 p.m.117 views

Exploit for CVE-2026-5465

CVE-2026-5465: Privilege Escalation en Plugin Amelia WordPress...

8.8CVSS5.9AI score0.00632EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.8 views

PT-2026-27870

Name of the Vulnerable Software and Affected Versions NooTheme Organici Library versions through 2.1.2 Description The NooTheme Organici Library contains a flaw related to improper neutralization of special elements within SQL commands, leading to a Blind SQL Injection issue. This allows for...

8.5CVSS5.9AI score0.00253EPSS
Exploits0References3
CVE
CVE
added 2026/03/20 9:25 p.m.32 views

CVE-2026-3584

CVE-2026-3584 – WordPress Kali Forms

9.8CVSS6.1AI score0.07239EPSS
In wildExploits2References3
Cvelist
Cvelist
added 2026/03/16 1:32 p.m.26 views

CVE-2026-4240 Open5GS CCA smf_s6b_sta_cb denial of service

A vulnerability was determined in Open5GS up to 2.7.6. The affected element is the function smfgxccacb/smfgyccacb/smfs6baaacb/smfs6bstacb of the component CCA Handler. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been publicly disclosed and may...

6.9CVSS0.00534EPSS
Exploits1References8
EUVD
EUVD
added 2026/03/05 6:30 a.m.6 views

EUVD-2026-9755

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup UberSlider PerpetuumMobile uberSliderperpetuummobile allows Reflected XSS.This issue affects UberSlider PerpetuumMobile: from n/a through = 2.3...

7.1CVSS5.9AI score0.0018EPSS
Exploits0References2
CVE
CVE
added 2026/03/05 5:54 a.m.13 views

CVE-2026-28099

CVE-2026-28099 refers to LambertGroup UberSlider Ultra (uberSlider_ultra) for WordPress. It is a Reflected XSS affecting UberSlider Ultra versions up to 2.3. The CVE notes improper neutralization of input during web page generation, enabling cross-site scripting. From the provided metrics, the CV...

7.1CVSS5.9AI score0.0018EPSS
Exploits0References1
CVE
CVE
added 2026/03/05 5:54 a.m.12 views

CVE-2026-28086

CVE-2026-28086 describes a Local File Inclusion in ThemeREX Run Gran (WordPress theme) versions up to and including 2.0, caused by Improper Control of Filename for Include/Require in PHP. The vulnerability allows an attacker to abuse include/require filename handling to access local files on the ...

8.1CVSS5.9AI score0.00403EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/05 5:53 a.m.6 views

CVE-2025-54001 WordPress Classter theme <= 2.5 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeREX Classter classter allows Object Injection.This issue affects Classter: from n/a through = 2.5...

5.9AI score0.0051EPSS
Exploits0References1
Rows per page
Query Builder