Lucene search
K

1839 matches found

NVD
NVD
added yesterday6 views

CVE-2026-57795

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in themelexus Kitchor kitchor allows PHP Local File Inclusion.This issue affects Kitchor: from n/a through = 1.4.3...

7.5CVSS0.00496EPSS
Exploits0References1
NVD
NVD
added yesterday6 views

CVE-2026-57798

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in SaurabhSharma NewsPlus Shortcodes newsplus-shortcodes allows PHP Local File Inclusion.This issue affects NewsPlus Shortcodes: from n/a through = 4.2.0...

7.5CVSS0.00496EPSS
Exploits0References1
NVD
NVD
added yesterday6 views

CVE-2026-57791

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Brook brook allows PHP Local File Inclusion.This issue affects Brook: from n/a through = 2.9.0...

7.5CVSS0.00496EPSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-57420

CVE-2026-57420 concerns a Stored XSS in the WordPress plugin Author Box WP Lens (component: author-box-for-divi). The vulnerability arises from improper neutralization of input during web page generation, enabling stored cross-site scripting. Affected range is WordPress users running versions

6.5CVSS6.1AI score0.00224EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday23 views

CVE-2026-57740 WordPress AcyMailing SMTP Newsletter plugin <= 10.11.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AcyMailing SMTP Newsletter: from n/a through = 10.11.1...

7.1CVSS0.00321EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday22 views

CVE-2026-57412 WordPress Gift Vouchers plugin <= 4.6.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Codemenschen Gift Vouchers gift-voucher allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gift Vouchers: from n/a through = 4.6.9...

6.5CVSS0.00332EPSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-57378

The CVE-2026-57378 entry describes a Missing Authorization vulnerability in the WordPress plugin Advanced Forms (Phil Kurth) affecting versions up to and including 1.9.3.7. The issue arises from incorrectly configured access control, enabling unauthorized actions without sufficient privileges. Do...

7.5CVSS6.1AI score0.00346EPSS
Exploits0References1
NVD
NVD
added 3 days ago13 views

CVE-2026-15097

The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'heightslider' Slider Module Field in all versions up to, and including, 7.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00201EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 4 days ago9 views

CVE-2026-13347

The Hide My WP Lite plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 1.3 via the hewrapperjs and hewrappercss query parameters processed by the elementorassetsfilter function. This is due to the function concatenating user-supplied input directly onto...

7.5CVSS6.1AI score0.00512EPSS
Exploits0References4
Patchstack
Patchstack
added 6 days ago9 views

WordPress Amelia plugin <= 2.4.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Amelia versions = 2.4.2...

9.3CVSS6.1AI score0.004EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/07 8:52 a.m.5 views

WordPress WPJAM Basic plugin <= 7.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by hhhai in WordPress Plugin WPJAM Basic versions = 7.0...

8.8CVSS5.9AI score0.00518EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/07/04 12:58 a.m.9 views

EUVD-2026-41656

In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute...

10CVSS7.8AI score0.00809EPSS
Exploits4References1
Cvelist
Cvelist
added 2026/07/03 8:19 p.m.47 views

CVE-2026-22874 Gitea webhook and migration allow-list filtering permits SSRF

Gitea versions up to and including 1.26.2 have incomplete SSRF protection in webhook and migration allow-list filtering...

9.6CVSS0.00464EPSS
Exploits1References5
Patchstack
Patchstack
added 2026/07/02 3:0 p.m.7 views

WordPress NewsPlus Shortcodes plugin <= 4.2.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin NewsPlus Shortcodes versions = 4.2.0...

7.5CVSS5.9AI score0.00496EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/07/02 11:16 a.m.41 views

CVE-2026-57765 WordPress WP EasyCart plugin <= 5.9.0 - SQL Injection vulnerability

Contributor SQL Injection in WP EasyCart = 5.9.0 versions...

8.5CVSS0.0022EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:16 a.m.11 views

CVE-2026-57762

Author Cross Site Scripting XSS in Simple URLs = 151 versions...

5.9CVSS5.8AI score0.00148EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 11:15 a.m.18 views

CVE-2026-57687

CVE-2026-57687 concerns a SQL Injection vulnerability in the WordPress plugin Custom Field Template (versions

8.5CVSS5.8AI score0.0022EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:14 a.m.8 views

CVE-2025-69153

Unauthenticated Cross Site Scripting XSS in Trendy Travel = 6.7 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/07/02 9:27 a.m.6 views

WordPress WP EasyCart plugin <= 5.9.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by HaiND in WordPress Plugin WP EasyCart versions = 5.9.1...

8.5CVSS6AI score0.0022EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.16 views

PT-2026-54965

Unauthenticated Cross Site Scripting XSS in Artale | Wedding Photography WordPress = 2.2.2 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References3
Rows per page
Query Builder