Lucene search
K

3473 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/03 7:53 a.m.6 views

CVE-2026-11778

The The CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.2.14. This is due to the software allowing users to execute an action that does not properly validate a value...

5.4CVSS6.3AI score0.00255EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/03 7:53 a.m.7 views

EUVD-2026-41521

The The CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.2.14. This is due to the software allowing users to execute an action that does not properly validate a value...

5.4CVSS6.3AI score0.00255EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/03 7:53 a.m.36 views

CVE-2026-11778 CURCY <= 2.2.14 - Unauthenticated Arbitrary Shortcode Execution via 'exchange' Parameter

The The CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.2.14. This is due to the software allowing users to execute an action that does not properly validate a value...

5.4CVSS0.00255EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/03 4:30 a.m.7 views

EUVD-2026-41488

The Printcart Web to Print Product Designer for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 2.5.2 This is due to insufficient path validation in the storedesigndata function, which constructs a filesystem path from the user-supplied...

9.1CVSS6.5AI score0.00742EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/03 4:30 a.m.10 views

CVE-2026-9725

The Printcart Web to Print Product Designer for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 2.5.2 This is due to insufficient path validation in the storedesigndata function, which constructs a filesystem path from the user-supplied...

9.1CVSS6.5AI score0.00742EPSS
Exploits0References7
CVE
CVE
added 2026/07/03 4:30 a.m.19 views

CVE-2026-9725

The CVE-2026-9725 issue affects the Printcart Web to Print Product Designer for WooCommerce plugin for WordPress (versions

9.1CVSS6.5AI score0.00742EPSS
Exploits0References6
CVE
CVE
added 2026/07/03 4:30 a.m.21 views

CVE-2026-14352

AR for WooCommerce

7.5CVSS5.9AI score0.00473EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/03 4:30 a.m.6 views

EUVD-2026-41485

The AR for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS5.9AI score0.00473EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:16 a.m.9 views

CVE-2026-57758

Unauthenticated Cross Site Request Forgery CSRF in Permalink Manager for WooCommerce = 1.0.8.2 versions...

7.1CVSS5.8AI score0.00094EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 11:15 a.m.14 views

CVE-2026-57753

The CVE-2026-57753 entry concerns the WordPress Kit (formerly ConvertKit) for WooCommerce plugin, affected versions 2.1.5 and earlier. Description indicates an unauthenticated sensitive data exposure vulnerability in these versions. The provided documents do not specify the exact root cause, vuln...

5.3CVSS5.8AI score0.00206EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.36 views

CVE-2026-57753 WordPress Kit (formerly ConvertKit) for WooCommerce plugin <= 2.1.5 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Kit formerly ConvertKit for WooCommerce = 2.1.5 versions...

5.3CVSS0.00206EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.35 views

CVE-2026-57677 WordPress Novalnet Payment Gateway for WooCommerce plugin <= 12.10.3 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Novalnet Payment Gateway for WooCommerce = 12.10.3 versions...

9.8CVSS0.00336EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:15 a.m.20 views

CVE-2026-57677

The CVE concerns the WordPress Novalnet Payment Gateway for WooCommerce plugin, affected versions

9.8CVSS5.8AI score0.00336EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.30 views

CVE-2026-49779 WordPress Tax Exempt for WooCommerce plugin <= 1.9.3 - Path Traversal vulnerability

Customer Path Traversal in Tax Exempt for WooCommerce = 1.9.3 versions...

6.5CVSS0.00343EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:15 a.m.13 views

CVE-2026-49779

CVE-2026-49779 concerns the WordPress plugin Tax Exempt for WooCommerce (versions

6.5CVSS5.8AI score0.00343EPSS
Exploits0References1
NVD
NVD
added 2026/07/02 10:16 a.m.10 views

CVE-2026-10104

The Product Video Gallery for Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via customthumbnail Parameter in all versions up to, and including, 1.5.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS0.00263EPSS
Exploits1References8
Patchstack
Patchstack
added 2026/07/02 8:52 a.m.6 views

WordPress Kit (formerly ConvertKit) for WooCommerce plugin <= 2.1.6 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Kit formerly ConvertKit for WooCommerce versions = 2.1.6...

5.3CVSS5.9AI score0.00206EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/07/02 8:33 a.m.8 views

EUVD-2026-41269

The Product Video Gallery for Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via customthumbnail Parameter in all versions up to, and including, 1.5.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS5.9AI score0.00263EPSS
Exploits1References8
Cvelist
Cvelist
added 2026/07/02 8:33 a.m.36 views

CVE-2026-10104 Product Video Gallery for Woocommerce <= 1.5.1.8 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via custom_thumbnail Parameter

The Product Video Gallery for Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via customthumbnail Parameter in all versions up to, and including, 1.5.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS0.00263EPSS
Exploits1References8
CVE
CVE
added 2026/07/02 8:33 a.m.11 views

CVE-2026-10104

The Product Video Gallery for Woocommerce plugin (WordPress) is affected up to version 1.5.1.8 by a Stored Cross-Site Scripting flaw in the custom_thumbnail parameter, caused by insufficient input sanitization and output escaping. Exploitation requires shop manager-level access or higher (authent...

4.4CVSS5.9AI score0.00263EPSS
Exploits1References8
Rows per page
Query Builder