Lucene search
+L

5682 matches found

CVE
CVE
added 2026/06/08 1:55 a.m.26 views

CVE-2022-50953

The CVE concerns the WordPress plugin admin-word-count-column version 2.2 . A vulnerability allows unauthenticated local file read via crafted requests to download-csv.php, exploiting a null byte injection in the path parameter to bypass restrictions and read arbitrary files (e.g., system configu...

6.9CVSS5.6AI score0.00342EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.18 views

PT-2026-47710

CVE-2024-56123 - Microsoft Word XML External Entity Injection CVE ID :CVE-2024-56123 Published : June 8, 2026, 10:16 a.m. | 44 minutes ago Description :Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Severity: 0.0 | NA Visit the link for more details,...

5.3AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.29 views

PT-2026-47231

WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path parameter. Attackers can send GET requests to download-csv.php with a crafted path parameter containing...

6.9CVSS5.6AI score0.00342EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.10 views

CVE-2026-3620

The Word Replacer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'replacement' parameter in all versions up to, and including, 0.4. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.7AI score0.00246EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.12 views

CVE-2026-6395

The Word 2 Cash plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Stored Cross-Site Scripting in versions up to and including 0.9.2. This is due to the complete absence of nonce verification on the settings save handler in the w2cadmin function, combined with missing inp...

6.1CVSS5.7AI score0.00153EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.12 views

CVE-2026-28732

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 Fail to enforce slash command trigger-word uniqueness during command updates which allows an authenticated team member with Manage Own Slash Commands permission to hijack and impersonate existing system or custom slash...

4.3CVSS5.5AI score0.00152EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 5:45 a.m.7 views

BIT-GOLANG-2026-42504 Quadratic complexity in WordDecoder.DecodeHeader in mime

Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU...

7.5CVSS5.4AI score0.0056EPSS
Exploits0References5
OSV
OSV
added 2026/06/04 9:4 p.m.6 views

ROOT-APP-NPM-CVE-2023-26115 CVE-2023-26115 in @rootio/word-wrap - Patched by Root

Root has patched CVE-2023-26115 in the @rootio/word-wrap package for Root:npm. Multiple fixed versions available...

5.3CVSS6.7AI score0.01709EPSS
Exploits1
CVE
CVE
added 2026/06/02 10:1 p.m.133 views

CVE-2026-42504

CVE-2026-42504 affects the WordDecoder.DecodeHeader function in the mime package, where decoding a malicious MIME header with many invalid encoded-words leads to quadratic time complexity and potential high CPU usage. Public descriptions identify the root cause as quadratic complexity in that dec...

7.5CVSS5.8AI score0.0056EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/02 10:1 p.m.11 views

CVE-2026-42504 Quadratic complexity in WordDecoder.DecodeHeader in mime

Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU...

5.8AI score0.0056EPSS
Exploits0References4
OSV
OSV
added 2026/06/02 9:39 p.m.25 views

GO-2026-5038 Quadratic complexity in WordDecoder.DecodeHeader in mime

Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU...

7.5CVSS5.8AI score0.0056EPSS
Exploits0References3
NVD
NVD
added 2026/06/02 9:16 a.m.18 views

CVE-2026-3620

The Word Replacer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'replacement' parameter in all versions up to, and including, 0.4. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.00246EPSS
Exploits0References9
CVE
CVE
added 2026/06/02 7:48 a.m.25 views

CVE-2026-3620

CVE-2026-3620 – Word Replacer (WordPress) is vulnerable to Stored Cross-Site Scripting via the replacement parameter in all versions up to 0.4. The root cause is insufficient input sanitization and output escaping, allowing authenticated attackers with Administrator-level access and above to inje...

4.4CVSS6AI score0.00246EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/02 7:48 a.m.13 views

EUVD-2026-33895

The Word Replacer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'replacement' parameter in all versions up to, and including, 0.4. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS6AI score0.00246EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/06/02 7:48 a.m.8 views

CVE-2026-3620

The Word Replacer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'replacement' parameter in all versions up to, and including, 0.4. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS6AI score0.00246EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/06/02 7:48 a.m.47 views

CVE-2026-3620 Word Replacer <= 0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Replacement' Parameter

The Word Replacer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'replacement' parameter in all versions up to, and including, 0.4. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.00246EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/06/02 7:48 a.m.11 views

CVE-2026-3620 Word Replacer <= 0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Replacement' Parameter

The Word Replacer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'replacement' parameter in all versions up to, and including, 0.4. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS6AI score0.00246EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/02 6:0 a.m.47 views

CVE-2026-8293 Really Simple Security < 9.5.10.1 - Authentication Bypass via Two-Factor OTP Skip

The Really Simple Security WordPress plugin before 9.5.10.1 does not enforce the second-factor challenge in two of its two-factor authentication REST endpoints, allowing an attacker who knows a user's password to obtain a WordPress authentication session for that user without completing the email...

0.00236EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.9 views

WordPress plugin Word Replacer 输入验证错误漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.4CVSS5.1AI score0.00246EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.15 views

PT-2026-45705

Name of the Vulnerable Software and Affected Versions Word Replacer versions prior to 0.5 Description Insufficient input sanitization and output escaping allow authenticated attackers with Administrator-level access and above to perform Stored Cross-Site Scripting. This occurs via the replacement...

4.4CVSS5.7AI score0.00246EPSS
Exploits0References13
Rows per page
Query Builder