Lucene search
+L

636 matches found

Cvelist
Cvelist
added 2026/05/01 5:29 a.m.35 views

CVE-2024-13362 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter

Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

6.1CVSS0.00276EPSS
Exploits0References24
CVE
CVE
added 2026/05/01 5:29 a.m.20 views

CVE-2024-13362

CVE-2024-13362 concerns Freemius versions &lt;= 2.10.1 used in multiple WordPress plugins/themes. The flaw is a reflected DOM-based XSS via the url parameter , caused by insufficient input sanitization and output escaping. Consequences: unauthenticated attackers could cause a user to execute arbi...

6.1CVSS5.5AI score0.00276EPSS
Exploits0References24
EUVD
EUVD
added 2026/05/01 5:29 a.m.8 views

EUVD-2024-55564

Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

6.1CVSS5.5AI score0.00276EPSS
Exploits0References24
Wordfence Blog
Wordfence Blog
added 2026/04/23 3:44 p.m.12 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 13, 2026 to April 19, 2026)

Last week, there were 139 vulnerabilities disclosed in 118 WordPress Plugins and 10 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 85 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilitie...

6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/22 1:22 a.m.7 views

CVE-2026-6443

All plugins by Essentialplugin for WordPress are vulnerable to an injected backdoor in various versions. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in all of the plugin's they acquired. This makes it possible for the threat actor to maintain a...

9.8CVSS5.8AI score0.00495EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.12 views

WordPress plugin Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Issues...

7.2CVSS5.9AI score0.00425EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/17 6:31 a.m.12 views

EUVD-2026-23354

The JetBackup – Backup, Restore & Migrate plugin for WordPress is vulnerable to Path Traversal leading to Arbitrary Directory Deletion in versions up to and including 3.1.19.8. This is due to insufficient input validation on the fileName parameter in the file upload handler. The plugin sanitizes...

4.9CVSS5.5AI score0.00713EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/04/17 3:36 a.m.6 views

CVE-2026-4853

The JetBackup – Backup, Restore & Migrate plugin for WordPress is vulnerable to Path Traversal leading to Arbitrary Directory Deletion in versions up to and including 3.1.19.8. This is due to insufficient input validation on the fileName parameter in the file upload handler. The plugin sanitizes...

4.9CVSS5.5AI score0.00713EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.11 views

WordPress plugin Tutor LMS 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.4CVSS5.8AI score0.00177EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/04/13 12:0 a.m.5 views

WPProbe Plugin Enumeration Tool 0.11.8

A fast WordPress plugin and theme scanner that detects installed plugins via REST API enumeration and themes from HTML discovery, then maps them to known vulnerabilities. Over 5,000 plugins detectable without brute-force, thousands more with it...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/10 12:0 a.m.30 views

WPProbe Plugin Enumeration Tool 0.11.6

A fast WordPress plugin and theme scanner that detects installed plugins via REST API enumeration and themes from HTML discovery, then maps them to known vulnerabilities. Over 5,000 plugins detectable without brute-force, thousands more with it...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.8 views

WordPress plugin Masteriyo LMS – Online Course Builder for eLearning, LMS & Education 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

5.3CVSS5.8AI score0.00375EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.9 views

WordPress plugin iPOSpays Gateways WC 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.9 views

WordPress plugin Busiprof 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

9.6CVSS5.7AI score0.00143EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.9 views

WordPress plugin ShopWP 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5.3CVSS5.8AI score0.00236EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.12 views

WordPress plugin Ashe 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...

4.3CVSS5.8AI score0.00147EPSS
Exploits0References1
NVD
NVD
added 2026/04/04 8:16 a.m.7 views

CVE-2026-4896

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via multiple AJAX actions including wcfmmodifyorderstatus, deletewcfmarticle,...

8.1CVSS0.00351EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/04 12:0 a.m.9 views

WordPress plugin Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

7.1CVSS5.8AI score0.00228EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/02 5:4 a.m.14 views

CVE-2026-3831

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the entriesshortcode function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with...

4.3CVSS5.9AI score0.00229EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/04/02 12:0 a.m.34 views

WPProbe Plugin Enumeration Tool 0.11.4

A fast WordPress plugin and theme scanner that detects installed plugins via REST API enumeration and themes from HTML discovery, then maps them to known vulnerabilities. Over 5,000 plugins detectable without brute-force, thousands more with it...

5.9AI score
Exploits0
Rows per page
Query Builder