Lucene search
K

84136 matches found

CVE
CVE
added 2 hours ago4 views

CVE-2026-8848

Technical details are not publicly available in the provided documents. Monitor for updates.

7.2CVSS6.2AI score
Exploits0References12
CVE
CVE
added 2 hours ago6 views

CVE-2026-14245

The CVE-2026-14245 entry concerns the miniOrange OTP Login, Verification and SMS Notifications plugin for WordPress (versions up to and including 5.5.1). The root cause is that um_reset_password_process_hook() performs no server-side verification of OTP completion and relies on a public form_nonc...

9.8CVSS6AI score
Exploits0References10
CVE
CVE
added 2 hours ago4 views

CVE-2026-12418

CVE-2026-12418 describes a vulnerability in the WordPress plugin “User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration” (versions up to 4.3.7). An insecure direct object reference exists via the wpuf_files_data parameter due to missing validation on ...

5.3CVSS6AI score
Exploits0References8
CVE
CVE
added 2 hours ago4 views

CVE-2026-12406

The CVE concerns the WordPress plugin “User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration” (WPUF). All versions up to 4.3.7 are affected by an authorization bypass that allows unauthenticated attackers to delete arbitrary media attachments with pos...

5.3CVSS5.9AI score
Exploits0References10
CVE
CVE
added 3 hours ago3 views

CVE-2026-6910

Overview : CVE-2026-6910 affects the Bookero.pl online booking plugin for WordPress. Issue : Stored Cross-Site Scripting via the bookero_products shortcode attributes hide_products and filter_products in versions up to 2.2. The root cause is insufficient input sanitization and output escaping in ...

6.4CVSS6.1AI score
Exploits0References6
CVE
CVE
added 3 hours ago6 views

CVE-2026-8996

The CVE-2026-8996 entry describes a Sensitive Information Exposure in the WordPress plugin “Backup and Staging by WP Time Capsule” up to version 1.22.26. The flaw is exposed via download_recent_decrypted_file_wptc, enabling authenticated users with subscriber-level access (or higher) to obtain th...

6.5CVSS5.8AI score
Exploits0References8
CVE
CVE
added 3 hours ago3 views

CVE-2026-13080

The CVE concerns the WordPress plugin WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell . It is vulnerable to Local File Inclusion (LFI) in all versions up to and including 3.12.7 via the logKey parameter. The issue can be exploited by an attacker with at least administr...

6.6CVSS6.5AI score
Exploits0References10
CVE
CVE
added 3 hours ago3 views

CVE-2026-7558

CVE-2026-7558 affects the WordPress plugin Age Verification & Identity Verification by Token of Trust (

5.3CVSS5.8AI score
Exploits0References8
CVE
CVE
added 3 hours ago5 views

CVE-2026-15000

The CVE-2026-15000 entry concerns the Connect Contact Form 7 and Mailchimp plugin for WordPress, showing a Stored Cross-Site Scripting vulnerability via Mailchimp Merge Field Values in all versions up to 0.9.78.06. The issue arises from insufficient input sanitization and output escaping, enablin...

7.2CVSS6.2AI score
Exploits0References10
CVE
CVE
added 3 hours ago3 views

CVE-2026-12170

The CVE concerns the AcyMailing WordPress plugin (all versions up to 10.10.2) vulnerability to Stored Cross-Site Scripting via the alignment attribute, caused by insufficient input sanitization and output escaping. Exploitation requires authenticated access at contributor level or higher, enablin...

6.4CVSS6.1AI score
Exploits0References6
CVE
CVE
added 3 hours ago3 views

CVE-2026-13253

Affected software. Ultimate Post plugin for WordPress (up to version 5.0.31). Vulnerability. Stored Cross-Site Scripting via the 'moreResultsText' attribute of the ultimate-post/advanced-search block. Root cause. Advanced_Search::content() concatenates the attribute value into an HTML attribute a...

6.4CVSS6AI score
Exploits0References8
CVE
CVE
added 4 hours ago3 views

CVE-2026-12516

The vulnerability CVE-2026-12516 affects the WordPress plugin Fediverse Embeds (pre-1.5.8). The defect is in a server-side media-proxying endpoint that does not validate the destination of outbound requests, allowing unauthenticated users to trigger the site to fetch arbitrary URLs, including int...

5.9AI score
Exploits0References1
CVE
CVE
added 4 hours ago6 views

CVE-2026-11869

CVE-2026-11869 affects the WP DSGVO Tools (GDPR) WordPress plugin, prior to version 3.1.40. The root cause is a missing authorization check on the immediate-processing path of the data subject access request feature, enabling unauthenticated attackers to generate and download the full personal-da...

6AI score
Exploits0References1
CVE
CVE
added 4 hours ago6 views

CVE-2026-11875

Summary of CVE-2026-11875 : The WP Support Plus Responsive Ticket System WordPress plugin (

6AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 hours ago3 views

CVE-2026-5523

The Divi Form Builder plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 5.1.8. This is due to the updateuser function accepting a user ID parameter from form submissions without verifying that the authenticated user has permission to edit that specific...

8.8CVSS5.9AI score
Exploits0References3
CVE
CVE
added 5 hours ago11 views

CVE-2026-5523

The CVE describes a privilege-escalation flaw in the Divi Form Builder plugin for WordPress (versions up to and including 5.1.8). The root cause is missing authorization checks: update_user() accepts a user ID from form submissions without validating the editor’s permission for that target user, ...

8.8CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added 5 hours ago5 views

EUVD-2026-42506

The Divi Form Builder plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 5.1.8. This is due to the updateuser function accepting a user ID parameter from form submissions without verifying that the authenticated user has permission to edit that specific...

8.8CVSS5.9AI score
Exploits0References2
NVD
NVD
added yesterday8 views

CVE-2026-58480

Blocksy Companion Pro plugin for WordPress before 2.1.47 contains an unauthenticated arbitrary file upload vulnerability that allows attackers to upload executable files by bypassing extension validation in the saveattachments function exposed through the Advanced Reviews feature. Attackers can...

9.8CVSS
Exploits0References4
NVD
NVD
added yesterday5 views

CVE-2026-6740

The Nexter Blocks – Gutenberg Blocks, Page Builder & AI Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'commentIcon' parameter in all versions up to, and including, 4.7.4 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS
Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-5356

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 5.4.0. This is due to the plugin's Stripe Connect payment processor accepting a client-supplied PaymentIntent ID. This makes it...

7.5CVSS
Exploits0References2
Rows per page
Query Builder