Lucene search
K

256 matches found

Cvelist
Cvelist
added yesterday10 views

CVE-2026-61983 WordPress Church Admin plugin <= 5.0.30 - Broken Access Control vulnerability

Missing Authorization vulnerability in andymoyle Church Admin church-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through = 5.0.30...

5.3CVSS0.00294EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-61454 Grav before 2.0.4 Information Disclosure via __GRAV_CONFIG__

The Grav Admin2 plugin getgrav/grav-plugin-admin2 before 2.0.4 embeds a global JavaScript variable window.GRAVCONFIG in the Admin2 SPA bootstrap page at /grav/admin and its subroutes. This object is returned in every unauthenticated response and discloses the server URL, API prefix, admin base...

8.7CVSS0.00239EPSS
Exploits0References2
CVE
CVE
added 4 days ago8 views

CVE-2026-59190

Grav plugin: grav-plugin-admin is affected. In versions ≤1.10.52, an authenticated user with admin.users permission can escalate privileges by altering another user’s password via POST to /admin/user/{username}?task=save with data[password]. The vulnerability stems from saveUser validating the ca...

8.7CVSS6.1AI score0.00215EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago29 views

CVE-2026-59190 Grav Admin Plugin — IDOR Privilege Escalation via saveUser()

grav-plugin-admin is an HTML user interface that provides a way to configure Grav and create and modify pages. In 1.10.52 and earlier, an authenticated attacker with admin.users permission can change the password of any user account, including the super administrator, by sending a direct POST...

8.7CVSS0.00215EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/26 1:24 p.m.9 views

WordPress Paid Memberships Pro - Add Member From Admin plugin <= 0.7.2 - Cross Site Request Forgery (CSRF) vulnerability

WordPress Paid Memberships Pro - Add Member From Admin plugin = 0.7.2 - Cross Site Request Forgery CSRF vulnerability discovered by Roll in WordPress Plugin Paid Memberships Pro - Add Member From Admin versions = 0.7.2...

8.8CVSS5.8AI score0.0013EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/06/25 9:41 p.m.11 views

CVE-2020-37256

Grav before 1.6.30 has a cross-site scripting vulnerability in the Admin plugin page editor default security configuration. Privileged users with page editing capabilities can inject malicious scripts to execute arbitrary code and install malicious plugins for system access. Affected product is G...

5.4CVSS6.1AI score0.00167EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.12 views

CVE-2026-44737

grav-plugin-admin is the admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.10.49.5, the application fails to properly validate and sanitize user input in the dataheadertitle parameter. As a result,...

6.2CVSS5.4AI score0.00256EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 7:46 a.m.12 views

EUVD-2026-33259

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to generic SQL Injection via the 'order' parameter in all versions up to, and including, 3.28.28 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

4.9CVSS6AI score0.00288EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

WordPress plugin Frontend Admin by DynamiApps 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

8.8CVSS5.8AI score0.00402EPSS
Exploits0References14
Exploit DB
Exploit DB
added 2026/05/26 12:0 a.m.95 views

Grav CMS 2.0.0-beta.2 - Remote Code Execution

Exploit Title: Grav CMS 'onPluginsInitialized', 0; public function onPluginsInitialized: void $shellpath = GRAVROOT . '/shell.php'; if !fileexists$shellpath fileputcontents$shellpath, '';...

9.1CVSS5.8AI score0.03934EPSS
Exploits4
Patchstack
Patchstack
added 2026/05/15 10:31 a.m.13 views

WordPress Frontend Admin by DynamiApps plugin <= 3.28.36 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Colin Xu in WordPress Plugin Frontend Admin by DynamiApps versions = 3.28.36...

8.8CVSS5.8AI score0.00325EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/11 5:16 p.m.15 views

CVE-2026-44737

grav-plugin-admin is the admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.10.49.5, the application fails to properly validate and sanitize user input in the dataheadertitle parameter. As a result,...

6.2CVSS0.00256EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/26 1:15 p.m.8 views

EUVD-2026-25720

A vulnerability has been found in GreenCMS up to 2.3. This impacts the function pluginAddLocal of the file /index.php?m=admin&c=custom&a=pluginadd. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Th...

6.5CVSS5.2AI score0.00201EPSS
Exploits0References4
CVE
CVE
added 2026/04/26 12:30 a.m.13 views

CVE-2026-7011

MaxSite CMS

4.8CVSS3.3AI score0.00269EPSS
Exploits0References7
Packet Storm News
Packet Storm News
added 2026/04/23 12:0 a.m.18 views

Grav CMS Authenticated Scanner

This Python script is a safe, read-only scanner designed to detect whether a target running Grav CMS with its Admin plugin may be vulnerable to CVE-2025-50286, based purely on version analysis...

8.1CVSS5.7AI score0.09319EPSS
Exploits7
RedhatCVE
RedhatCVE
added 2026/04/06 10:57 a.m.5 views

CVE-2026-34787

Emlog is an open source website building system. In versions 2.6.2 and prior, a Local File Inclusion LFI vulnerability exists in admin/plugin.php at line 80. The $plugin parameter from the GET request is directly used in a requireonce path without proper sanitization. If the CSRF token check can ...

6.5CVSS6.1AI score0.00511EPSS
Exploits1References1
NVD
NVD
added 2026/04/03 11:17 p.m.3 views

CVE-2026-34787

Emlog is an open source website building system. In versions 2.6.2 and prior, a Local File Inclusion LFI vulnerability exists in admin/plugin.php at line 80. The $plugin parameter from the GET request is directly used in a requireonce path without proper sanitization. If the CSRF token check can ...

6.5CVSS0.00511EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/03 10:36 p.m.11 views

EUVD-2026-18905

Emlog is an open source website building system. In versions 2.6.2 and prior, a Local File Inclusion LFI vulnerability exists in admin/plugin.php at line 80. The $plugin parameter from the GET request is directly used in a requireonce path without proper sanitization. If the CSRF token check can ...

6.5CVSS6.1AI score0.00511EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/03 10:36 p.m.2 views

CVE-2026-34787 Emlog: Local File Inclusion in plugin.php via unsanitized plugin parameter

Emlog is an open source website building system. In versions 2.6.2 and prior, a Local File Inclusion LFI vulnerability exists in admin/plugin.php at line 80. The $plugin parameter from the GET request is directly used in a requireonce path without proper sanitization. If the CSRF token check can ...

6.5CVSS6.1AI score0.00511EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.10 views

emlog 安全漏洞

Emlog is an open-source CMS website building system based on PHP and MySQL. Emlog versions 2.6.2 and earlier have security vulnerabilities. These vulnerabilities stem from the $plugin parameter in the admin/plugin.php file being used directly in the requireonce path without proper cleaning, which...

6.5CVSS5.8AI score0.00511EPSS
Exploits1References1
Rows per page
Query Builder