Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

487 matches found

ATTACKERKB
ATTACKERKBadded 2 hours ago1 views

CVE-2026-10737

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the viewfile function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and obtain download links f...

7.5CVSS5.9AI score
Exploits0References5
EUVD
EUVDadded 2 hours ago3 views

EUVD-2026-34190

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the viewfile function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and obtain download links f...

7.5CVSS5.9AI score
Exploits0References4
NVD
NVDadded 2026/05/27 8:16 a.m.7 views

CVE-2026-3895

The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lvcaadminajax AJAX action in all versions up to, and including, 3.9.4 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce b...

6.4CVSS0.0003EPSS
Exploits0References4
NVD
NVDadded 2026/05/27 8:16 a.m.6 views

CVE-2026-3896

The Livemesh SiteOrigin Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lsowadminajax AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but does not...

6.4CVSS0.0003EPSS
Exploits0References4
EUVD
EUVDadded 2026/05/27 6:46 a.m.8 views

EUVD-2026-32107

The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lvcaadminajax AJAX action in all versions up to, and including, 3.9.4 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce b...

6.4CVSS5.8AI score0.0003EPSS
Exploits0References4
EUVD
EUVDadded 2026/05/27 6:46 a.m.5 views

EUVD-2026-32102

The Livemesh SiteOrigin Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lsowadminajax AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but does not...

6.4CVSS5.8AI score0.0003EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/05/27 6:46 a.m.4 views

CVE-2026-3896

The Livemesh SiteOrigin Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lsowadminajax AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but does not...

6.4CVSS5.8AI score0.0003EPSS
Exploits0References5
EUVD
EUVDadded 2026/05/27 6:46 a.m.5 views

EUVD-2026-32101

The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the labbadminajax AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but doe...

6.4CVSS5.8AI score0.0003EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/05/27 6:46 a.m.6 views

CVE-2026-3897 Livemesh Addons for Beaver Builder <= 3.9.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Missing Authorization

The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the labbadminajax AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but doe...

6.4CVSS5.8AI score0.0003EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/05/27 6:46 a.m.3 views

CVE-2026-3897

The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the labbadminajax AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but doe...

6.4CVSS5.8AI score0.0003EPSS
Exploits0References5
CVE
CVEadded 2026/05/27 6:46 a.m.9 views

CVE-2026-3897

The CVE-2026-3897 entry describes a Stored XSS in the Livemesh Addons for Beaver Builder WordPress plugin, via the labb_admin_ajax action. Affected versions are all up to 3.9.2. Root cause is missing authorization checks despite nonce verification, enabling authenticated Subscriber+ users to modi...

6.4CVSS5.8AI score0.0003EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/05/27 6:46 a.m.22 views

CVE-2026-3897 Livemesh Addons for Beaver Builder <= 3.9.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Missing Authorization

The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the labbadminajax AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but doe...

6.4CVSS0.0003EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/05/27 12:0 a.m.3 views

PT-2026-43549

The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the labb admin ajax AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but...

6.4CVSS5.8AI score0.0003EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/05/27 12:0 a.m.7 views

PT-2026-43547

The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lvca admin ajax AJAX action in all versions up to, and including, 3.9.4 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce...

6.4CVSS5.8AI score0.0003EPSS
Exploits0References5
GithubExploit
GithubExploitadded 2026/05/26 12:50 p.m.41 views

Exploit for CVE-2026-5364

CVE-2026-5364 CVE-2026-5364 is a CVSS 8.1 High Unauthenticat...

8.1CVSS5.8AI score0.0016EPSS
Exploits1
NVD
NVDadded 2026/05/23 7:16 p.m.7 views

CVE-2018-25352

WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the entryid POST parameter. Attackers can send POST requests to the admin-ajax.php endpoint...

7.1CVSS0.00027EPSS
Exploits0References3
CVE
CVEadded 2026/05/23 6:30 p.m.10 views

CVE-2018-25352

The CVE-2018-25352 entry concerns the WordPress plugin Ultimate Form Builder Lite (version 1.3.7 and earlier). The vulnerability is a SQL injection in the entry_id parameter, exploitable via POST to admin-ajax.php with the ufbl_get_entry_detail_action action. Authenticated attackers can manipulat...

7.1CVSS5.9AI score0.00027EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/05/23 6:30 p.m.3 views

CVE-2018-25352 WordPress Ultimate Form Builder Lite 1.3.7 SQL Injection via entry_id

WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the entryid POST parameter. Attackers can send POST requests to the admin-ajax.php endpoint...

7.1CVSS5.9AI score0.00027EPSS
Exploits0References3
EUVD
EUVDadded 2026/05/23 6:30 p.m.7 views

EUVD-2018-21872

WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the entryid POST parameter. Attackers can send POST requests to the admin-ajax.php endpoint...

7.1CVSS5.9AI score0.00027EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/05/23 6:30 p.m.9 views

CVE-2018-25352 WordPress Ultimate Form Builder Lite 1.3.7 SQL Injection via entry_id

WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the entryid POST parameter. Attackers can send POST requests to the admin-ajax.php endpoint...

7.1CVSS0.00027EPSS
Exploits0References3
Rows per page
Query Builder