Lucene search
+L

563 matches found

EUVD
EUVD
added 2026/05/27 6:46 a.m.13 views

EUVD-2026-32101

The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the labbadminajax AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but doe...

6.4CVSS5.8AI score0.00223EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/27 6:46 a.m.15 views

CVE-2026-3897 Livemesh Addons for Beaver Builder <= 3.9.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Missing Authorization

The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the labbadminajax AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but doe...

6.4CVSS5.8AI score0.00223EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/27 6:46 a.m.10 views

CVE-2026-3897

The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the labbadminajax AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but doe...

6.4CVSS5.8AI score0.00223EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/27 6:46 a.m.36 views

CVE-2026-3897 Livemesh Addons for Beaver Builder <= 3.9.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Missing Authorization

The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the labbadminajax AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but doe...

6.4CVSS0.00223EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.20 views

PT-2026-43549

The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the labb admin ajax AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but...

6.4CVSS5.8AI score0.00223EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.15 views

PT-2026-43547

The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lvca admin ajax AJAX action in all versions up to, and including, 3.9.4 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce...

6.4CVSS5.8AI score0.00223EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2026/05/26 12:50 p.m.91 views

Exploit for CVE-2026-5364

CVE-2026-5364 CVE-2026-5364 is a CVSS 8.1 High Unauthenticat...

8.1CVSS5.8AI score0.0106EPSS
Exploits1
NVD
NVD
added 2026/05/23 7:16 p.m.15 views

CVE-2018-25352

WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the entryid POST parameter. Attackers can send POST requests to the admin-ajax.php endpoint...

7.1CVSS0.00214EPSS
Exploits0References3
CVE
CVE
added 2026/05/23 6:30 p.m.19 views

CVE-2018-25352

The CVE-2018-25352 entry concerns the WordPress plugin Ultimate Form Builder Lite (version 1.3.7 and earlier). The vulnerability is a SQL injection in the entry_id parameter, exploitable via POST to admin-ajax.php with the ufbl_get_entry_detail_action action. Authenticated attackers can manipulat...

7.1CVSS5.9AI score0.00214EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/23 6:30 p.m.11 views

CVE-2018-25352 WordPress Ultimate Form Builder Lite 1.3.7 SQL Injection via entry_id

WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the entryid POST parameter. Attackers can send POST requests to the admin-ajax.php endpoint...

7.1CVSS5.9AI score0.00214EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/23 6:30 p.m.20 views

CVE-2018-25352 WordPress Ultimate Form Builder Lite 1.3.7 SQL Injection via entry_id

WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the entryid POST parameter. Attackers can send POST requests to the admin-ajax.php endpoint...

7.1CVSS0.00214EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/23 6:30 p.m.14 views

EUVD-2018-21872

WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the entryid POST parameter. Attackers can send POST requests to the admin-ajax.php endpoint...

7.1CVSS5.9AI score0.00214EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/23 6:30 p.m.12 views

CVE-2018-25352

WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the entryid POST parameter. Attackers can send POST requests to the admin-ajax.php endpoint...

7.1CVSS5.9AI score0.00214EPSS
Exploits0References3
CVE
CVE
added 2026/05/23 6:30 p.m.39 views

CVE-2018-25346

WordPress Form Maker Plugin ≤ 1.12.24 contains SQL injection via admin-ajax.php (FormMakerSQLMapping, generete_csv). Authenticated attackers can send POST payloads in name/search_labels to manipulate queries, potentially extracting/modifying data or escalating privileges in the WordPress database...

7.1CVSS5.9AI score0.00197EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/23 6:30 p.m.16 views

CVE-2018-25346 WordPress Form Maker Plugin 1.12.24 SQL Injection via admin-ajax.php

WordPress Form Maker Plugin 1.12.24 and below contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through the FormMakerSQLMapping and generetecsv actions. Attackers can submit POST requests with malicious SQL payloads in t...

7.1CVSS0.00197EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/23 6:30 p.m.10 views

CVE-2018-25346 WordPress Form Maker Plugin 1.12.24 SQL Injection via admin-ajax.php

WordPress Form Maker Plugin 1.12.24 and below contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through the FormMakerSQLMapping and generetecsv actions. Attackers can submit POST requests with malicious SQL payloads in t...

7.1CVSS5.9AI score0.00197EPSS
Exploits0References2
CVE
CVE
added 2026/05/16 3:28 p.m.21 views

CVE-2021-47977

CVE-2021-47977 affects the WordPress plugin Anti-Malware Security and Bruteforce Firewall 4.20.59. It describes a directory traversal vulnerability where unauthenticated attackers can read arbitrary files by manipulating the file parameter via the duplicator_download action in admin-ajax.php, usi...

8.7CVSS5.9AI score0.00652EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/16 3:28 p.m.8 views

CVE-2021-47977 WordPress Anti-Malware Security Bruteforce Firewall <= 4.20.72 Directory Traversal

WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the file parameter. Attackers can send requests to the duplicatordownload action via admin-ajax.php wit...

8.7CVSS5.9AI score0.00652EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/16 3:26 p.m.40 views

CVE-2021-47979 WordPress Plugin Backup and Restore 1.0.3 Arbitrary File Deletion

WordPress Plugin Backup and Restore 1.0.3 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating parameters in AJAX requests. Attackers can send POST requests to admin-ajax.php with crafted filename and foldername parameters to delete...

8.8CVSS0.00397EPSS
Exploits0References4
CVE
CVE
added 2026/05/16 3:26 p.m.19 views

CVE-2021-47979

CVE-2021-47979 affects WordPress Plugin Backup and Restore 1.0.3. An arbitrary file deletion vulnerability exists in which authenticated attackers can delete arbitrary files by crafting file_name and folder_name parameters in POST requests to admin-ajax.php, enabling file system modification with...

8.8CVSS5.9AI score0.00397EPSS
Exploits0References4
Rows per page
Query Builder