Lucene search
K

87364 matches found

EUVD
EUVD
added 2026/06/09 3:41 a.m.10 views

EUVD-2026-35316

The Product Filter Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via 'argsfilterFormArray' Parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS5.7AI score0.00205EPSS
Exploits0References2
CVE
CVE
added 2026/06/09 3:41 a.m.21 views

CVE-2026-11603

CVE-2026-11603 affects the WordPress plugin Product Filter Widget for Elementor , vulnerable in all versions up to 1.0.6. The root cause is reflected Cross-Site Scripting via the args[filterFormArray] parameter, due to insufficient input sanitization and output escaping. The endpoint is registere...

6.1CVSS5.7AI score0.00205EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/09 3:41 a.m.36 views

CVE-2026-8909 WpMobi <= 0.0.3 - Cross-Site Request Forgery via save_general_settings Action

The WpMobi plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.3. This is due to missing or incorrect nonce validation on the handleSaveGeneralSettings function. This makes it possible for unauthenticated attackers to modify the plugin's...

4.3CVSS0.00128EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/09 3:41 a.m.13 views

EUVD-2026-35306

The WpMobi plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.3. This is due to missing or incorrect nonce validation on the handleSaveGeneralSettings function. This makes it possible for unauthenticated attackers to modify the plugin's...

4.3CVSS5.5AI score0.00128EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/09 3:41 a.m.10 views

CVE-2026-8907 WP-Ultimate-Map <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'zoom-level' Parameter

The WP-Ultimate-Map plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. This is due to missing nonce validation on the processinit function hooked to admininit, which saves plugin settings zoom-level, focus-lat, focus-lng, selplaces, selroutes v...

6.1CVSS5.5AI score0.00119EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/09 3:41 a.m.10 views

EUVD-2026-35304

The WP-Ultimate-Map plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. This is due to missing nonce validation on the processinit function hooked to admininit, which saves plugin settings zoom-level, focus-lat, focus-lng, selplaces, selroutes v...

6.1CVSS5.5AI score0.00119EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/09 3:41 a.m.34 views

CVE-2026-8907 WP-Ultimate-Map <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'zoom-level' Parameter

The WP-Ultimate-Map plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. This is due to missing nonce validation on the processinit function hooked to admininit, which saves plugin settings zoom-level, focus-lat, focus-lng, selplaces, selroutes v...

6.1CVSS0.00119EPSS
Exploits0References4
CVE
CVE
added 2026/06/09 3:41 a.m.25 views

CVE-2026-8907

CVE-2026-8907 affects the WordPress plugin WP-Ultimate-Map (versions ≤ 1.1). The root cause is missing nonce validation on the process_init() handler (hooked to admin_init), which saves settings (zoom-level, focus-lat, focus-lng, sel_places, sel_routes) based solely on a save-setting POST paramet...

6.1CVSS5.5AI score0.00119EPSS
Exploits0References4
NVD
NVD
added 2026/06/09 3:16 a.m.17 views

CVE-2026-11621

A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulation of the argument editormd-image-file causes unrestricted upload. The attack can be initiated...

5.8CVSS0.00218EPSS
Exploits0References5
NVD
NVD
added 2026/06/09 3:16 a.m.12 views

CVE-2026-7556

The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment text in all versions up to, and including, 7.5.49.7212 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS0.00241EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/09 3:0 a.m.11 views

EUVD-2026-35296

A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulation of the argument editormd-image-file causes unrestricted upload. The attack can be initiated...

5.8CVSS5.1AI score0.00218EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/09 3:0 a.m.9 views

CVE-2026-11621 Dcat-Admin User Setting upload editorMDUpload unrestricted upload

A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulation of the argument editormd-image-file causes unrestricted upload. The attack can be initiated...

5.8CVSS5.1AI score0.00218EPSS
Exploits0References5
CVE
CVE
added 2026/06/09 3:0 a.m.42 views

CVE-2026-11621

Summary (CVE-2026-11621): A weakness in Dcat-Admin up to version 2.2.3-beta affects the editor-md/upload function at /admin/dcat-api/editor-md/upload within the User Setting Page. The manipulation of the argument editormd-image-file enables unrestricted upload. The attack can be initiated remotel...

5.8CVSS5.1AI score0.00218EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/09 3:0 a.m.28 views

CVE-2026-11621

A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulation of the argument editormd-image-file causes unrestricted upload. The attack can be initiated...

5.8CVSS5.1AI score0.00218EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/09 3:0 a.m.47 views

CVE-2026-11621 Dcat-Admin User Setting upload editorMDUpload unrestricted upload

A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulation of the argument editormd-image-file causes unrestricted upload. The attack can be initiated...

5.8CVSS0.00218EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/09 2:58 a.m.13 views

CVE-2026-11476

A security vulnerability has been detected in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected by this issue is the function edit-admin of the file controllers/AdminController.php of the component Profile Update Endpoint. The manipulation of the argument...

6.5CVSS6.1AI score0.00209EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 2:58 a.m.12 views

CVE-2026-11480

A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. Impacted is an unknown function of the file beike/Admin/Routes/admin.php of the component Admin Design Builder Endpoint. Performing a manipulation of the argument settings.value results in sql injection. I...

6.5CVSS6.2AI score0.002EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 2:28 a.m.26 views

CVE-2026-7556

The FV Flowplayer Video Player plugin for WordPress is affected by a Stored Cross-Site Scripting (XSS) vulnerability in all versions up to 7.5.49.7212. The issue arises from insufficient input sanitization and output escaping in comment text, allowing unauthenticated attackers to inject web scrip...

7.2CVSS5.7AI score0.00241EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/09 2:28 a.m.39 views

CVE-2026-7556 FV Flowplayer Video Player <= 7.5.49.7212 - Unauthenticated Stored Cross-Site Scripting via Comment Text

The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment text in all versions up to, and including, 7.5.49.7212 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS0.00241EPSS
Exploits0References6
Packet Storm News
Packet Storm News
added 2026/06/09 12:0 a.m.5 views

phpVMS 7.0.5 Security Exposure Scanner

This script is a non-destructive security scanner designed to assess phpVMS installations by performing read-only HTTP requests. It fingerprints targets using known phpVMS-related signatures and checks for the presence and accessibility of common importer and administration endpoints...

9.4CVSS5.4AI score0.01173EPSS
Exploits1
Rows per page
Query Builder