Lucene search
K

6 matches found

Cvelist
Cvelist
added 2026/05/22 4:29 a.m.39 views

CVE-2026-3481 WP Blockade <= 0.9.14 - Reflected Cross-Site Scripting via 'shortcode' Parameter

The WP Blockade plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcode' parameter in all versions up to and including 0.9.14. This is due to insufficient input sanitization and output escaping in the rendershortcodepreview function. The function receives user inpu...

6.1CVSS0.00249EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/22 9:31 a.m.19 views

EUVD-2026-24662

The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions up to and including 1.2.1. The plugin registers adminpost action hooks for creating tables adminpostaddtable and deleting tables adminpostdeletedbtable without implementing any capability checks via...

9.1CVSS5.8AI score0.00729EPSS
Exploits0References14
ATTACKERKB
ATTACKERKB
added 2026/04/22 7:45 a.m.4 views

CVE-2026-4119

The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions up to and including 1.2.1. The plugin registers adminpost action hooks for creating tables adminpostaddtable and deleting tables adminpostdeletedbtable without implementing any capability checks via...

9.1CVSS5.8AI score0.00729EPSS
Exploits0References14
EUVD
EUVD
added 2026/04/08 9:31 a.m.5 views

EUVD-2026-20103

The WP Blockade plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 0.9.14. The plugin registers an adminpost action hook 'wp-blockade-shortcode-render' that maps to the rendershortcodepreview function. This function lacks any capability check...

6.5CVSS6AI score0.00342EPSS
Exploits0References8
NVD
NVD
added 2021/08/30 7:15 p.m.24 views

CVE-2021-38342

The Nested Pages WordPress plugin = 3.1.15 was vulnerable to Cross-Site Request Forgery via the npBulkActions and npBulkEdit adminpost actions, which allowed attackers to trash or permanently purge arbitrary posts as well as changing their status, reassigning their ownership, and editing other...

8.1CVSS0.00492EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2021/08/25 12:0 a.m.17 views

Nested Pages < 3.1.16 - CSRF to Arbitrary Post Deletion and Modification

The plugin was vulnerable to Cross-Site Request Forgery via the npBulkActions and npBulkEdit adminpost actions, which allowed attackers to trash or permanently purge arbitrary posts as well as changing their status, reassigning their ownership, and editing other metadata...

8.1CVSS5.6AI score0.00492EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder