Lucene search
K

1840 matches found

Nuclei
Nuclei
added 8 hours ago8 views

Tube Video Ads Lite - Reflected XSS

Tube Video Ads Lite WordPress plugin = 1.5.7 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute arbitrary scripts in the context of high privilege users, exploit requires attacker to craf...

7.1CVSS7.2AI score0.00551EPSS
Exploits1References2
Nuclei
Nuclei
added 8 hours ago98 views

Google for WooCommerce <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File

The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible printphpinformation.php file. This makes it possible for unauthenticated attackers to retrieve information about Webserver and PH...

5.3CVSS7AI score0.00879EPSS
Exploits0References2
Nuclei
Nuclei
added 8 hours ago66 views

Ads Pro Plugin <= 4.88 - Unauthenticated SQL Injection

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the 'aid' parameter in all versions up to, and including, 4.88 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

7.5CVSS7AI score0.01566EPSS
Exploits0References3
Nuclei
Nuclei
added 8 hours ago30 views

Ads Pro Plugin <= 4.89 - Local File Inclusion

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.89 via the 'bsatemplate' parameter of the bsapreviewcallback function. This makes it possible for unauthenticated attackers to includ...

9.8CVSS6.5AI score0.28162EPSS
Exploits1References2
Nuclei
Nuclei
added 8 hours ago11 views

Motors Car Dealer & Classified Ads <= 1.4.0 - Unauthenticated settings import/export

includes/options.php in the motors-car-dealership-classified-listings aka Motors - Car Dealer & Classified Ads plugin through 1.4.0 for WordPress allows unauthenticated options changes. id: CVE-2019-17228 info: name: Motors Car Dealer & Classified Ads = 1.4.0 - Unauthenticated settings...

6.5CVSS6.6AI score0.01153EPSS
Exploits1References4
NVD
NVD
added 2026/07/02 3:17 p.m.10 views

CVE-2026-9272

In Progress Flowmon ADS versions prior to 12.5.6 and 13.0.5, a vulnerability exists whereby an adversary who is authenticated as a low-privileged user in the Anomaly Detection System ADS may send specially crafted requests that could result in unauthorized access to application data and its...

8.7CVSS0.00247EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 2:2 p.m.18 views

CVE-2026-9272

CVE-2026-9272 affects Progress Flowmon ADS prior to 12.5.6 and 13.0.5. An adversary authenticated as a low-privileged ADS user can send specially crafted requests that lead to unauthorized access to and modification of application data. The CVE’s metrics indicate HIGH impact on confidentiality, i...

8.7CVSS5.8AI score0.00247EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/07/02 2:2 p.m.38 views

CVE-2026-9272 Possibility of unintended database operations when querying data related to detected anomalies in Progress Flowmon ADS

In Progress Flowmon ADS versions prior to 12.5.6 and 13.0.5, a vulnerability exists whereby an adversary who is authenticated as a low-privileged user in the Anomaly Detection System ADS may send specially crafted requests that could result in unauthorized access to application data and its...

8.7CVSS0.00247EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:2 p.m.8 views

CVE-2026-9272

In Progress Flowmon ADS versions prior to 12.5.6 and 13.0.5, a vulnerability exists whereby an adversary who is authenticated as a low-privileged user in the Anomaly Detection System ADS may send specially crafted requests that could result in unauthorized access to application data and its...

8.7CVSS5.8AI score0.00247EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/29 3:16 p.m.12 views

CVE-2026-57335

Subscriber Broken Access Control in Ads by WPQuads = 3.0.3 versions...

6.5CVSS0.00229EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/29 1:36 p.m.33 views

CVE-2026-57335 WordPress Ads by WPQuads plugin <= 3.0.3 - Broken Access Control vulnerability

Subscriber Broken Access Control in Ads by WPQuads = 3.0.3 versions...

6.5CVSS0.00229EPSS
Exploits0References1
CVE
CVE
added 2026/06/29 1:36 p.m.17 views

CVE-2026-57335

CVE-2026-57335 concerns the WordPress plugin WPQuads Ads (WPQuads)

6.5CVSS5.8AI score0.00229EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/29 1:36 p.m.11 views

EUVD-2026-40106

Subscriber Broken Access Control in Ads by WPQuads = 3.0.3 versions...

6.5CVSS5.8AI score0.00229EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/29 9:43 a.m.6 views

WordPress Ads by WPQuads plugin <= 3.0.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Ads by WPQuads versions = 3.0.3...

6.5CVSS5.8AI score0.00229EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.11 views

PT-2026-53296

Name of the Vulnerable Software and Affected Versions Ads by WPQuads versions prior to 3.0.4 Description Broken access control allows users with the Subscriber role to perform unauthorized actions. Recommendations Update Ads by WPQuads to version 3.0.4 or later...

6.5CVSS5.9AI score0.00229EPSS
Exploits0References4
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2026-54824

Unauthenticated Sensitive Data Exposure in Ads by WPQuads = 3.0.3 versions...

7.5CVSS0.00294EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.34 views

CVE-2026-54824 WordPress Ads by WPQuads plugin <= 3.0.3 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Ads by WPQuads = 3.0.3 versions...

7.5CVSS0.00294EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.18 views

CVE-2026-54824

Unauthenticated sensitive data exposure affecting the WordPress Ads by WPQuads plugin ≤ 3.0.3. Affected component: the WPQuads Ads plugin for WordPress. Root cause: unspecified in the provided documents; the vulnerability is described as unauthenticated exposure. Impact: sensitive data exposure w...

7.5CVSS5.8AI score0.00294EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/06/22 1:20 p.m.60 views

New OXLOADER Loader Uses Malicious Google Ads to Deliver CastleStealer

Cybersecurity researchers have disclosed details of a new campaign that delivers CastleStealer by means of a previously unreported malware loader dubbed OXLOADER. According to Elastic Security Labs, the campaign leverages malicious Google Ads as a starting point to distribute the malware. Evidenc...

5.9AI score
Exploits0
EUVD
EUVD
added 2026/06/17 6:35 p.m.11 views

EUVD-2025-210250

Unauthenticated SQL Injection in Advanced Ads – Tracking 3.0.7 versions...

9.3CVSS5.7AI score0.00383EPSS
Exploits0References2
Rows per page
Query Builder