Lucene search
K

9897 matches found

Nuclei
Nuclei
added 5 hours ago49 views

Advanced Text Widget < 2.0.2 - Cross-Site Scripting

A cross-site scripting XSS vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. id: CVE-2011-4618 info: name: Advanced Text Widget 2.0.2 - Cross-Site Scripting author:...

4.3CVSS6.2AI score0.10083EPSS
Exploits1References5
Nuclei
Nuclei
added 5 hours ago120 views

WordPress WP-Advanced-Search <= 3.3.9 - SQL Injection

The WordPress WP-Advanced-Search plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 3.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated...

9.8CVSS6.1AI score0.02991EPSS
Exploits4References3
Nuclei
Nuclei
added 5 hours ago17 views

WordPress Advanced Access Manager - Path Traversal

The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media parameter. This allows unauthenticated attackers to read any file on the server, including sensitive file...

9.8CVSS7AI score0.02734EPSS
Exploits1References2
Nuclei
Nuclei
added 5 hours ago35 views

WordPress Advanced Booking Calendar <1.7.1 - Cross-Site Scripting

WordPress Advanced Booking Calendar plugin before 1.7.1 contains a cross-site scripting vulnerability. It does not sanitize and escape the room parameter before outputting it back in an admin page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of th...

6.1CVSS6.5AI score0.01618EPSS
Exploits2References5
Nuclei
Nuclei
added 5 hours ago108 views

Advanced Comment System 1.0 - Local File Inclusion

ACS Advanced Comment System 1.0 is affected by local file inclusion via an advancedcomponentsystem/index.php?ACSpath=..%2f URI. id: CVE-2020-35598 info: name: Advanced Comment System 1.0 - Local File Inclusion author: daffainfo severity: high description: ACS Advanced Comment System 1.0 is affect...

7.5CVSS7AI score0.21EPSS
Exploits2References5
NVD
NVD
added yesterday4 views

CVE-2026-57378

Missing Authorization vulnerability in Phil Kurth Advanced Forms advanced-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Forms: from n/a through = 1.9.3.7...

7.5CVSS0.00346EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday17 views

CVE-2026-57773 WordPress Advanced Shipment Tracking for WooCommerce plugin <= 4.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Zorem Advanced Shipment Tracking for WooCommerce woo-advanced-shipment-tracking allows Blind SQL Injection.This issue affects Advanced Shipment Tracking for WooCommerce: from n/a through = 4.0...

7.6CVSS0.00372EPSS
Exploits0References1
CVE
CVE
added yesterday11 views

CVE-2026-57773

The CVE-2026-57773 entry covers a SQL Injection vulnerability in the WordPress plugin “WooCommerce Advanced Shipment Tracking” (woo-advanced-shipment-tracking) up to version 4.0. The issue is described as an Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) that l...

7.6CVSS6.1AI score0.00372EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday17 views

CVE-2026-57378 WordPress Advanced Forms plugin <= 1.9.3.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Phil Kurth Advanced Forms advanced-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Forms: from n/a through = 1.9.3.7...

7.5CVSS0.00346EPSS
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-57378

The CVE-2026-57378 entry describes a Missing Authorization vulnerability in the WordPress plugin Advanced Forms (Phil Kurth) affecting versions up to and including 1.9.3.7. The issue arises from incorrectly configured access control, enabling unauthorized actions without sufficient privileges. Do...

7.5CVSS6.1AI score0.00346EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43055

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Advanced Content Feedback aka adminfeedback allows Stored XSS. This issue affects Advanced Content Feedback aka adminfeedback versions: from 0.0.0 to 2.8.0...

6.1AI score0.00161EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43056

Incorrect Authorization vulnerability in Drupal Advanced Content Feedback aka adminfeedback allows Forceful Browsing. This issue affects Advanced Content Feedback aka adminfeedback versions: from 0.0.0 to 2.8.0...

6.1AI score0.00142EPSS
Exploits0References2
NVD
NVD
added 4 days ago3 views

CVE-2026-13231

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Advanced Content Feedback aka adminfeedback allows Stored XSS. This issue affects Advanced Content Feedback aka adminfeedback versions: from 0.0.0 to 2.8.0...

6.1CVSS0.00161EPSS
Exploits0References1
NVD
NVD
added 4 days ago5 views

CVE-2026-13232

Incorrect Authorization vulnerability in Drupal Advanced Content Feedback aka adminfeedback allows Forceful Browsing. This issue affects Advanced Content Feedback aka adminfeedback versions: from 0.0.0 to 2.8.0...

3.1CVSS0.00142EPSS
Exploits0References1
CVE
CVE
added 4 days ago12 views

CVE-2026-13232

This CVE concerns Drupal Advanced Content Feedback (admin_feedback). Affected: versions 0.0.0–2.8.0. Root cause: incorrect authorization, failing to sufficiently verify authorization over the targeted feedback record during comment processing. Impact: potential access bypass/IDOR, enabling forcef...

3.1CVSS6.1AI score0.00142EPSS
Exploits0References1
CVE
CVE
added 4 days ago10 views

CVE-2026-13231

Summary: CVE-2026-13231 affects Drupal Advanced Content Feedback (admin_feedback). The issue is improper neutralization of input during web page generation, causing a Stored XSS vulnerability. The vulnerable component is the admin_feedback module, with affected versions 0.0.0 through 2.8.0. The r...

6.1CVSS6.1AI score0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-13231 Advanced Content Feedback (aka admin_feedback) - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-051

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Advanced Content Feedback aka adminfeedback allows Stored XSS. This issue affects Advanced Content Feedback aka adminfeedback versions: from 0.0.0 to 2.8.0...

0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-57216 RabbitMQ: AMQP 1.0, AMQP 0-9-1, Stream Protocol loopback enforcement can lead to remote guest sessions due to listener-address loopback checks

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, AMQP 0-9-1, AMQP 1.0, and Stream Protocol authentication can allow a loopback-restricted user such as guest to connect remotely when traffic is accepted through a trusted PROXY-protocol path and the backend...

6.8CVSS0.00341EPSS
Exploits1References6
NVD
NVD
added 4 days ago8 views

CVE-2026-1667

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Arbitrary Post Creation and Stored Cross-Site Scripting in all versions up to, and including, 14.0.0 due to a leak of an API token and insufficient input sanitization and output escaping. This makes it possible for unauthenticat...

7.2CVSS0.00186EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-12428 Blocks for ACF Fields <= 1.6.2 - Missing Authorization to Authenticated (Author+) Arbitrary ACF Field Value Disclosure via 'id' Parameter

The Blocks for ACF Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getallvalues function in the /wp-json/acf-field-blocks/v1/values REST endpoint in versions up to, and including, 1.6.2. The permissioncallback only verifies the...

6.5CVSS0.00285EPSS
Exploits0References8
Rows per page
Query Builder