Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Positive Technologies
Positive Technologiesadded 2026/02/25 12:0 a.m.7 views

PT-2026-21888

Name of the Vulnerable Software and Affected Versions Advanced Woo Labels versions prior to 2.3 Description The Advanced Woo Labels plugin for WordPress is susceptible to Remote Code Execution due to the use of call user func array with user-controlled callback and parameters in the get select...

8.8CVSS6.3AI score0.00553EPSS
Exploits0References12
RedhatCVE
RedhatCVEadded 2026/02/15 1:28 p.m.7 views

CVE-2026-1249

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Server-Side Request Forgery in versions 5.3 to 5.10 via the 'loadlyricsajaxcallback' function. This makes it possible for authenticated attackers, with author level access and above, to mak...

5CVSS5.7AI score0.00183EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/01/25 9:16 a.m.9 views

CVE-2025-15516

The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxcallbackstoreusermeta function in versions 4.1.0 to 4.6.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

4.3CVSS5.7AI score0.00161EPSS
Exploits0References1
CVE
CVEadded 2026/01/24 8:26 a.m.12 views

CVE-2025-15516

CVE-2025-15516 affects the WordPress plugin All-in-One Video Gallery (versions 4.1.0–4.6.4). A missing capability check in the ajax_callback_store_user_meta() function allows authenticated users with Subscriber+ privileges to modify arbitrary string-based user meta keys for their own account. Imp...

4.3CVSS5.7AI score0.00161EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/05/22 5:46 a.m.4 views

CVE-2014-125110

A vulnerability has been found in wp-file-upload Plugin up to 2.4.3 on WordPress and classified as problematic. Affected by this vulnerability is the function wfuajaxactioncallback of the file lib/wfuajaxactions.php. The manipulation leads to cross site scripting. The attack can be launched...

4CVSS5.9AI score0.00491EPSS
Exploits0References1
Cvelist
Cvelistadded 2024/04/09 6:59 p.m.92 views

CVE-2024-2222 Advanced Classifieds & Directory Pro <= 3.0.0 - Missing Authorization to Arbitrary Attachment Deletion

The Advanced Classifieds & Directory Pro plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajaxcallbackdeleteattachment function in all versions up to, and including, 3.0.0. This makes it possible for authenticated attackers, with subscriber...

4.3CVSS4.7AI score0.00539EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2023/09/08 2:15 p.m.3 views

CVE-2023-39676

FieldPopupNewsletter Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the callback parameter at ajax.php...

6.1CVSS5.6AI score0.01343EPSS
Exploits1References5
CNNVD
CNNVDadded 2023/04/06 12:0 a.m.5 views

WordPress Plugin Fastest Cache 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

4.3CVSS6.3AI score0.00227EPSS
Exploits0References4
Rows per page
Query Builder