Lucene search
K

8 matches found

NVD
NVD
added 2026/07/01 5:16 a.m.7 views

CVE-2026-13731

The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'conversation' parameter in all versions up to, and including, 8.4.9 due to insufficient input sanitization and output escaping. This makes it possible f...

7.2CVSS0.00524EPSS
Exploits0References7
GithubExploit
GithubExploit
added 2026/06/02 2:51 a.m.101 views

Exploit for CVE-2026-8732

WP Maps Pro Unauthenticated Stored Cross-Site Scripting CVE-2...

9.8CVSS5.9AI score0.09461EPSS
Exploits7
EUVD
EUVD
added 2026/05/22 7:50 a.m.15 views

EUVD-2026-31414

The Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it...

4.3CVSS5.8AI score0.00225EPSS
Exploits0References8
NVD
NVD
added 2026/04/08 2:16 a.m.4 views

CVE-2026-3499

The Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 13.4.6 through 13.5.2.1. This is due to missing or incorrect nonce validation on the ajaxmigratetocustomposttype,...

8.8CVSS0.00165EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/11/03 5:15 p.m.2 views

CVE-2022-3776

The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on several functions called via AJAX actions such as formsaction, setoption...

8.8CVSS7.2AI score0.00482EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2020/04/23 12:0 a.m.9 views

PT-2020-13029 · WordPress · Mappress-Google-Maps-For-Wordpress

Name of the Vulnerable Software and Affected Versions: mappress-google-maps-for-wordpress plugin versions prior to 2.53.9 Description: The issue arises from the incorrect implementation of AJAX functions with nonces or capability checks in the mappress-google-maps-for-wordpress plugin, leading to...

8.8CVSS8.8AI score0.05606EPSS
Exploits3References11
Packet Storm
Packet Storm
added 2019/04/04 12:0 a.m.355 views

WordPress 5.0.0 crop-image Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Crop-image Shell Upload', 'Description' = %q This module exploits a path traversal and a local file inclusion vulnerability on WordPres...

6.5CVSS7.6AI score0.91985EPSS
Exploits10
Cvelist
Cvelist
added 2014/03/03 4:0 p.m.46 views

CVE-2013-1409

Cross-site scripting XSS vulnerability in the CommentLuv plugin before 2.92.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ajaxnonce parameter to wp-admin/admin-ajax.php...

5.7AI score0.04546EPSS
Exploits3References5
Rows per page
Query Builder