Lucene search
K

688 matches found

EUVD
EUVD
added 2026/05/12 9:31 a.m.27 views

EUVD-2026-29397

The Eight Day Week Print Workflow plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'title' parameter in the pp-get-articles AJAX action in all versions up to, and including, 1.2.6. This is due to insufficient escaping on the user supplied parameter and lack of sufficie...

6.5CVSS5.9AI score0.00241EPSS
Exploits0References4
NVD
NVD
added 2026/05/12 9:16 a.m.53 views

CVE-2026-5028

The Eight Day Week Print Workflow plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'title' parameter in the pp-get-articles AJAX action in all versions up to, and including, 1.2.6. This is due to insufficient escaping on the user supplied parameter and lack of sufficie...

6.5CVSS0.00241EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/12 7:48 a.m.72 views

CVE-2026-5028 Eight Day Week Print Workflow <= 1.2.6 - Authenticated (Subscriber+) SQL Injection via 'title' Parameter

The Eight Day Week Print Workflow plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'title' parameter in the pp-get-articles AJAX action in all versions up to, and including, 1.2.6. This is due to insufficient escaping on the user supplied parameter and lack of sufficie...

6.5CVSS0.00241EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/12 7:48 a.m.7 views

CVE-2026-5028

The Eight Day Week Print Workflow plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'title' parameter in the pp-get-articles AJAX action in all versions up to, and including, 1.2.6. This is due to insufficient escaping on the user supplied parameter and lack of sufficie...

6.5CVSS5.9AI score0.00241EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.28 views

PT-2026-39952

The Eight Day Week Print Workflow plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'title' parameter in the pp-get-articles AJAX action in all versions up to, and including, 1.2.6. This is due to insufficient escaping on the user supplied parameter and lack of sufficie...

6.5CVSS5.9AI score0.00241EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.11 views

WordPress plugin GenerateBlocks 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

6.5CVSS5.9AI score0.00539EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.9 views

WordPress plugin Royal Addons for Elementor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5.3CVSS5.9AI score0.00501EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.9 views

WordPress plugin Complianz – GDPR/CCPA Cookie Consent 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5.3CVSS5.8AI score0.00276EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.10 views

PT-2026-34006

Textpattern CMS 4.9.0 contains a Broken Access Control vulnerability in the article management system that allows authenticated users with low privileges to modify articles owned by users with higher privileges. By manipulating the article ID parameter during the duplicate-and-save workflow in...

5.8AI score0.00247EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/21 12:0 a.m.6 views

CVE-2026-30452

Textpattern CMS 4.9.0 contains a Broken Access Control vulnerability in the article management system that allows authenticated users with low privileges to modify articles owned by users with higher privileges. By manipulating the article ID parameter during the duplicate-and-save workflow in...

5.8AI score0.00247EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/21 12:0 a.m.4 views

CVE-2026-30452

Textpattern CMS 4.9.0 contains a Broken Access Control vulnerability in the article management system that allows authenticated users with low privileges to modify articles owned by users with higher privileges. By manipulating the article ID parameter during the duplicate-and-save workflow in...

5.8AI score0.00247EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/17 7:45 a.m.2 views

CVE-2026-6451 CMS für Motorrad Werkstätten <= 1.0.0 - Cross-Site Request Forgery

The cms-fuer-motorrad-werkstaetten plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.0.0. This is due to missing nonce validation on all eight AJAX deletion handlers: vehiclescfmwdvehicle, contactscfmwdcontact, supplierscfmwdsupplier,...

4.3CVSS5.8AI score0.00225EPSS
Exploits0References19
Cvelist
Cvelist
added 2026/04/17 7:45 a.m.29 views

CVE-2026-6451 CMS für Motorrad Werkstätten <= 1.0.0 - Cross-Site Request Forgery

The cms-fuer-motorrad-werkstaetten plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.0.0. This is due to missing nonce validation on all eight AJAX deletion handlers: vehiclescfmwdvehicle, contactscfmwdcontact, supplierscfmwdsupplier,...

4.3CVSS0.00225EPSS
Exploits0References19
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.11 views

WordPress plugin cms-fuer-motorrad-werkstaetten 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

4.3CVSS5.8AI score0.00225EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2026/04/15 5:43 p.m.8 views

AI clickbait can turn your notifications into a scam feed

Pushpaganda is the name researchers have given to an AI-assisted ad fraud, social engineering, and scareware operation targeting mobile users. For most people, Pushpaganda starts as something that looks completely normal. For example, a recommended article in your Google Discover feed the...

5.7AI score
Exploits0
OSV
OSV
added 2026/04/10 8:49 a.m.3 views

BIT-JOOMLA-2026-21630 Joomla! Core - [20260302] - SQL injection in com_content articles webservice endpoint

Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint...

8.8CVSS5.9AI score0.00341EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/08 6:1 p.m.5 views

EUVD-2026-20558

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the HTML sanitizer for ticket articles was missing proper sanitization of data: ... URI schemes, resulting in storing such malicious content in the database of the Zammad instance. The Zammad GUI is...

5.3CVSS5.9AI score0.00149EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 6:1 p.m.17 views

CVE-2026-34718 Zammad improperly neutralizes of script-related HTML tags in ticket articles

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the HTML sanitizer for ticket articles was missing proper sanitization of data: ... URI schemes, resulting in storing such malicious content in the database of the Zammad instance. The Zammad GUI is...

5.3CVSS0.00149EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 6:1 p.m.19 views

CVE-2026-34718

CVE-2026-34718 affects Zammad, a web-based open source helpdesk system. The vulnerability stems from improper sanitization in the HTML sanitizer for ticket articles, which failed to neutralize certain data URI schemes, allowing malicious content to be stored in the database. The issue is mitigate...

6.1CVSS5.9AI score0.00149EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.10 views

PT-2026-31415

Name of the Vulnerable Software and Affected Versions Zammad versions prior to 7.0.1 and prior to 6.5.4 Description Zammad, a web-based open-source helpdesk system, had an issue in its HTML sanitizer for ticket articles. The sanitizer lacked proper sanitization of URI schemes, allowing malicious...

5.3CVSS5.9AI score0.00149EPSS
Exploits0References4
Rows per page
Query Builder