Lucene search
K

5 matches found

Cvelist
Cvelist
added 2026/06/13 8:29 a.m.31 views

CVE-2026-1291 Meow Gallery <= 5.4.4 - Missing Authorization to Authenticated (Author+) Shortcode creation

The Meow Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the REST API endpoint /wp-json/meow-gallery/v1/saveshortcode in all versions up to, and including, 5.4.4 This makes it possible for authenticated attackers, with...

4.3CVSS0.00214EPSS
Exploits0References6
CVE
CVE
added 2026/02/14 6:42 a.m.19 views

CVE-2026-1985

CVE-2026-1985 pertains to the WordPress Press3D plugin up to version 1.0.2, where a vulnerability in the 3D Model Gutenberg block allows Stored Cross-Site Scripting via the link URL parameter. The root cause is inadequate sanitization/validation of the URL scheme when storing model block URLs, en...

6.4CVSS5.8AI score0.00279EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/03 10:22 p.m.28 views

CVE-2026-1755 Menu Icons by ThemeIsle <= 0.13.20 - Authenticated (Author+) Stored Cross-Site Scripting

The Menu Icons by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpattachmentimagealt’ post meta in all versions up to, and including, 0.13.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00181EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/16 5:51 a.m.11 views

CVE-2025-12494

The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ajaximportfile function in all versions up to, and including, 2.12.28. This makes it possible for authenticated attackers, with author-level...

4.3CVSS6AI score0.0021EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/01 5:40 a.m.3 views

CVE-2025-12038 Folderly <= 0.3 - Incorrect Authorization to Authenticated (Author+) Term Deletion

The Folderly plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the /wp-json/folderly/v1/config/clear-all-data REST API endpoint in all versions up to, and including, 0.3. This makes it possible for authenticated attackers, with...

4.3CVSS5.2AI score0.00178EPSS
Exploits0References2
Rows per page
Query Builder