Lucene search
K

383 matches found

Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-1359 Genolve – AI image AI video generation <= 5.0.5 - Authenticated (Contributor+) Incorrect Authorization to Privilege Escalation via theopt

The Genolve – AI image AI video generation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the genolvesetOpt function in all versions up to, and including, 5.0.5. This makes it possible for authenticated attackers, with Contributor-leve...

8.8CVSS0.00308EPSS
Exploits0References2
CVE
CVE
added 4 days ago10 views

CVE-2026-15292

The Sudoku Shortcode plugin for WordPress is affected by CVE-2026-15292: Stored Cross-Site Scripting via the background parameter in the sudoku-sc shortcode, in all versions up to and including 1.0.0. Exploitation requires authenticated access at Contributor level or higher, enabling an attacker ...

6.4CVSS6.1AI score0.00243EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/07/02 12:0 p.m.5 views

WordPress weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by PRISM in WordPress Plugin weDocs versions = 2.3.0...

6.4CVSS5.9AI score0.00206EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/27 6:50 a.m.18 views

CVE-2026-13295

The CVE-2026-13295 entry concerns the Page Builder by SiteOrigin WordPress plugin. A stored XSS vulnerability affects all versions up to 2.34.3, caused by insufficient input sanitization and output escaping of the panels_data parameter. Authenticated users with Contributor-level access and above ...

6.4CVSS6AI score0.00241EPSS
Exploits0References10
CVE
CVE
added 2026/06/27 1:27 a.m.18 views

CVE-2026-13335

The CodePeople Post Map for Google Maps WordPress plugin is vulnerable to Stored XSS via the 'cpm_point' Post Meta in all versions up to 1.2.6 due to insufficient input sanitization and output escaping. Authenticated attackers with Contributor-level access or higher can inject arbitrary scripts t...

6.4CVSS5.9AI score0.0021EPSS
Exploits0References8
Patchstack
Patchstack
added 2026/06/24 2:50 p.m.6 views

WordPress Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin <= 6.1.4 - Page Builder for Gutenberg Blocks & Patterns <= 6.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Page Builder for Gutenberg Blocks & Patterns plugin = 6.1.4 - Page Builder for Gutenberg Blocks & Patterns = 6.1.4 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Viet Anh Ngo in WordPress Plugin Essential Blocks for Gutenberg versions = 6.1.4...

6.4CVSS5.8AI score0.00193EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.19 views

PT-2026-50845

Name of the Vulnerable Software and Affected Versions The Royal Addons for Elementor – Addons and Templates Kit for Elementor versions 1.7.1058 through 1.7.1059 Description An arbitrary file read issue exists due to the wpr get csv handle helper function. When the settings.table upload csv.url...

6.5CVSS6AI score0.0024EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/06/18 3:43 p.m.6 views

WordPress BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot plugin <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Craniums in WordPress Plugin BetterDocs versions = 4.5.3...

6.4CVSS5.2AI score0.00212EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/18 6:50 a.m.21 views

CVE-2026-12111

The CVE describes a vulnerability in WordPress plugin Appointment Booking Calendar (

4.3CVSS5.5AI score0.00285EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/06/18 4:31 a.m.5 views

CVE-2026-11357

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.7.5 via the editorassetsvariables. This makes it possible for authenticated attackers, with contributor-level access and abov...

4.3CVSS5.3AI score0.00243EPSS
Exploits0References9
Patchstack
Patchstack
added 2026/06/17 4:14 p.m.7 views

WordPress Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin <= 3.7.5 - Authenticated (Contributor+) Sensitive Information Exposure vulnerability

Authenticated Contributor+ Sensitive Information Exposure vulnerability discovered by se1en in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.7.5...

4.3CVSS5.3AI score0.00243EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/09 3:41 a.m.24 views

CVE-2026-10024

CVE-2026-10024 affects the TinyMCE shortcode Addon for WordPress (versions

6.4CVSS5.7AI score0.00228EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.21 views

PT-2026-47723

Name of the Vulnerable Software and Affected Versions Blocksy versions prior to 2.1.36 Description Insufficient input sanitization in the blocksy sanitize post meta options function allows authenticated attackers with contributor-level access or higher to store serialized PHP object strings in po...

8.8CVSS6.4AI score0.00849EPSS
Exploits0References18
Patchstack
Patchstack
added 2026/06/08 3:5 p.m.10 views

WordPress Extra Settings for RocketChat plugin <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by MAJidox in WordPress Plugin Extra Settings for RocketChat versions = 0.1...

6.4CVSS5.4AI score0.00181EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/08 3:4 p.m.11 views

WordPress Plugin Name: ePaperFlip Publisher plugin <= 1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Plugin Name: ePaperFlip Publisher versions = 1...

6.4CVSS5.4AI score0.00192EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/06 4:28 a.m.43 views

CVE-2026-9829 Photo Gallery by 10Web <= 1.8.41 - Authenticated (Contributor+) SQL Injection via 'compact_album_order_by' Shortcode Parameter

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based SQL Injection via 'compactalbumorderby' Shortcode Parameter in all versions up to, and including, 1.8.41 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS0.00325EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/06/05 10:28 p.m.34 views

CVE-2026-7654 Admin Columns <= 7.0.18 - Authenticated (Contributor+) PHP Object Injection to Remote Code Execution via Custom Field Meta Value

The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of unserialize without an allowedclasses restriction in the IdsToCollection::getidsfromstring function, which processes...

8.8CVSS0.00652EPSS
Exploits1References10
Patchstack
Patchstack
added 2026/06/05 2:17 p.m.11 views

WordPress EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more plugin <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by UKO - Korea univ. in WordPress Plugin EmbedPress versions = 4.5.3...

6.4CVSS5.4AI score0.00234EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/01 10:46 a.m.12 views

WordPress Slider Revolution plugin 6.0.0-6.7.55, 7.0.0-7.0.14 - Missing Authorization to Authenticated (Contributor+) Arbitrary plugin Deactivation vulnerability

Missing Authorization to Authenticated Contributor+ Arbitrary plugin Deactivation vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin Slider Revolution versions 6.0.0-6.7.55...

4.3CVSS5.8AI score0.00153EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/29 8:16 a.m.17 views

CVE-2026-9243

The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carouseldirection' parameter of the Carousel Anything widget in versions up to, and including, 6.4.15 This is due to insufficient output escaping in the render function, where the...

6.4CVSS0.00273EPSS
Exploits0References4
Rows per page
Query Builder