Lucene search
K

855 matches found

The Hacker News
The Hacker News
added 2026/06/15 9:59 a.m.13 views

Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites

An attacker tampered with trusted JavaScript files used by WordPress sites running PushEngage , OptinMonster , and TrustPulse , turning those files into a way to break into the sites. When a site administrator was logged in as the file loaded, the code created an admin account under the attacker'...

8.1CVSS6.2AI score0.03578EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.10 views

CVE-2026-49044

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Justin Kruit Advanced Custom Fields: Font Awesome Field allows Stored XSS. This issue affects Advanced Custom Fields: Font Awesome Field: from n/a through 5.0.2...

6.5CVSS5.4AI score0.00182EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.8 views

CVE-2026-6415

The Advanced Custom Fields: Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.0.2. This is due to insufficient input validation of JSON field values and unsafe client-side HTML construction in the updatepreview JavaScript function. Th...

6.4CVSS5.7AI score0.00274EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.7 views

CVE-2026-4654

The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 6.3.7. This is due to the wpasgetticketrepliesajax function failing to verify whether the authenticated user has permission to view th...

5.3CVSS5.4AI score0.00327EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/03 11:45 a.m.9 views

WordPress MasterStudy LMS Pro plugin <= 4.8.20 - Authenticated (Instructor+) SQL Injection vulnerability

Authenticated Instructor+ SQL Injection vulnerability discovered by Rafie Muhammad - Awesome Motive, Inc. in WordPress Plugin MasterStudy LMS Pro versions = 4.8.20...

6.5CVSS5.9AI score0.00217EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/27 3:16 p.m.16 views

CVE-2026-49044

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Justin Kruit Advanced Custom Fields: Font Awesome Field allows Stored XSS. This issue affects Advanced Custom Fields: Font Awesome Field: from n/a through 5.0.2...

6.5CVSS0.00182EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 2:46 p.m.10 views

CVE-2026-49044 WordPress Advanced Custom Fields: Font Awesome Field plugin <= 5.0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Justin Kruit Advanced Custom Fields: Font Awesome Field allows Stored XSS. This issue affects Advanced Custom Fields: Font Awesome Field: from n/a through 5.0.2...

6.5CVSS5.8AI score0.00182EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 2:46 p.m.26 views

CVE-2026-49044

The CVE-2026-49044 entry affects WordPress Plugin Advanced Custom Fields: Font Awesome Field (versions

6.5CVSS5.8AI score0.00182EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 2:46 p.m.13 views

EUVD-2026-32537

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Justin Kruit Advanced Custom Fields: Font Awesome Field allows Stored XSS. This issue affects Advanced Custom Fields: Font Awesome Field: from n/a through 5.0.2...

6.5CVSS5.8AI score0.00182EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 2:46 p.m.45 views

CVE-2026-49044 WordPress Advanced Custom Fields: Font Awesome Field plugin <= 5.0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Justin Kruit Advanced Custom Fields: Font Awesome Field allows Stored XSS. This issue affects Advanced Custom Fields: Font Awesome Field: from n/a through 5.0.2...

6.5CVSS0.00182EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/27 2:45 p.m.15 views

WordPress Advanced Custom Fields: Font Awesome Field plugin <= 5.0.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by timomangcut in WordPress Plugin Advanced Custom Fields: Font Awesome Field versions = 5.0.2...

6.5CVSS5.8AI score0.00182EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.11 views

WordPress plugin Advanced Custom Fields: Font Awesome Field 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.6AI score0.00182EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.19 views

PT-2026-44022

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Justin Kruit Advanced Custom Fields: Font Awesome Field allows Stored XSS. This issue affects Advanced Custom Fields: Font Awesome Field: from n/a through 5.0.2...

6.5CVSS5.8AI score0.00182EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/15 10:42 a.m.11 views

WordPress Advanced Custom Fields: Font Awesome Field plugin <= 5.0.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Nguyen Cong Quang in WordPress Plugin Advanced Custom Fields: Font Awesome Field versions = 5.0.2...

6.4CVSS5.8AI score0.00274EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/15 9:16 a.m.37 views

CVE-2026-6415

The Advanced Custom Fields: Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.0.2. This is due to insufficient input validation of JSON field values and unsafe client-side HTML construction in the updatepreview JavaScript function. Th...

6.4CVSS0.00274EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/15 7:46 a.m.46 views

CVE-2026-6415 Advanced Custom Fields: Font Awesome Field <= 5.0.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via JSON Field

The Advanced Custom Fields: Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.0.2. This is due to insufficient input validation of JSON field values and unsafe client-side HTML construction in the updatepreview JavaScript function. Th...

6.4CVSS0.00274EPSS
Exploits0References6
CVE
CVE
added 2026/05/15 7:46 a.m.16 views

CVE-2026-6415

The CVE concerns the Advanced Custom Fields: Font Awesome plugin for WordPress. It is vulnerable to a Stored Cross-Site Scripting (Stored XSS) in versions up to and including 5.0.2. The root cause is insufficient input validation of JSON field values and unsafe client-side HTML construction in th...

6.4CVSS6AI score0.00274EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/15 7:46 a.m.7 views

CVE-2026-6415

The Advanced Custom Fields: Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.0.2. This is due to insufficient input validation of JSON field values and unsafe client-side HTML construction in the updatepreview JavaScript function. Th...

6.4CVSS6AI score0.00274EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/05/15 7:46 a.m.7 views

CVE-2026-6415 Advanced Custom Fields: Font Awesome Field <= 5.0.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via JSON Field

The Advanced Custom Fields: Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.0.2. This is due to insufficient input validation of JSON field values and unsafe client-side HTML construction in the updatepreview JavaScript function. Th...

6.4CVSS6AI score0.00274EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/15 7:46 a.m.11 views

EUVD-2026-30521

The Advanced Custom Fields: Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.0.2. This is due to insufficient input validation of JSON field values and unsafe client-side HTML construction in the updatepreview JavaScript function. Th...

6.4CVSS6AI score0.00274EPSS
Exploits0References6
Rows per page
Query Builder