Lucene search
+L

2826 matches found

nvd
nvd
added 5 days ago7 views

CVE-2026-7559

The Affilia – Affiliate Program & Referral Tracking for WordPress plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.3.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00304EPSS
Exploits0References12
cvelist
cvelist
added 5 days ago33 views

CVE-2026-7559 Affilia <= 3.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Status Modification

The Affilia – Affiliate Program & Referral Tracking for WordPress plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.3.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00304EPSS
Exploits0References12
cve
cve
added 5 days ago11 views

CVE-2026-7559

Technical details beyond what is in the Initial Description are not publicly provided in the connected documents. Monitor for updates to affected versions, remediation status, and exploit information.

4.3CVSS6.1AI score0.00304EPSS
Exploits0References12
nuclei
nuclei
added 5 days ago31 views

Beautiful Cookie Consent Banner < 2.10.2 - Cross-Site Scripting

The Beautiful Cookie Consent Banner for WordPress is vulnerable to Stored Cross-Site Scripting via the 'nscbarcontenthref' parameter in versions up to, and including, 2.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS6.5AI score0.84461EPSS
Exploits0References4
cvelist
cvelist
added 6 days ago30 views

CVE-2026-12955 Cookie Banner for GDPR / CCPA <= 4.3.6 - Missing Authorization to Authenticated (Subscriber+) Scan Schedule Modification via gcc_save_schedule_scan AJAX Action

The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and missing nonce verification on the gdprcookieconsentajaxsaveschedulescan function the wpajaxgccsaveschedulescan AJAX action in versions up to, and including, 4.3.6...

4.3CVSS0.00196EPSS
Exploits0References5
euvd
euvd
added 6 days ago7 views

EUVD-2026-42844

The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 'scanid' parameter in all versions up to, and including, 4.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

4.9CVSS6.1AI score0.00294EPSS
Exploits0References7
cve
cve
added 6 days ago6 views

CVE-2026-14475

The CVE-2026-14475 entry relates to the WordPress plugin “WPLP Cookie Consent” (GDPR/CCPA banner) with a SQL Injection vulnerability via the scan_id parameter in all versions up to 4.3.6. The root cause is insufficient escaping of the user-supplied parameter and inadequate preparation of the exis...

4.9CVSS6.1AI score0.00294EPSS
Exploits0References7
cvelist
cvelist
added 6 days ago31 views

CVE-2026-14475 Cookie Banner for GDPR / CCPA <= 4.3.6 - Authenticated (Administrator+) SQL Injection via 'scan_id' Parameter

The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 'scanid' parameter in all versions up to, and including, 4.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

4.9CVSS0.00294EPSS
Exploits0References7
ossf
ossf
added last week9 views

Malicious code in polipoli-pak (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8693677ff1f1f887c11d3b4f6ad3f1742c7eefd07b6b8cfabd6cfccc32bc48f On npm install, postinstall.js runs automatically and performs two unauthorized actions against the installer. First, it POSTs a JSON fingerprint of...

6.1AI score
Exploits0References3
patchstack
patchstack
added last week5 views

WordPress Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin <= 4.3.6 - Missing Authorization to Authenticated (Subscriber+) Scan Schedule Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Scan Schedule Modification vulnerability discovered by PRISM in WordPress Plugin WP Cookie Notice for GDPR, CCPA & ePrivacy Consent versions = 4.3.6...

4.3CVSS6.1AI score0.00196EPSS
Exploits0References1Affected Software1
osv
osv
added 2026/07/07 11:45 a.m.5 views

PYSEC-2026-1688 Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages

Impact A Nautobot user with admin privileges can modify the BANNERTOP, BANNERBOTTOM, and BANNERLOGIN configuration settings via the /admin/constance/config/ endpoint. Normally these settings are used to provide custom banner text at the top and bottom of all Nautobot web pages or specifically on...

7.5CVSS5.9AI score0.00606EPSS
Exploits1References9
nvd
nvd
added 2026/07/03 2:16 a.m.7 views

CVE-2026-12920

The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 4.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS0.00301EPSS
Exploits0References6
cve
cve
added 2026/07/03 1:28 a.m.20 views

CVE-2026-12920

The vulnerability affects the WordPress plugin GDPR Cookie Consent (WPLP Cookie Consent) for all versions up to and including 4.3.5. It is a generic SQL Injection via the 's' parameter caused by insufficient escaping and lack of proper SQL query preparation. Validated impact: authenticated attack...

4.9CVSS5.8AI score0.00301EPSS
Exploits0References6
cvelist
cvelist
added 2026/07/03 1:28 a.m.39 views

CVE-2026-12920 Cookie Banner for GDPR / CCPA <= 4.3.5 - Authenticated (Administrator+) SQL Injection via 's' Parameter

The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 4.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS0.00301EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/07/03 12:0 a.m.12 views

PT-2026-55443

Name of the Vulnerable Software and Affected Versions Cookie Banner for GDPR / CCPA – WPLP Cookie Consent versions prior to 4.3.6 Description This issue is a generic SQL Injection, which occurs when an application fails to properly sanitize user input, allowing an attacker to interfere with the...

4.9CVSS6AI score0.00301EPSS
Exploits0References10
nvd
nvd
added 2026/06/24 1:16 p.m.9 views

CVE-2026-12242

The AdRotate Banner Manager plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 5.17.7 via the 'banner' attribute of the adrotate shortcode. This is due to insufficient input validation and sanitization of the banner shortcode attribute before...

8.8CVSS0.00467EPSS
Exploits0References11
attackerkb
attackerkb
added 2026/06/24 12:33 p.m.6 views

CVE-2026-12242

The AdRotate Banner Manager plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 5.17.7 via the 'banner' attribute of the adrotate shortcode. This is due to insufficient input validation and sanitization of the banner shortcode attribute before...

8.8CVSS6.2AI score0.00467EPSS
Exploits0References12
cve
cve
added 2026/06/24 12:33 p.m.25 views

CVE-2026-12242

CVE-2026-12242 affects the WordPress AdRotate Banner Manager plugin up to version 5.17.7. The vulnerability is PHP Code Injection via the banner attribute of the adrotate shortcode, caused by insufficient validation and sanitization before concatenation into a PHP code string wrapped in W3 Total ...

8.8CVSS6.2AI score0.00467EPSS
Exploits0References11
euvd
euvd
added 2026/06/24 12:33 p.m.11 views

EUVD-2026-38758

The AdRotate Banner Manager plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 5.17.7 via the 'banner' attribute of the adrotate shortcode. This is due to insufficient input validation and sanitization of the banner shortcode attribute before...

8.8CVSS6.2AI score0.00467EPSS
Exploits0References11
patchstack
patchstack
added 2026/06/24 12:29 p.m.12 views

WordPress AdRotate Banner Manager plugin <= 5.17.7 - Authenticated (Contributor+) PHP Code Injection vulnerability

Authenticated Contributor+ PHP Code Injection vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin AdRotate Banner Manager versions = 5.17.7...

8.8CVSS5.9AI score0.00467EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder