Lucene search
K

12032 matches found

Patchstack
Patchstack
added yesterday4 views

WordPress Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin <= 6.1.4 - Page Builder for Gutenberg Blocks & Patterns <= 6.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Page Builder for Gutenberg Blocks & Patterns plugin = 6.1.4 - Page Builder for Gutenberg Blocks & Patterns = 6.1.4 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Viet Anh Ngo in WordPress Plugin Essential Blocks for Gutenberg versions = 6.1.4...

6.4CVSS5.8AI score
Exploits0References1Affected Software1
CVE
CVE
added yesterday4 views

CVE-2026-56231

Capgo prior to 12.128.2 contains a broken object level authorization (BOLA) in build endpoints: POST /build/start/:jobId and POST /build/cancel/:jobId. The handlers validate only the attacker-controlled app_id in the request body and fail to verify that the URL jobId belongs to the same app/tenan...

7.6CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added yesterday6 views

EUVD-2026-38738

Capgo before 12.128.2 contains a broken object level authorization BOLA vulnerability in the POST /build/start/:jobId and POST /build/cancel/:jobId endpoints. The handlers authorize the request based only on the attacker-controlled appid supplied in the request body and never verify that the jobI...

7.6CVSS6.1AI score
Exploits0References2
NVD
NVD
added yesterday5 views

CVE-2026-56052

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in FunnelKit Funnel Builder by FunnelKit allows Blind SQL Injection. This issue affects Funnel Builder by FunnelKit: from n/a through 3.15.0.5...

7.6CVSS0.00226EPSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-56052

CVE-2026-56052 is a SQL Injection vulnerability in WordPress Funnel Builder by FunnelKit up to version 3.15.0.5. The root cause is improper neutralization of certain elements in SQL commands, enabling blind SQL injection. Affected product: Funnel Builder by FunnelKit (WordPress plugin). CVSS 3.1 ...

7.6CVSS5.9AI score0.00226EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-56052

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in FunnelKit Funnel Builder by FunnelKit allows Blind SQL Injection. This issue affects Funnel Builder by FunnelKit: from n/a through 3.15.0.5...

7.6CVSS5.9AI score0.00226EPSS
Exploits0References2
EUVD
EUVD
added yesterday8 views

EUVD-2026-38713

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in FunnelKit Funnel Builder by FunnelKit allows Blind SQL Injection. This issue affects Funnel Builder by FunnelKit: from n/a through 3.15.0.5...

7.6CVSS5.9AI score0.00226EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday13 views

CVE-2026-56052 WordPress Funnel Builder by FunnelKit plugin <= 3.15.0.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in FunnelKit Funnel Builder by FunnelKit allows Blind SQL Injection. This issue affects Funnel Builder by FunnelKit: from n/a through 3.15.0.5...

7.6CVSS0.00226EPSS
Exploits0References1
Patchstack
Patchstack
added yesterday5 views

WordPress Funnel Builder by FunnelKit plugin <= 3.15.0.5 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Funnel Builder by FunnelKit versions = 3.15.0.5...

7.6CVSS6AI score0.00226EPSS
Exploits0Affected Software1
Nuclei
Nuclei
added yesterday26 views

Slider & Popup Builder by Depicter <= 3.6.1 - Unauthenticated SQL Injection

The Slider & Popup Builder by Depicter plugin for WordPress is vulnerable to generic SQL Injection via the ‘s' parameter in all versions up to, and including, 3.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.This makes ...

7.5CVSS7.3AI score0.35077EPSS
Exploits6References5
Nuclei
Nuclei
added yesterday9 views

WordPress Popup Builder < 4.0.7 - Remote Code Execution

Popup Builder WordPress plugin before 4.0.7 contains a local file inclusion caused by unsanitized 'sgpbtype' parameter in require statement, letting attackers include arbitrary local files or execute code via wrappers like PHAR, exploit requires attacker to control 'sgpbtype' parameter. id:...

8.8CVSS7.5AI score0.05365EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday21 views

Infographic Maker iList < 4.3.8 - SQL Injection

The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the postid parameter before using it in a SQL statement via the qcldupvoteaction AJAX action available to unauthenticated and authenticated users, leading to an unauthenticated SQL Injection. id: CVE-2022-0747 info:...

9.8CVSS7.3AI score0.15254EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday26 views

Popup Builder < 4.0.7 - SQL Injection

The Popup Builder WordPress plugin before 4.0.7 does not validate and properly escape the orderby and order parameters before using them in a SQL statement in the admin dashboard, which could allow high privilege users to perform SQL injection. id: CVE-2022-0228 info: name: Popup Builder 4.0.7 -...

7.2CVSS7.1AI score0.05839EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday27 views

Popup Builder Plugin - SQL Injection and Cross-Site Scripting

The Popup Builder WordPress plugin before 4.1.1 is vulnerable to SQL Injection and Reflected XSS via the sgpb-subscription-popup-id parameter. id: CVE-2022-0479 info: name: Popup Builder Plugin - SQL Injection and Cross-Site Scripting author: ritikchaddha severity: critical description: | The Pop...

9.8CVSS7.4AI score0.4408EPSS
Exploits2
Nuclei
Nuclei
added yesterday29 views

WordPress Visual Form Builder <3.0.8 - Information Disclosure

WordPress Visual Form Builder plugin before 3.0.8 contains a information disclosure vulnerability. The plugin does not perform access control on entry form export, allowing an unauthenticated user to export the form entries as CSV files using the vfb-export endpoint. id: CVE-2022-0140 info: name:...

5.3CVSS6.1AI score0.0377EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday13 views

Profile Builder < 3.4.9 - Improper Authentication

The Profile Builder plugin before 3.4.9 for WordPress allows unauthenticated attackers to gain administrative access by exploiting an improper authentication vulnerability in the password reset functionality. An attacker can reset the password of any user, including administrators, without proper...

10CVSS7.2AI score0.07696EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday17 views

Schneider Electric U.motion Builder - Remote Code Execution

U.motion Builder 1.3.4 contains a remote code execution vulnerability caused by improper input sanitization, allowing attackers to execute arbitrary system commands through crafted input parameters. id: CVE-2018-7841 info: name: Schneider Electric U.motion Builder - Remote Code Execution author:...

9.8CVSS8.1AI score0.72486EPSS
Exploits6References4
Nuclei
Nuclei
added yesterday9 views

WordPress 10Web Map Builder < 1.0.73 - Unauthenticated SQL Injection

The 10Web Map Builder for Google Maps WordPress plugin before 1.0.73 does not properly sanitise and escape some parameters before using them in an SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection id: CVE-2023-0037 info: name: WordPress 10Web Map...

9.8CVSS7.3AI score0.03911EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday117 views

Kubio AI Page Builder <= 2.5.1 - Local File Inclusion

The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.1 via thekubiohybridthemeloadtemplate function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the...

9.8CVSS8.1AI score0.77251EPSS
Exploits12References3
Nuclei
Nuclei
added yesterday15 views

WordPress Themify Builder < 7.5.8 - Open Redirect

The Themify Builder WordPress plugin before version 7.5.8 contains an open redirect vulnerability. The plugin does not validate the tbredirectfail parameter before redirecting users to its value, which could allow attackers to redirect users to malicious websites. id: CVE-2024-3032 info: name:...

6.1CVSS5.8AI score0.00823EPSS
Exploits2References2
Rows per page
Query Builder