Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9655 matches found

EUVD
EUVDadded 2026/03/05 3:30 p.m.3 views

EUVD-2026-9819

The WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the 'installandactiveplugin' function in all versions up to, and including, 1.4.24. This...

8.8CVSS6AI score0.00276EPSS
Exploits0References4
NVD
NVDadded 2026/03/05 2:16 p.m.3 views

CVE-2026-1720

The WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the 'installandactiveplugin' function in all versions up to, and including, 1.4.24. This...

8.8CVSS0.00276EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/03/05 1:40 p.m.3 views

CVE-2026-3058

The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.28.14 via the seraphaccelapi AJAX action with fn=GetData. This is due to the OnAdminApiGetData function not performing any capability checks. This makes it...

4.3CVSS5.9AI score0.00316EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/05 1:40 p.m.4 views

CVE-2026-3056

The Seraphinite Accelerator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the seraphaccelapi AJAX action with fn=LogClear in all versions up to, and including, 2.28.14. This makes it possible for authenticated attackers, with...

4.3CVSS5.9AI score0.0025EPSS
Exploits0References1
CVE
CVEadded 2026/03/05 1:24 p.m.7 views

CVE-2026-1720

The WowOptin: Next-Gen Popup Maker plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check in the install_and_active_plugin function in all versions up to 1.4.24. This allows authenticated users with Subscriber-level access and above to i...

8.8CVSS6AI score0.00276EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/03/05 1:24 p.m.27 views

CVE-2026-1720 WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation <= 1.4.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation

The WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the 'installandactiveplugin' function in all versions up to, and including, 1.4.24. This...

8.8CVSS0.00276EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/03/05 1:24 p.m.4 views

CVE-2026-1720

The WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the 'installandactiveplugin' function in all versions up to, and including, 1.4.24. This...

8.8CVSS6AI score0.00276EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2026/03/05 7:51 a.m.4 views

CVE-2026-2732

The Enable Media Replace plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'RemoveBackGroundViewController::load' function in all versions up to, and including, 4.1.7. This makes it possible for authenticated attackers, with...

5.4CVSS5.9AI score0.00223EPSS
Exploits0References1
GithubExploit
GithubExploitadded 2026/03/05 6:37 a.m.120 views

Blueprint-POC

Sales-to-Delivery Agent Orchestration System - POC Phase 1...

5.9AI score
Exploits0
EUVD
EUVDadded 2026/03/05 6:30 a.m.2 views

EUVD-2026-9790

The Media Library Assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mlaupdatecompatfieldsaction function in all versions up to, and including, 3.33. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS6AI score0.00196EPSS
Exploits0References5
NVD
NVDadded 2026/03/05 6:16 a.m.4 views

CVE-2026-3072

The Media Library Assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mlaupdatecompatfieldsaction function in all versions up to, and including, 3.33. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS0.00196EPSS
Exploits0References4
CVE
CVEadded 2026/03/05 5:26 a.m.14 views

CVE-2026-3072

CVE-2026-3072 affects the WordPress plugin Media Library Assistant (MLA) up to and including version 3.33. The vulnerability arises from a missing capability check in mla_update_compat_fields_action(), allowing authenticated attackers with Subscriber-level access or higher to modify taxonomy term...

4.3CVSS6AI score0.00196EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/03/05 5:26 a.m.27 views

CVE-2026-3072 Media Library Assistant <= 3.33 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Taxonomy Modification

The Media Library Assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mlaupdatecompatfieldsaction function in all versions up to, and including, 3.33. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS0.00196EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/03/05 5:26 a.m.3 views

CVE-2026-3072

The Media Library Assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mlaupdatecompatfieldsaction function in all versions up to, and including, 3.33. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS6AI score0.00196EPSS
Exploits0References5
CNNVD
CNNVDadded 2026/03/05 12:0 a.m.3 views

WordPress plugin Media Library Assistant 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

4.3CVSS5.9AI score0.00196EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/03/05 12:0 a.m.3 views

PT-2026-23130

Name of the Vulnerable Software and Affected Versions Fluent Forms Pro Add On Pack versions up to and including 6.1.17 Description The Fluent Forms Pro Add On Pack plugin for WordPress has a missing authorization issue. The deleteFile method within the Uploader class does not properly verify nonc...

6.5CVSS5.8AI score0.00223EPSS
Exploits0References7
Positive Technologies
Positive Technologiesadded 2026/03/05 12:0 a.m.4 views

PT-2026-23135

Name of the Vulnerable Software and Affected Versions Media Library Assistant plugin for WordPress versions prior to 3.34 Description The software is susceptible to unauthorized data modification because of a missing capability check within the mla update compat fields action function...

4.3CVSS5.9AI score0.00196EPSS
Exploits0References7
Positive Technologies
Positive Technologiesadded 2026/03/05 12:0 a.m.5 views

PT-2026-23448

The WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the 'install and active plugin' function in all versions up to, and including, 1.4.24...

8.8CVSS6AI score0.00276EPSS
Exploits0References4
EUVD
EUVDadded 2026/03/04 12:30 p.m.2 views

EUVD-2026-9394

The Seraphinite Accelerator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the seraphaccelapi AJAX action with fn=LogClear in all versions up to, and including, 2.28.14. This makes it possible for authenticated attackers, with...

4.3CVSS5.9AI score0.0025EPSS
Exploits0References5
NVD
NVDadded 2026/03/04 12:16 p.m.5 views

CVE-2026-3058

The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.28.14 via the seraphaccelapi AJAX action with fn=GetData. This is due to the OnAdminApiGetData function not performing any capability checks. This makes it...

6.5CVSS0.00316EPSS
Exploits0References4
Rows per page
Query Builder