Lucene search
+L

1715 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/05 1:27 p.m.6 views

CVE-2026-4304

The WeePie Cookie Allow plugin for WordPress is vulnerable to SQL Injection via the 'consent' parameter in all versions up to, and including, 3.4.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS5.9AI score0.00294EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/05 1:27 p.m.54 views

CVE-2026-4304 WeePie Cookie Allow <= 3.4.11 - Unauthenticated SQL Injection via 'consent' Parameter

The WeePie Cookie Allow plugin for WordPress is vulnerable to SQL Injection via the 'consent' parameter in all versions up to, and including, 3.4.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS0.00294EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/05 1:27 p.m.6 views

CVE-2026-4304 WeePie Cookie Allow <= 3.4.11 - Unauthenticated SQL Injection via 'consent' Parameter

The WeePie Cookie Allow plugin for WordPress is vulnerable to SQL Injection via the 'consent' parameter in all versions up to, and including, 3.4.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS5.9AI score0.00294EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.22 views

PT-2026-37045

The WeePie Cookie Allow plugin for WordPress is vulnerable to SQL Injection via the 'consent' parameter in all versions up to, and including, 3.4.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS5.9AI score0.00294EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.13 views

WordPress plugin WeePie Cookie Allow SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.5CVSS5.9AI score0.00294EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.16 views

CVE-2026-5113

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Consent field hidden inputs in versions up to and including 2.10.0. This is due to a flawed state validation mechanism that fails open when input is sanitized by wpkses, combined with insufficient output...

7.2CVSS6AI score0.00239EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/04 6:28 p.m.7 views

EUVD-2026-27100

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /mcp-oauth/register endpoint accepted OAuth client registrations without authentication, allowing arbitrary redirecturi values to be registered. When a user denies the MCP OAuth consent dialog,...

5.1CVSS5.9AI score0.00181EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/04 6:28 p.m.69 views

CVE-2026-42230 n8n: Open Redirect in MCP OAuth Consent Flow

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /mcp-oauth/register endpoint accepted OAuth client registrations without authentication, allowing arbitrary redirecturi values to be registered. When a user denies the MCP OAuth consent dialog,...

5.1CVSS0.00181EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/04 6:28 p.m.6 views

CVE-2026-42230

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /mcp-oauth/register endpoint accepted OAuth client registrations without authentication, allowing arbitrary redirecturi values to be registered. When a user denies the MCP OAuth consent dialog,...

5.1CVSS5.9AI score0.00181EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/04 6:28 p.m.32 views

CVE-2026-42230

Affected software: n8n open source workflow automation platform. Vulnerability: Open redirect via the MCP OAuth flow. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /mcp-oauth/register endpoint allowed unauthenticated OAuth client registrations, enabling arbitrary redirect_uri values. If a u...

6.1CVSS5.9AI score0.00181EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/05/04 6:28 p.m.3 views

CVE-2026-42230 n8n: Open Redirect in MCP OAuth Consent Flow

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /mcp-oauth/register endpoint accepted OAuth client registrations without authentication, allowing arbitrary redirecturi values to be registered. When a user denies the MCP OAuth consent dialog,...

5.1CVSS6AI score0.00181EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.20 views

PT-2026-36902

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.32 n8n versions prior to 2.17.4 n8n versions prior to 2.18.1 Description The '/mcp-oauth/register' endpoint allows OAuth client registrations without authentication, which permits the registration of arbitrary...

5.1CVSS5.9AI score0.00181EPSS
Exploits0References5
NVD
NVD
added 2026/05/02 6:16 a.m.38 views

CVE-2026-5113

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Consent field hidden inputs in versions up to and including 2.10.0. This is due to a flawed state validation mechanism that fails open when input is sanitized by wpkses, combined with insufficient output...

7.2CVSS0.00239EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/02 5:29 a.m.18 views

EUVD-2026-26745

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Consent field hidden inputs in versions up to and including 2.10.0. This is due to a flawed state validation mechanism that fails open when input is sanitized by wpkses, combined with insufficient output...

7.2CVSS6AI score0.00239EPSS
Exploits0References2
CVE
CVE
added 2026/05/02 5:29 a.m.19 views

CVE-2026-5113

Gravity Forms for WordPress &lt;= 2.10.0 is affected by a stored cross-site scripting (XSS) flaw in the Consent field hidden input. The issue arises from flawed state validation: input is sanitized by wp_kses() and two hashes (raw vs. sanitized) are compared; validation only fails if both hashes ...

7.2CVSS6AI score0.00239EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/02 5:29 a.m.60 views

CVE-2026-5113 Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Consent Field Hidden Input

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Consent field hidden inputs in versions up to and including 2.10.0. This is due to a flawed state validation mechanism that fails open when input is sanitized by wpkses, combined with insufficient output...

7.2CVSS0.00239EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/02 5:29 a.m.4 views

CVE-2026-5113

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Consent field hidden inputs in versions up to and including 2.10.0. This is due to a flawed state validation mechanism that fails open when input is sanitized by wpkses, combined with insufficient output...

7.2CVSS6AI score0.00239EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/02 5:29 a.m.7 views

CVE-2026-5113 Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Consent Field Hidden Input

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Consent field hidden inputs in versions up to and including 2.10.0. This is due to a flawed state validation mechanism that fails open when input is sanitized by wpkses, combined with insufficient output...

7.2CVSS6AI score0.00239EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.11 views

WordPress plugin Gravity Forms 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

7.2CVSS5.8AI score0.00239EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.13 views

PT-2026-36577

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Consent field hidden inputs in versions up to and including 2.10.0. This is due to a flawed state validation mechanism that fails open when input is sanitized by wp kses, combined with insufficient output...

7.2CVSS6AI score0.00239EPSS
Exploits0References3
Rows per page
Query Builder