Lucene search
K

15573 matches found

Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.12 views

PT-2026-55522

Name of the Vulnerable Software and Affected Versions RTMKit versions prior to 2.0.8 Description The RTMKit rometheme-for-elementor plugin for WordPress contains a Local File Inclusion flaw. This occurs because the render templates AJAX endpoint does not properly validate the template parameter...

4.3CVSS6.2AI score0.00266EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.11 views

PT-2026-55514

Name of the Vulnerable Software and Affected Versions Ad Inserter – Ad Manager & AdSense Ads versions prior to 2.8.17 Description An Insecure Direct Object Reference exists via the data attribute of the adinserter shortcode. The replace ai tags function processes a reusable-block-N tag pattern th...

4.3CVSS6AI score0.00273EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.13 views

PT-2026-55442

Name of the Vulnerable Software and Affected Versions weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot versions prior to 2.3.1 Description Insufficient input sanitization and output escaping allow authenticated attackers with contributor-level access and above to perform...

6.4CVSS6.1AI score0.00206EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.13 views

PT-2026-55517

Name of the Vulnerable Software and Affected Versions Zakra versions prior to 4.2.1 Description The Zakra theme for WordPress contains a Stored Cross-Site Scripting issue. This occurs because the theme registers three post meta fields—zakra menu item color, zakra menu item hover color, and zakra...

6.4CVSS6.1AI score0.00187EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.11 views

PT-2026-55509

Name of the Vulnerable Software and Affected Versions Quiz and Survey Master QSM – Easy Quiz and Survey Maker versions prior to 11.1.5 Description An authorization bypass exists because the plugin fails to properly verify if a user is authorized to perform specific actions. Authenticated attacker...

4.3CVSS5.8AI score0.00312EPSS
Exploits0References19
Patchstack
Patchstack
added 2026/07/02 6:30 p.m.6 views

WordPress Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin <= 11.1.4 - Missing Authorization to Authenticated (Contributor+) Arbitrary Quiz Modification and Email Reroute vulnerability

Missing Authorization to Authenticated Contributor+ Arbitrary Quiz Modification and Email Reroute vulnerability discovered by Kirasec in WordPress Plugin Quiz And Survey Master versions = 11.1.4...

4.3CVSS5.9AI score0.00312EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/07/02 5:43 p.m.6 views

WordPress RTMKit plugin <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by theviper17y in WordPress Plugin RTMKit versions = 2.0.7...

6.4CVSS5.9AI score0.00245EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/07/02 12:17 p.m.8 views

CVE-2026-57765

Contributor SQL Injection in WP EasyCart = 5.9.0 versions...

8.5CVSS0.0022EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/02 12:0 p.m.5 views

WordPress weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by PRISM in WordPress Plugin weDocs versions = 2.3.0...

6.4CVSS5.9AI score0.00206EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:16 a.m.10 views

CVE-2026-57765

Contributor SQL Injection in WP EasyCart = 5.9.0 versions...

8.5CVSS5.8AI score0.0022EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:15 a.m.12 views

CVE-2026-57756

Contributor SQL Injection in nicen-localize-image = 1.4.9 versions...

8.5CVSS5.8AI score0.0022EPSS
Exploits0References2
NVD
NVD
added 2026/07/02 10:16 a.m.6 views

CVE-2026-13252

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'aspectRatio' Attribute in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. Th...

6.4CVSS0.00274EPSS
Exploits0References6
CVE
CVE
added 2026/07/02 8:33 a.m.13 views

CVE-2026-13252

The CVE-2026-13252 entry concerns the WordPress plugin RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator. Affected: the plugin’s handling of the aspectRatio attribute allows Stored Cross-Site Scripting due to insufficient input sanitization and output es...

6.4CVSS5.9AI score0.00274EPSS
Exploits0References6
NVD
NVD
added 2026/07/02 6:16 a.m.9 views

CVE-2026-11781

The Adminify WordPress plugin before 4.2.10 does not perform per-user read-capability checks on the results returned by one of its administration search features, allowing users with a low-privilege role Contributor to disclose non-public content that WordPress would not otherwise expose to them,...

2.7CVSS0.00189EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 6:0 a.m.39 views

CVE-2026-11781 Adminify < 4.2.10 - Contributor+ Sensitive Information Disclosure via Global Search AJAX

The Adminify WordPress plugin before 4.2.10 does not perform per-user read-capability checks on the results returned by one of its administration search features, allowing users with a low-privilege role Contributor to disclose non-public content that WordPress would not otherwise expose to them,...

0.00189EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 6:0 a.m.16 views

CVE-2026-11781

The CVE-2026-11781 entry affects the Adminify WordPress plugin prior to version 4.2.10. The vulnerability arises because the plugin does not perform per-user read-capability checks on results returned by an administration search feature. As a result, users with a low-privilege role (Contributor) ...

2.7CVSS5.7AI score0.00189EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 5:35 a.m.39 views

CVE-2026-11592 Email Subscribers & Newsletters <= 5.9.27 - Missing Authorization to Authenticated (Contributor+) Settings Modification via ig_es_handle_request AJAX Action

The Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.27. This is due to the plugin not properly verifying that a user is authorized to perfor...

4.3CVSS0.00272EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.11 views

PT-2026-55043

Name of the Vulnerable Software and Affected Versions Mosaic Gallery – Advanced Gallery versions prior to 1.2.1 Description A Cross Site Scripting XSS issue exists that allows users with Contributor privileges to execute malicious scripts. XSS is a type of security flaw where an attacker injects...

6.5CVSS6AI score0.00139EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.8 views

PT-2026-55037

Name of the Vulnerable Software and Affected Versions SportsPress Pro versions 2.7.29 and earlier Description A Local File Inclusion LFI issue exists where users with Contributor privileges can read local files on the server. Local File Inclusion is a vulnerability that allows an attacker to indu...

7.5CVSS5.9AI score0.00278EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/07/01 5:17 p.m.4 views

WordPress Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress plugin <= 5.9.27 - Missing Authorization to Authenticated (Contributor+) Settings Modification vulnerability

Missing Authorization to Authenticated Contributor+ Settings Modification vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Email Subscribers & Newsletters versions = 5.9.27...

4.3CVSS5.8AI score0.00272EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder