Lucene search
+L

1005 matches found

CVE
CVE
added 2026/04/10 3:35 a.m.11 views

CVE-2026-2305

CVE-2026-2305 : The AddFunc Head & Footer Code WordPress plugin (versions up to and including 2.3) is vulnerable to Stored Cross-Site Scripting via the post meta keys aFhfc_head_code, aFhfc_body_code, and aFhfc_footer_code. The vulnerability arises because these values are output without sanitiza...

6.4CVSS6.1AI score0.002EPSS
Exploits0References8
Patchstack
Patchstack
added 2026/04/10 12:12 a.m.10 views

WordPress AddFunc Head & Footer Code plugin <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Fields vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Custom Fields vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin AddFunc Head & Footer Code versions = 2.3...

6.4CVSS5.9AI score0.002EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/08 11:16 a.m.24 views

CVE-2026-3243 Advanced Members for ACF <= 1.2.5 - Authenticated (Subscriber+) Arbitrary File Deletion via Path Traversal

The Advanced Members for ACF plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the createcrop function in all versions up to, and including, 1.2.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, t...

8.8CVSS0.00807EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/08 11:16 a.m.3 views

CVE-2026-3243 Advanced Members for ACF <= 1.2.5 - Authenticated (Subscriber+) Arbitrary File Deletion via Path Traversal

The Advanced Members for ACF plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the createcrop function in all versions up to, and including, 1.2.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, t...

8.8CVSS6.6AI score0.00807EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.9 views

WordPress plugin Advanced Members for ACF 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

8.8CVSS6.2AI score0.00807EPSS
Exploits0References6
EUVD
EUVD
added 2026/03/26 3:30 p.m.8 views

EUVD-2018-21692

PDF Explorer 1.5.66.2 contains a structured exception handler SEH overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH records with malicious data. Attackers can craft a payload with buffer overflow, NSEH jump, and ROP gadget chains that execute when the...

8.6CVSS6.4AI score0.0022EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.5 views

CVE-2026-4066

The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relationalpostssearch function in all versions up to, and including, 5.0.6. This makes it possible for authenticated attackers, with Contributor-level access and abov...

4.3CVSS5.8AI score0.00289EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.4 views

CVE-2026-4068

The Add Custom Fields to Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.3. This is due to missing nonce validation on the field deletion functionality in the admin display template. The plugin properly validates a nonce for the 'ad...

4.3CVSS5.8AI score0.00132EPSS
Exploits0References1
NVD
NVD
added 2026/03/26 2:16 p.m.6 views

CVE-2018-25217

PDF Explorer 1.5.66.2 contains a structured exception handler SEH overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH records with malicious data. Attackers can craft a payload with buffer overflow, NSEH jump, and ROP gadget chains that execute when the...

8.6CVSS0.0022EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/26 1:24 p.m.3 views

CVE-2018-25217

PDF Explorer 1.5.66.2 contains a structured exception handler SEH overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH records with malicious data. Attackers can craft a payload with buffer overflow, NSEH jump, and ROP gadget chains that execute when the...

8.6CVSS6.4AI score0.0022EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/26 1:24 p.m.10 views

CVE-2018-25217 PDF Explorer 1.5.66.2 Structured Exception Handler Local Code Execution

PDF Explorer 1.5.66.2 contains a structured exception handler SEH overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH records with malicious data. Attackers can craft a payload with buffer overflow, NSEH jump, and ROP gadget chains that execute when the...

8.6CVSS6.4AI score0.0022EPSS
Exploits1References4
Patchstack
Patchstack
added 2026/03/24 4:46 p.m.9 views

WordPress Smart Custom Fields plugin <= 5.0.6 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Relational Post Search vulnerability

Missing Authorization to Authenticated Contributor+ Sensitive Information Exposure via Relational Post Search vulnerability discovered by darkmode in WordPress Plugin Smart Custom Fields versions = 5.0.6...

4.3CVSS5.8AI score0.00289EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/03/23 11:17 p.m.7 views

CVE-2026-4066

The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relationalpostssearch function in all versions up to, and including, 5.0.6. This makes it possible for authenticated attackers, with Contributor-level access and abov...

4.3CVSS0.00289EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/23 10:25 p.m.33 views

CVE-2026-4066 Smart Custom Fields <= 5.0.6 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Relational Post Search

The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relationalpostssearch function in all versions up to, and including, 5.0.6. This makes it possible for authenticated attackers, with Contributor-level access and abov...

4.3CVSS0.00289EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/23 10:25 p.m.4 views

CVE-2026-4066

The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relationalpostssearch function in all versions up to, and including, 5.0.6. This makes it possible for authenticated attackers, with Contributor-level access and abov...

4.3CVSS5.8AI score0.00289EPSS
Exploits0References6
CVE
CVE
added 2026/03/23 10:25 p.m.31 views

CVE-2026-4066

The CVE concerns the Smart Custom Fields plugin for WordPress (affected: all versions up to and including 5.0.6). A missing capability check in relational_posts_search() allows authenticated users with Contributor-level access or higher to read private and draft posts from other authors via the s...

4.3CVSS5.8AI score0.00289EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/23 10:25 p.m.3 views

CVE-2026-4066 Smart Custom Fields <= 5.0.6 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Relational Post Search

The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relationalpostssearch function in all versions up to, and including, 5.0.6. This makes it possible for authenticated attackers, with Contributor-level access and abov...

4.3CVSS5.8AI score0.00289EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.9 views

WordPress plugin Smart Custom Fields 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00289EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.16 views

PT-2026-27252

The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relational posts search function in all versions up to, and including, 5.0.6. This makes it possible for authenticated attackers, with Contributor-level access and...

4.3CVSS5.8AI score0.00289EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/03/19 10:50 p.m.8 views

WordPress Add Custom Fields to Media plugin <= 2.0.3 - Cross-Site Request Forgery to Custom Field Deletion via 'delete' Parameter vulnerability

Cross-Site Request Forgery to Custom Field Deletion via 'delete' Parameter vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Add Custom Fields to Media versions = 2.0.3...

4.3CVSS5.8AI score0.00132EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder