Lucene search
+L

6548 matches found

Cvelist
Cvelist
added 6 days ago36 views

CVE-2026-7655 SureCart <= 4.2.3 - Unauthenticated Linked WordPress Account Takeover via Forged customer.updated Webhook

The SureCart plugin for WordPress is vulnerable to privilege escalation via account takeover in versions up to, and including, 4.2.3. This is due to the plugin not properly validating a user's identity prior to updating their details like email during customer profile synchronization from webhook...

8.1CVSS0.00302EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-43138

The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.14.0 via the generatedocumentshortcode due to missing validation on a user controlled key. This makes it possible for authenticated...

4.3CVSS6.1AI score0.00223EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-57403

Name of the Vulnerable Software and Affected Versions SureCart versions prior to 4.2.4 Description An issue exists that allows privilege escalation via account takeover. The software fails to properly validate a user's identity when updating details, such as the email address, during customer...

8.1CVSS6.1AI score0.00302EPSS
Exploits0References9
NVD
NVD
added 2026/07/10 6:16 p.m.9 views

CVE-2026-57475

Deloitte AI Assist for Customer accepted unauthenticated POST requests through public-facing API endpoints that allowed a remote attacker to make limited additions to the configuration. These additions were not used by the system. On 2026-03-25, AI Assist for Customer restricted network access an...

6.9CVSS0.0034EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/10 5:10 p.m.9 views

EUVD-2026-42974

Deloitte AI Assist for Customer disclosed some configuration information through public-facing API endpoints that accepted unauthenticated requests. This information could reduce an attacker’s reconnaissance effort. On 2026-03-25, AI Assist for Customer restricted network access and enforced...

6.9CVSS6.1AI score0.00279EPSS
Exploits0References4
CVE
CVE
added 2026/07/10 5:10 p.m.12 views

CVE-2026-57474

The CVE entry CVE-2026-57474 concerns Deloitte AI Assist for Customer. Public-facing API endpoints accepted unauthenticated requests, exposing configuration information that could aid an attacker’s reconnaissance. The root cause is exposure of configuration data via unauthenticated access to API ...

6.9CVSS6.1AI score0.00279EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/07/10 5:16 a.m.8 views

CVE-2026-15291

The Chat Help – Click to Chat Button & Form plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the REST API endpoints /wp-json/chat-help/v1/leads and /wp-json/chat-help/v1/leads/id. This is due to the plugin not performing any...

7.5CVSS0.0047EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/10 4:31 a.m.6 views

CVE-2026-15291

The Chat Help – Click to Chat Button & Form plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the REST API endpoints /wp-json/chat-help/v1/leads and /wp-json/chat-help/v1/leads/id. This is due to the plugin not performing any...

7.5CVSS5.9AI score0.0047EPSS
Exploits0References7
CVE
CVE
added 2026/07/10 4:31 a.m.11 views

CVE-2026-15291

The CVE-2026-15291 entry concerns the WordPress plugin Chat Help – Click to Chat Button & Form, vulnerable in all versions up to and including 3.1.3 due to missing authentication/authorization on REST endpoints /wp-json/chat-help/v1/leads and /wp-json/chat-help/v1/leads/{id}. Unauthenticated atta...

7.5CVSS5.9AI score0.0047EPSS
Exploits0References6
NVD
NVD
added 2026/07/09 9:16 p.m.5 views

CVE-2026-60120

Bagisto before 2.4.4 contains a stored cross-site scripting vulnerability via client-side template injection that allows unauthenticated attackers to execute arbitrary JavaScript in administrator browsers by registering a customer account with malicious payload in the first or last name field. Th...

5.4CVSS0.00201EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/09 8:43 p.m.6 views

CVE-2026-60120

Bagisto before 2.4.4 contains a stored cross-site scripting vulnerability via client-side template injection that allows unauthenticated attackers to execute arbitrary JavaScript in administrator browsers by registering a customer account with malicious payload in the first or last name field. Th...

5.4CVSS6.1AI score0.00201EPSS
Exploits0References4
NVD
NVD
added 2026/07/09 12:16 p.m.6 views

CVE-2026-9253

The WP Cost Estimation & Payment Forms Builder E&P Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customerInfos' parameter in all versions up to, and including, 10.5.97 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS0.00204EPSS
Exploits0References2
CVE
CVE
added 2026/07/09 11:27 a.m.15 views

CVE-2026-9253

Summary : CVE-2026-9253 affects the WordPress plugin “WP Cost Estimation & Payment Forms Builder (E&P Forms)”. The vulnerability is a Stored Cross-Site Scripting (Stored XSS) via the customerInfos parameter in all versions up to and including 10.5.97, caused by insufficient input sanitization and...

7.2CVSS6.1AI score0.00204EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/09 6:52 a.m.6 views

EUVD-2026-42526

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'color' Shortcode Attribute in all versions up to, and including, 5.113.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS6.1AI score0.00241EPSS
Exploits0References10
CVE
CVE
added 2026/07/09 6:52 a.m.11 views

CVE-2026-13771

The Customer Reviews for WooCommerce plugin for WordPress is affected by a Stored Cross-Site Scripting vulnerability via the color shortcode attribute in all versions up to 5.113.0, caused by insufficient input sanitization and output escaping. Exploitation requires authenticated access at contri...

6.4CVSS6.1AI score0.00241EPSS
Exploits0References10
EUVD
EUVD
added 2026/07/09 12:31 a.m.9 views

EUVD-2026-42491

Improper neutralization of input during web page generation 'cross-site scripting' in Dynamics 365 Customer Voice allows an unauthorized attacker to perform spoofing over a network...

9.3CVSS6AI score0.00274EPSS
Exploits0References2
NVD
NVD
added 2026/07/09 12:17 a.m.9 views

CVE-2026-47646

Improper neutralization of input during web page generation 'cross-site scripting' in Dynamics 365 Customer Voice allows an unauthorized attacker to perform spoofing over a network...

9.3CVSS0.00274EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/07/08 11:24 p.m.6 views

CVE-2026-47646 Dynamics 365 Customer Voice Spoofing Vulnerability

...

9.3CVSS5.9AI score0.00274EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/08 11:24 p.m.34 views

CVE-2026-47646 Dynamics 365 Customer Voice Spoofing Vulnerability

...

9.3CVSS0.00274EPSS
Exploits0References1
CVE
CVE
added 2026/07/08 11:24 p.m.39 views

CVE-2026-47646

CVE-2026-47646 describes an improper neutralization of input during web page generation (XSS) in Dynamics 365 Customer Voice . The vulnerability allows an unauthenticated attacker to perform spoofing of the user interface over a network, as indicated by a high-impact, network-based CVSS score (CR...

9.3CVSS6AI score0.00274EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder