Lucene search
K

4028 matches found

Nuclei
Nuclei
added 10 hours ago66 views

The Plus Addons for Elementor Page Builder < 4.1.7 - Authentication Bypass

The Plus Addons for Elementor plugin before version 4.1.7 allowed attackers to bypass authentication, gain admin access, and create accounts with elevated roles, even when registration was disabled and the Login widget was inactive. id: CVE-2021-24175 info: name: The Plus Addons for Elementor Pag...

9.8CVSS7AI score0.14462EPSS
Exploits3References2
NVD
NVD
added 3 days ago6 views

CVE-2026-11591

The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 13.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level...

4.4CVSS0.00251EPSS
Exploits0References10
Cvelist
Cvelist
added 3 days ago35 views

CVE-2026-11591 Widgets for Google Reviews <= 13.3 - Authenticated (Editor+) Stored Cross-Site Scripting via 'fomo-title' and 'fomo-text' Parameters

The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 13.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level...

4.4CVSS0.00251EPSS
Exploits0References10
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-43002

The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 7.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS6.2AI score0.0019EPSS
Exploits0References2
CVE
CVE
added 4 days ago15 views

CVE-2026-15295

CVE-2026-15295 affects the WordPress Infinite Scroll – Ajax Load More plugin for WordPress, vulnerable in all versions up to 7.0.1 due to insufficient input sanitization and output escaping. Stored XSS can be triggered by authenticated attackers with administrator-level permissions (and above) vi...

4.4CVSS6.2AI score0.0019EPSS
Exploits0References2
NVD
NVD
added 4 days ago6 views

CVE-2026-12108

The Highlighting Code Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS0.00208EPSS
Exploits0References8
CVE
CVE
added 4 days ago7 views

CVE-2026-12108

The CVE-2026-12108 entry concerns the WordPress Highlighting Code Block plugin. Affected: the Highlighting Code Block plugin for WordPress (versions up to 2.2.0). Vulnerability: Stored Cross-Site Scripting via admin settings caused by insufficient input sanitization and output escaping. Impact: a...

4.4CVSS6.2AI score0.00208EPSS
Exploits0References8
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-12108 Highlighting Code Block <= 2.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'font_family' Setting

The Highlighting Code Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS0.00208EPSS
Exploits0References8
NVD
NVD
added 4 days ago7 views

CVE-2026-12276

The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account through one of its unauthenticated AJAX actions, allowing unauthenticated attackers to register new accounts even when registration has...

5.3CVSS0.00182EPSS
Exploits0References1
CVE
CVE
added 4 days ago8 views

CVE-2026-12276

Affected software: LA-Studio Element Kit for Elementor WordPress plugin

5.3CVSS5.8AI score0.00182EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-42829

The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account through one of its unauthenticated AJAX actions, allowing unauthenticated attackers to register new accounts even when registration has...

5.3CVSS6AI score0.00182EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-12276

The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account through one of its unauthenticated AJAX actions, allowing unauthenticated attackers to register new accounts even when registration has...

5.3CVSS6AI score0.00182EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-12276 LA-Studio Element Kit for Elementor < 1.6.1 - Unauthenticated Open Registration

The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account through one of its unauthenticated AJAX actions, allowing unauthenticated attackers to register new accounts even when registration has...

0.00182EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-15283 WPvivid Backup for MainWP <= 0.9.33 - Authenticated (Admin+) Stored Cross-Site Scripting

The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.9.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS0.00187EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-15283

The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.9.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS6AI score0.00187EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago26 views

CVE-2026-58143 Cotonti Siena 0.9.26 CSRF via admin.php Config Update Endpoint

Cotonti Siena 0.9.26 and earlier contains a cross-site request forgery vulnerability that allows unauthenticated attackers to modify administrator configuration by tricking a logged-in administrator into submitting a forged POST request to the admin.php config update handler, which never invokes...

8.8CVSS0.00175EPSS
Exploits0References2
NVD
NVD
added 5 days ago5 views

CVE-2026-14245

The miniOrange OTP Login, Verification and SMS Notifications plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up to, and including, 5.5.1. This is due to the umresetpasswordprocesshook function performing no server-side...

9.8CVSS0.00586EPSS
Exploits0References10
NVD
NVD
added 6 days ago7 views

CVE-2026-14891

HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver that may allow a job submitter to bind-mount a host path into a container even when volume bind mounts are disabled, potentially leading to reading and writing files on the host. This vulnerability,...

8.7CVSS0.00316EPSS
Exploits0References1
CVE
CVE
added 6 days ago15 views

CVE-2026-14891

HashiCorp Nomad and Nomad Enterprise are affected by a sandbox escape in the Docker task driver that can allow a job submitter to bind-mount a host path into a container, potentially enabling reading/writing host files even when volume bind mounts are disabled. Affected versions include Nomad Com...

8.7CVSS6AI score0.00316EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42283

A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGuardrails, if a specific security setting is not enabled, these services can expose their communication channels without requiring users to prove their identity. This allows any other program within the...

6.3CVSS5.9AI score0.0017EPSS
Exploits0References2
Rows per page
Query Builder