Lucene search
K

7447 matches found

Nuclei
Nuclei
added 15 hours ago176 views

EasySpider 0.6.2 - Arbitrary File Read

A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Affected by this vulnerability is an unknown functionality of the file \EasySpider\resources\app\server.js of the component HTTP GET Request Handler. The manipulation with the input...

8.8CVSS5.6AI score0.03333EPSS
Exploits1References6
Nuclei
Nuclei
added 15 hours ago101 views

WordPress Easy Digital Downloads 3.1.0.2/3.1.0.3 - SQL Injection

WordPress Easy Digital Downloads plugin 3.1.0.2 and 3.1.0.3 contains a SQL injection vulnerability in the s parameter of its edddownloadsearch action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the...

9.8CVSS7.1AI score0.11172EPSS
Exploits2References5
Nuclei
Nuclei
added 15 hours ago27 views

WordPress Easy Student Results <=2.2.8 - Improper Authorization

WordPress Easy Student Results plugin through 2.2.8 is susceptible to information disclosure. The plugin lacks authorization in its REST API, which can allow an attacker to retrieve sensitive information related to courses, exams, and departments, as well as student grades and information such as...

7.5CVSS7AI score0.02801EPSS
Exploits2References5
Nuclei
Nuclei
added 15 hours ago26 views

Easy Appointments <= 3.12.21 - Information Disclosure

Easy Appointments WordPress plugin = 3.12.21 contains a sensitive information exposure caused by an unauthenticated REST API endpoint /wp-json/wp/v2/eablocks/eaappointments/ registered with permissioncallback allowing unrestricted access, letting unauthenticated attackers extract sensitive custom...

7.5CVSS7AI score0.0239EPSS
Exploits1References2
Nuclei
Nuclei
added 15 hours ago82 views

WordPress Easy Digital Downloads <= 3.2.12 - SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Easy Digital Downloads allows SQL Injection.This issue affects Easy Digital Downloads: from n/a through 3.2.12. id: CVE-2024-5057 info: name: WordPress Easy Digital Downloads = 3.2.12 - SQL Injecti...

9.8CVSS6.1AI score0.02588EPSS
Exploits0References3
Nuclei
Nuclei
added 15 hours ago47 views

Easy Digital Downloads - Privilege Escalation

Improper Authentication vulnerability in Easy Digital Downloads plugin allows unauth. Privilege Escalation. This issue affects Easy Digital Downloads: from 3.1 through 3.1.1.4.1. id: CVE-2023-30869 info: name: Easy Digital Downloads - Privilege Escalation author: daffainfo severity: critical...

9.8CVSS7AI score0.031EPSS
Exploits0References3
Nuclei
Nuclei
added 15 hours ago72 views

Easy WP SMTP <= 1.3.9 - Missing Authorization to Arbitrary Options Update

The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.3.9. This is due to missing capability checks on the admininit function, in addition to insufficient input validation. This makes it possible for unauthenticated attackers to modify the...

9.8CVSS7AI score0.04461EPSS
Exploits1References3
Nuclei
Nuclei
added 15 hours ago63 views

WordPress Easy Pricing Tables <3.2.1 - Cross-Site Scripting

WordPress Easy Pricing Tables plugin before 3.2.1 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter before reflecting it back in a page available to any user both authenticated and unauthenticated when a specific setting is enabled. id:...

6.1CVSS6.4AI score0.01388EPSS
Exploits2References5
Nuclei
Nuclei
added 15 hours ago55 views

WordPress Easy Social Icons Plugin < 3.0.9 - Cross-Site Scripting

The Easy Social Icons plugin = 3.0.8 for WordPress echoes out the raw value of $SERVER'PHPSELF' in its main file. On certain configurations including Apache+modPHP this makes it possible to use it to perform a reflected cross-site scripting attack by injecting malicious code in the request path...

6.1CVSS6.4AI score0.0236EPSS
Exploits2References5
NVD
NVD
added 4 days ago6 views

CVE-2026-6802

The Easy Upload Files During Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.0.1. This is due to missing authorization checks in the ufdccustominit function, which processes the 'eufdc-delete' parameter without any nonce verification,...

5.3CVSS0.00243EPSS
Exploits0References8
NVD
NVD
added 4 days ago6 views

CVE-2026-11992

The Easy Appointments plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.12.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with author-level...

4.3CVSS0.0028EPSS
Exploits0References9
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42850

The Easy Appointments plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.12.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with author-level...

4.3CVSS6.1AI score0.0028EPSS
Exploits0References9
CVE
CVE
added 4 days ago6 views

CVE-2026-11992

The CVE-2026-11992 entry concerns the WordPress plugin Easy Appointments (versions up to 3.12.27). The root cause is an authorization bypass: the plugin does not properly verify a user’s permission for actions, enabling authenticated users with author-level access or higher to cancel all upcoming...

4.3CVSS6.1AI score0.0028EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-11992

The Easy Appointments plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.12.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with author-level...

4.3CVSS6.1AI score0.0028EPSS
Exploits0References10
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-6802 Easy Upload Files During Checkout <= 3.0.1 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion via 'eufdc-delete' Parameter

The Easy Upload Files During Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.0.1. This is due to missing authorization checks in the ufdccustominit function, which processes the 'eufdc-delete' parameter without any nonce verification,...

5.3CVSS0.00243EPSS
Exploits0References8
Patchstack
Patchstack
added 5 days ago5 views

WordPress Easy Upload Files During Checkout plugin <= 3.0.1 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Easy Upload Files During Checkout versions = 3.0.1...

5.3CVSS6.1AI score0.00243EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 5 days ago5 views

WordPress Easy Appointments plugin <= 3.12.27 - Missing Authorization to Authenticated (Author+) Bulk Appointment Manipulation vulnerability

Missing Authorization to Authenticated Author+ Bulk Appointment Manipulation vulnerability discovered by armx64 in WordPress Plugin Easy Appointments versions = 3.12.27...

4.3CVSS6.1AI score0.0028EPSS
Exploits0References1Affected Software1
NVD
NVD
added 5 days ago6 views

CVE-2026-9021

The Easy Invoice plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.19. This is due to the plugin registering the easyinvoiceacceptquote and easyinvoicedeclinequote AJAX actions via wpajaxnopriv hooks and relying solely on a quote-scoped nonce that i...

5.3CVSS0.00297EPSS
Exploits0References10
CVE
CVE
added 5 days ago11 views

CVE-2026-9021

The CVE concerns the WordPress plugin Easy Invoice (WordPress plugin) with vulnerability in versions up to 2.1.19. The root cause is Missing Authorization via AJAX actions easy_invoice_accept_quote and easy_invoice_decline_quote , registered with wp_ajax_nopriv_ hooks and relying on a quote-scope...

5.3CVSS6AI score0.00297EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-9021

The Easy Invoice plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.19. This is due to the plugin registering the easyinvoiceacceptquote and easyinvoicedeclinequote AJAX actions via wpajaxnopriv hooks and relying solely on a quote-scoped nonce that i...

5.3CVSS6AI score0.00297EPSS
Exploits0References11
Rows per page
Query Builder