Lucene search
K

7446 matches found

Patchstack
Patchstack
added 2026/06/01 7:45 p.m.14 views

WordPress Easy Cart plugin <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Easy Cart versions = 1.8...

6.4CVSS5.8AI score0.00243EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/01 1:32 p.m.12 views

WordPress Easy Invoice plugin <= 2.1.19 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by HaiND in WordPress Plugin Easy Invoice versions = 2.1.19...

10CVSS5.8AI score0.00572EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/28 9:25 a.m.11 views

WordPress Easy Updates Manager plugin <= 9.0.20 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Easy Updates Manager versions = 9.0.20...

6.1CVSS5.8AI score0.00205EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/28 8:16 a.m.13 views

CVE-2026-7660

The Easy Updates Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'paged' parameter in versions up to, and including, 9.0.20 This is due to insufficient input sanitization and output escaping in the pagination function. This makes it possible for attackers to...

6.1CVSS0.00205EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/28 6:45 a.m.10 views

CVE-2026-7660

The Easy Updates Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'paged' parameter in versions up to, and including, 9.0.20 This is due to insufficient input sanitization and output escaping in the pagination function. This makes it possible for attackers to...

6.1CVSS6AI score0.00205EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/28 6:45 a.m.10 views

EUVD-2026-32737

The Easy Updates Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'paged' parameter in versions up to, and including, 9.0.20 This is due to insufficient input sanitization and output escaping in the pagination function. This makes it possible for attackers to...

6.1CVSS6AI score0.00205EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/28 6:45 a.m.39 views

CVE-2026-7660 Easy Updates Manager <= 9.0.20 - Reflected Cross-Site Scripting via 'paged' Parameter

The Easy Updates Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'paged' parameter in versions up to, and including, 9.0.20 This is due to insufficient input sanitization and output escaping in the pagination function. This makes it possible for attackers to...

6.1CVSS0.00205EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/05/28 6:45 a.m.9 views

CVE-2026-7660 Easy Updates Manager <= 9.0.20 - Reflected Cross-Site Scripting via 'paged' Parameter

The Easy Updates Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'paged' parameter in versions up to, and including, 9.0.20 This is due to insufficient input sanitization and output escaping in the pagination function. This makes it possible for attackers to...

6.1CVSS6AI score0.00205EPSS
Exploits0References7
CVE
CVE
added 2026/05/28 6:45 a.m.19 views

CVE-2026-7660

The CVE concerns the Easy Updates Manager WordPress plugin (up to version 9.0.20). It is vulnerable to Reflected Cross-Site Scripting via the 'paged' parameter due to insufficient input sanitization and output escaping in the pagination() function, enabling injected scripts to run in pages when a...

6.1CVSS6AI score0.00205EPSS
Exploits0References7
NVD
NVD
added 2026/05/28 6:16 a.m.14 views

CVE-2026-7533

The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.7. This is due to missing nonce verification in the handleoauthredirect function, which is registered on the admininit hook and processes Square OAuth tokens from ...

4.3CVSS0.00135EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/28 5:30 a.m.10 views

EUVD-2026-32725

The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.7. This is due to missing nonce verification in the handleoauthredirect function, which is registered on the admininit hook and processes Square OAuth tokens from ...

4.3CVSS5.8AI score0.00135EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/28 5:30 a.m.15 views

CVE-2026-7533

The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.7. This is due to missing nonce verification in the handleoauthredirect function, which is registered on the admininit hook and processes Square OAuth tokens from ...

4.3CVSS5.8AI score0.00135EPSS
Exploits0References9
CVE
CVE
added 2026/05/28 5:30 a.m.20 views

CVE-2026-7533

The CVE concerns the Easy Digital Downloads WordPress plugin (versions up to and including 3.6.7). The root cause is missing nonce verification in handle_oauth_redirect(), which runs on admin_init and processes Square OAuth tokens from a user-supplied GET parameter without CSRF token validation. ...

4.3CVSS5.8AI score0.00135EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/28 5:30 a.m.38 views

CVE-2026-7533 Easy Digital Downloads <= 3.6.7 - Cross-Site Request Forgery to Payment Account Hijacking via 'square_tokens' Parameter

The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.7. This is due to missing nonce verification in the handleoauthredirect function, which is registered on the admininit hook and processes Square OAuth tokens from ...

4.3CVSS0.00135EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/05/28 5:30 a.m.12 views

CVE-2026-7533 Easy Digital Downloads <= 3.6.7 - Cross-Site Request Forgery to Payment Account Hijacking via 'square_tokens' Parameter

The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.7. This is due to missing nonce verification in the handleoauthredirect function, which is registered on the admininit hook and processes Square OAuth tokens from ...

4.3CVSS5.8AI score0.00135EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.19 views

PT-2026-44205

The Easy Updates Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'paged' parameter in versions up to, and including, 9.0.20 This is due to insufficient input sanitization and output escaping in the pagination function. This makes it possible for attackers to...

6.1CVSS6AI score0.00205EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

WordPress plugin Easy Digital Downloads 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.3CVSS5.7AI score0.00135EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

WordPress plugin Easy Updates Manager 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.1CVSS5.6AI score0.00205EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/05/27 5:18 p.m.16 views

WordPress Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin <= 3.6.7 - Cross-Site Request Forgery to Payment Account Hijacking vulnerability

Cross-Site Request Forgery to Payment Account Hijacking vulnerability discovered by type5afe in WordPress Plugin Easy Digital Downloads versions = 3.6.7...

4.3CVSS5.8AI score0.00135EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/27 11:16 a.m.17 views

CVE-2026-42747

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Blind SQL Injection.This issue affects Easy Form Builder: from n/a through = 4.0.6...

9.3CVSS0.00236EPSS
Exploits0References1
Rows per page
Query Builder