Lucene search
+L

44033 matches found

NVD
NVD
added yesterday5 views

CVE-2026-54243

Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.24 and 6.20.1, form submission values in src/Forms/Exporters/CsvExporter.php were not neutralized for spreadsheet formula characters when exported to CSV. A submission containing a value beginning with a formula...

6.1CVSS
Exploits0References5
EUVD
EUVD
added yesterday5 views

EUVD-2026-45321

Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.24 and 6.20.1, form submission values in src/Forms/Exporters/CsvExporter.php were not neutralized for spreadsheet formula characters when exported to CSV. A submission containing a value beginning with a formula...

6.1CVSS5.3AI score
Exploits0References5
Cvelist
Cvelist
added yesterday11 views

CVE-2026-54243 Statamic: CSV formula injection in form submission exports

Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.24 and 6.20.1, form submission values in src/Forms/Exporters/CsvExporter.php were not neutralized for spreadsheet formula characters when exported to CSV. A submission containing a value beginning with a formula...

6.1CVSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2026-54243

Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.24 and 6.20.1, form submission values in src/Forms/Exporters/CsvExporter.php were not neutralized for spreadsheet formula characters when exported to CSV. A submission containing a value beginning with a formula...

6.1CVSS5.3AI score
Exploits0References6Affected Software1
CVE
CVE
added yesterday26 views

CVE-2026-54243

CVE-2026-54243 affects Statamic CMS (Laravel/Git-powered). Prior to 5.73.24 and 6.20.1, form submission values exported to CSV via CsvExporter.php were not neutralized for spreadsheet formula characters. A value starting with =, +, -, or @ could be interpreted as a live formula when an editor ope...

6.1CVSS5.3AI score
Exploits0References5
Cvelist
Cvelist
added yesterday18 views

CVE-2026-9656 HubSpot All-In-One Marketing <= 11.3.62 - Authenticated (Contributor+) Sensitive Information Exposure via Block Editor Localized Script

The HubSpot All-In-One Marketing – Forms, Popups, Live Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.3.62 via the wplocalizescript / window.leadinConfig JavaScript object. This makes it possible for authenticated attackers, with...

4.3CVSS0.00158EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added yesterday4 views

CVE-2026-9656 HubSpot All-In-One Marketing <= 11.3.62 - Authenticated (Contributor+) Sensitive Information Exposure via Block Editor Localized Script

The HubSpot All-In-One Marketing – Forms, Popups, Live Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.3.62 via the wplocalizescript / window.leadinConfig JavaScript object. This makes it possible for authenticated attackers, with...

4.3CVSS5.3AI score0.00158EPSS
Exploits0References6
NVD
NVD
added yesterday7 views

CVE-2026-15982

The Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.8.4. This is due to due to a missing capability check on the 'aiomaticcallgoogleaifunction' function. This makes ...

9.8CVSS0.00294EPSS
Exploits0References2
Cvelist
Cvelist
added yesterday16 views

CVE-2026-15982 Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit <= 2.8.4 - Unauthenticated Privilege Escalation via 'aiomatic_call_google_ai_function'

The Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.8.4. This is due to due to a missing capability check on the 'aiomaticcallgoogleaifunction' function. This makes ...

9.8CVSS0.00294EPSS
Exploits0References2
EUVD
EUVD
added yesterday8 views

EUVD-2026-45142

The Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.8.4. This is due to due to a missing capability check on the 'aiomaticcallgoogleaifunction' function. This makes ...

9.8CVSS6.3AI score0.00294EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-15982

The Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.8.4. This is due to due to a missing capability check on the 'aiomaticcallgoogleaifunction' function. This makes ...

9.8CVSS5.8AI score0.00294EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added yesterday5 views

CVE-2026-15982 Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit <= 2.8.4 - Unauthenticated Privilege Escalation via 'aiomatic_call_google_ai_function'

The Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.8.4. This is due to due to a missing capability check on the 'aiomaticcallgoogleaifunction' function. This makes ...

9.8CVSS5.8AI score0.00294EPSS
Exploits0References2
CVE
CVE
added yesterday22 views

CVE-2026-15982

The CVE-2026-15982 entry describes a Privilege Escalation flaw in the Aimogen Pro WordPress plugin (&lt;= 2.8.4). The root cause is a missing capability check in the function aiomatic_call_google_ai_function, which allows unauthenticated attackers to use the aimogen_wp_god_mode tool to clear func...

9.8CVSS6.3AI score0.00294EPSS
Exploits0References2
NVD
NVD
added yesterday8 views

CVE-2026-15457

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.0.13 via the 'family' parameter. This makes it possible for authenticated attackers, with editor-level access and above, to delete...

4.9CVSS0.00766EPSS
Exploits0References10
Nuclei
Nuclei
added yesterday33 views

Safe Editor Plugin < 1.2 - CSS/JS-injection

The safe-editor plugin before 1.2 for WordPress has no sesave authentication, with resultant XSS. id: CVE-2016-10976 info: name: Safe Editor Plugin 1.2 - CSS/JS-injection author: Splint3r7 severity: medium description: | The safe-editor plugin before 1.2 for WordPress has no sesave authentication...

6.1CVSS6.2AI score0.01506EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday44 views

WordPress Admin Font Editor <=1.8 - Cross-Site Scripting

WordPress Admin Font Editor plugin indexisto 1.8 and before contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

6.1CVSS6.3AI score0.03432EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday477 views

Moodle - Cross-Site Scripting/Remote Code Execution

The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system. Moodle versions 4.1.x before 4.1.3 and 4.2.x before...

6.5CVSS6.7AI score0.06583EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday13 views

Guten Free Options - Cross Site Scripting

Guten Free Options WordPress plugin = 0.9.5 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute malicious scripts in high privilege users' browsers, exploit requires victim to click malicious link. id: CVE-2024-13492 info: name: Guten Free...

6.1CVSS8AI score0.00563EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday118 views

GutenKit <= 2.1.0 - Arbitrary File Upload

The GutenKit Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the installandactivatepluginfromexternal function install-active-plugin REST API endpoint in all versions up to, a...

9.8CVSS8.7AI score0.10514EPSS
Exploits3References2
Nuclei
Nuclei
added yesterday54 views

WordPress MW Font Changer <=4.2.5 - Cross-Site Scripting

WordPress MW Font Changer plugin 4.2.5 and before contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

6.1CVSS6.3AI score0.04448EPSS
Exploits2References5
Rows per page
Query Builder