Lucene search
K

602 matches found

NVD
NVD
added 2 days ago5 views

CVE-2026-61970

Server-Side Request Forgery SSRF vulnerability in Themeisle Auto Featured Image Auto Post Thumbnail auto-post-thumbnail allows Server Side Request Forgery.This issue affects Auto Featured Image Auto Post Thumbnail: from n/a through = 5.0.4...

4.9CVSS0.00119EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-61970 WordPress Auto Featured Image (Auto Post Thumbnail) plugin <= 5.0.4 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in Themeisle Auto Featured Image Auto Post Thumbnail auto-post-thumbnail allows Server Side Request Forgery.This issue affects Auto Featured Image Auto Post Thumbnail: from n/a through = 5.0.4...

4.9CVSS0.00119EPSS
Exploits0References1
CVE
CVE
added 2 days ago11 views

CVE-2026-61970

The CVE-2026-61970 entry concerns a Server-Side Request Forgery (SSRF) in the Themeisle Auto Featured Image (Auto Post Thumbnail) WordPress plugin. Affected versions are &lt;= 5.0.4 (reported as from n/a through

4.9CVSS6.1AI score0.00119EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago36 views

CVE-2026-10041 WCFM – Frontend Manager for WooCommerce <= 6.7.27 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Vendor Data Manipulation via Multiple AJAX Handlers

The WCFM – Frontend Manager for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.27 via the wcfmproductarchive due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS0.0025EPSS
Exploits0References12
NVD
NVD
added 6 days ago8 views

CVE-2026-55424

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, a topic "featured link" was not sufficiently normalized and escaped before being rendered in the topic list, allowing a user who can set a featured link to inject JavaScript when default Content...

7.4CVSS0.0027EPSS
Exploits0References9
CVE
CVE
added 6 days ago8 views

CVE-2026-55424

CVE-2026-55424 – Discourse topic featured link stored XSS . Discourse (open-source discussion platform) prior to versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5 allowed a mis-normalized/undescoped topic feature link to inject JavaScript when default Content Security Policy protections were mo...

7.4CVSS6AI score0.0027EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-55424 Discourse: Topic featured link susceptible to stored XSS

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, a topic "featured link" was not sufficiently normalized and escaped before being rendered in the topic list, allowing a user who can set a featured link to inject JavaScript when default Content...

7.4CVSS0.0027EPSS
Exploits0References9
OSV
OSV
added 6 days ago3 views

CVE-2026-55424 Discourse: Topic featured link susceptible to stored XSS

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, a topic "featured link" was not sufficiently normalized and escaped before being rendered in the topic list, allowing a user who can set a featured link to inject JavaScript when default Content...

7.4CVSS6.1AI score0.0027EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-55424

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, a topic "featured link" was not sufficiently normalized and escaped before being rendered in the topic list, allowing a user who can set a featured link to inject JavaScript when default Content...

7.4CVSS6AI score0.0027EPSS
Exploits0References10Affected Software1
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-57001

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.6.0 Discourse versions prior to 2026.5.1 Discourse versions prior to 2026.4.2 Discourse versions prior to 2026.1.5 Description A topic featured link is not sufficiently normalized and escaped before being...

7.4CVSS6.1AI score0.0027EPSS
Exploits0References12
NVD
NVD
added 2026/07/01 8:16 a.m.9 views

CVE-2026-12435

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.111. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00232EPSS
Exploits0References8
EUVD
EUVD
added 2026/07/01 7:53 a.m.7 views

EUVD-2026-40935

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.111. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS5.9AI score0.00232EPSS
Exploits0References8
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2026-57431

Author Cross Site Scripting XSS in Featured Image = 2.1 versions...

6.5CVSS0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:53 p.m.32 views

CVE-2026-57431 WordPress Featured Image plugin <= 2.1 - Cross Site Scripting (XSS) vulnerability

Author Cross Site Scripting XSS in Featured Image = 2.1 versions...

6.5CVSS0.00161EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:53 p.m.5 views

EUVD-2026-39739

Author Cross Site Scripting XSS in Featured Image = 2.1 versions...

6.5CVSS5.8AI score0.00161EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 2:53 p.m.6 views

CVE-2026-57431

Author Cross Site Scripting XSS in Featured Image = 2.1 versions...

6.5CVSS5.8AI score0.00161EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 2:53 p.m.14 views

CVE-2026-57431

The CVE-2026-57431 entry describes an Author Cross Site Scripting (XSS) vulnerability in the WordPress Featured Image plugin, affecting versions

6.5CVSS5.8AI score0.00161EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/25 8:33 a.m.6 views

WordPress Featured Image plugin <= 2.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Featured Image versions = 2.1...

6.5CVSS5.8AI score0.00161EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/22 6:16 a.m.12 views

CVE-2026-7859

The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image and, on WooCommerce sites, product prices...

5.3CVSS0.00117EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 6:0 a.m.5 views

CVE-2026-7859

The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image and, on WooCommerce sites, product prices...

5.3CVSS6AI score0.00117EPSS
Exploits0References1
Rows per page
Query Builder