Lucene search
K

286 matches found

Nuclei
Nuclei
added 14 hours ago35 views

Featurific For WordPress 1.6.2 - Cross-Site Scripting

A cross-site scripting vulnerability in cachedimage.php in the Featurific For WordPress plugin 1.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the snum parameter. id: CVE-2011-5265 info: name: Featurific For WordPress 1.6.2 - Cross-Site Scripting author:...

4.3CVSS6AI score0.09964EPSS
Exploits0References4
Nuclei
Nuclei
added 14 hours ago14 views

SendGrid for WordPress <= 1.4 - SQL Injection

Smackcoders SendGrid for WordPress affected versions 1.4 and below contains a SQL injection caused by improper neutralization of special elements used in an SQL command, letting attackers execute arbitrary SQL queries, exploit requires crafted input. id: CVE-2024-43965 info: name: SendGrid for...

9.8CVSS6.2AI score0.0188EPSS
Exploits1References2
Nuclei
Nuclei
added 14 hours ago86 views

WordPress Podlove Podcast Publisher <3.5.6 - SQL Injection

WordPress Podlove Podcast Publisher plugin before 3.5.6 is susceptible to SQL injection. The Social & Donations module, not activated by default, adds the REST route /services/contributor/?P\d+ and takes id and category parameters as arguments. Both parameters can be exploited, thereby potentiall...

9.8CVSS7.2AI score0.09404EPSS
Exploits2References4
EUVD
EUVD
added 2026/06/27 6:0 a.m.7 views

EUVD-2026-39947

The Shariff for WordPress Shariff for WordPress plugin through 1.0.11 does not sanitize or escape the shariffinfourl setting before outputting it in the frontend HTML via the generateshariff function, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...

5.8AI score0.00142EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:17 p.m.24 views

CVE-2026-23970

The CVE covers WordPress plugin Redirection for Contact Form 7 (versions

7.1CVSS5.1AI score0.00237EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.9 views

CVE-2026-4811

The WPB Floating Menu & Categories for WordPress – Sticky Side Menu with Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Icon CSS Class' category field in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This mak...

4.9CVSS5.7AI score0.00311EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/28 6:45 a.m.34 views

CVE-2026-7621 SMTP2GO for WordPress <= 1.16.0 - Missing Authorization to Authenticated (Subscriber+) Log Read/Truncate

The SMTP2GO for WordPress – Email Made Easy plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.16.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers,...

4.3CVSS0.0025EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2026/05/14 12:32 p.m.11 views

CVE-2026-4030 Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Arbitrary File Read and Deletion

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized arbitrary file read and deletion in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check combined with a user-controlled backup...

8.1CVSS5.9AI score0.00464EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/08 9:31 a.m.6 views

EUVD-2026-20251

Missing Authorization vulnerability in ilGhera JW Player for WordPress jw-player-7-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JW Player for WordPress: from n/a through = 2.3.6...

5.9AI score0.00165EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:10 p.m.3 views

CVE-2026-1781

The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.11.1. This is due to the plugin trusting the mc4wpaction POST parameter without validation, allowing unauthenticated attackers to force the form to process...

6.5CVSS5.8AI score0.00265EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/26 6:30 a.m.4 views

EUVD-2026-16084

The FloristPress for Woo – Customize your eCommerce store for your Florist plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'noresults' parameter in all versions up to, and including, 7.8.2 due to insufficient input sanitization and output escaping on the user supplied...

6.1CVSS6AI score0.0027EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/25 6:31 p.m.4 views

EUVD-2026-15542

Missing Authorization vulnerability in BlueGlass Interactive AG Jobs for WordPress job-postings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Jobs for WordPress: from n/a through = 2.8...

5.8AI score0.00353EPSS
Exploits0References2
NVD
NVD
added 2026/03/25 5:16 p.m.4 views

CVE-2026-23806

Missing Authorization vulnerability in BlueGlass Interactive AG Jobs for WordPress job-postings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Jobs for WordPress: from n/a through = 2.8...

7.5CVSS0.00353EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.25 views

CVE-2026-23806 WordPress Jobs for WordPress plugin <= 2.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in BlueGlass Interactive AG Jobs for WordPress job-postings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Jobs for WordPress: from n/a through = 2.8...

7.5CVSS0.00353EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.2 views

CVE-2026-23806 WordPress Jobs for WordPress plugin <= 2.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in BlueGlass Interactive AG Jobs for WordPress job-postings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Jobs for WordPress: from n/a through = 2.8...

7.5CVSS5.9AI score0.00353EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:14 p.m.9 views

CVE-2026-23806

CVE-2026-23806 corresponds to a Missing Authorization / Broken Access Control vulnerability in the WordPress plugin Jobs for WordPress, affecting versions through 2.8. The issue arises from incorrectly configured access control security levels, potentially enabling unauthorized access or actions ...

7.5CVSS5.8AI score0.00353EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/11 9:59 a.m.6 views

WordPress MC4WP: Mailchimp for WordPress plugin <= 4.11.1 - Missing Authorization to Unauthenticated Arbitrary Subscription Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Subscription Deletion vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin MC4WP versions = 4.11.1...

6.5CVSS5.8AI score0.00265EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/11 1:22 a.m.31 views

CVE-2026-1781 MC4WP: Mailchimp for WordPress <= 4.11.1 - Missing Authorization to Unauthenticated Arbitrary Subscription Deletion

The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.11.1. This is due to the plugin trusting the mc4wpaction POST parameter without validation, allowing unauthenticated attackers to force the form to process...

6.5CVSS0.00265EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/03/11 1:22 a.m.4 views

CVE-2026-1781

The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.11.1. This is due to the plugin trusting the mc4wpaction POST parameter without validation, allowing unauthenticated attackers to force the form to process...

6.5CVSS5.8AI score0.00265EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/03/06 7:55 a.m.8 views

CVE-2025-69343

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jeroen Schmit Theater for WordPress theatre allows Stored XSS.This issue affects Theater for WordPress: from n/a through = 0.19...

6.5CVSS5.8AI score0.00211EPSS
Exploits0References1
Rows per page
Query Builder