Lucene search
K

6809 matches found

Nuclei
Nuclei
added 7 hours ago81 views

PDF Generator Addon for Elementor Page Builder <= 1.7.5 - Arbitrary File Download

The PDF Generator Addon for Elementor Page Builder plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.5 via the rtwpgaepbdwnldpdf function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which...

7.5CVSS7.1AI score0.07486EPSS
Exploits3References4
Nuclei
Nuclei
added 7 hours ago94 views

Plenti < v0.7.2 - OS Command Injection

Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The /postLocal endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the...

9.3CVSS7AI score0.02763EPSS
Exploits1References2
Nuclei
Nuclei
added 7 hours ago52 views

Contact Form Generator <= 2.5.5 - Cross-Site Scripting

The Contact Form Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in wp-admin/admin.php in versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

7.1CVSS6.8AI score0.01231EPSS
Exploits3References2
Nuclei
Nuclei
added 7 hours ago45 views

WordPress WP Child Theme Generator < 1.1.3 - Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in WEN Solutions WP Child Theme Generator.This issue affects WP Child Theme Generator- from n/a through 1.0.9. id: CVE-2023-47873 info: name: WordPress WP Child Theme Generator 1.1.3 - Arbitrary File Upload author: cysamu,Crux severity...

9.1CVSS7AI score0.02276EPSS
Exploits0References4
Nuclei
Nuclei
added 7 hours ago100 views

PDF Generator for WordPress < 1.1.2 - Cross Site Scripting

The plugin includes a vendored dompdf example file which is susceptible to Reflected Cross-Site Scripting and could be used against high privilege users such as admin id: CVE-2022-4321 info: name: PDF Generator for WordPress 1.1.2 - Cross Site Scripting author: r3Y3r53,HuTa0 severity: medium...

6.1CVSS6.4AI score0.01193EPSS
Exploits2References5
Nuclei
Nuclei
added 7 hours ago49 views

WordPress XML Sitemap Generator for Google <2.0.4 - Cross-Site Scripting/Remote Code Execution

WordPress XML Sitemap Generator for Google plugin before 2.0.4 contains a cross-site scripting vulnerability that can lead to remote code execution. It does not validate a parameter which can be set to an arbitrary value, thus causing cross-site scripting via error message or remote code executio...

6.1CVSS6.8AI score0.02205EPSS
Exploits1References5
Nuclei
Nuclei
added 7 hours ago140 views

Companion Sitemap Generator < 4.5.3 - Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. id: CVE-2023-1780 info: name: Companion Sitemap Generator 4.5.3 - Cross-Site Scripting author:...

6.1CVSS6.7AI score0.00998EPSS
Exploits2References2
NVD
NVD
added yesterday6 views

CVE-2026-61500

Rejetto HFS 3.0.0 through 3.2.0 derives its session-cookie signing key from the non-cryptographic Math.random generator and discloses outputs of the same generator to unauthenticated clients during login. A remote attacker can collect a small number of login responses, reconstruct the generator's...

9.8CVSS
Exploits0References2
NVD
NVD
added yesterday5 views

CVE-2026-59515

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Sergey AIWU ai-copilot-content-generator allows Blind SQL Injection.This issue affects AIWU: from n/a through = 1.5.4...

9.3CVSS0.004EPSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-57413

Server-Side Request Forgery SSRF vulnerability in bdthemes Instant Image Generator ai-image allows Server Side Request Forgery.This issue affects Instant Image Generator: from n/a through = 2.1.4...

6.4CVSS0.0023EPSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-57407

Server-Side Request Forgery SSRF vulnerability in WP Swings PDF Generator for WordPress pdf-generator-for-wp allows Server Side Request Forgery.This issue affects PDF Generator for WordPress: from n/a through = 1.6.2...

7.2CVSS0.00266EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday19 views

CVE-2026-59515 WordPress AIWU plugin <= 1.5.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Sergey AIWU ai-copilot-content-generator allows Blind SQL Injection.This issue affects AIWU: from n/a through = 1.5.4...

9.3CVSS0.004EPSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-57407

The vulnerability concerns the WordPress plugin PDF Generator for WordPress (plugin name shown as pdf-generator-for-wp) and is described as a Server-Side Request Forgery (SSRF) . Affected versions are listed as “from n/a through

7.2CVSS6.1AI score0.00266EPSS
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-57413

CVE-2026-57413 describes a Server-Side Request Forgery (SSRF) vulnerability in the WordPress plugin “Instant Image Generator” (ai-image). The connected documents indicate the issue affects Instant Image Generator versions from n/a up to 2.1.4. The available details specify the vulnerability type ...

6.4CVSS6.1AI score0.0023EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday18 views

CVE-2026-57407 WordPress PDF Generator for WordPress plugin <= 1.6.2 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in WP Swings PDF Generator for WordPress pdf-generator-for-wp allows Server Side Request Forgery.This issue affects PDF Generator for WordPress: from n/a through = 1.6.2...

7.2CVSS0.00266EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday19 views

CVE-2026-57413 WordPress Instant Image Generator plugin <= 2.1.4 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in bdthemes Instant Image Generator ai-image allows Server Side Request Forgery.This issue affects Instant Image Generator: from n/a through = 2.1.4...

6.4CVSS0.0023EPSS
Exploits0References1
EUVD
EUVD
added yesterday11 views

EUVD-2026-43253

A vulnerability was identified in pig-mesh Pig up to 3.9.2. Affected by this issue is some unknown functionality of the file \pig-master\pig-visual\pig-codegen\src\main\java\com\pig4cloud\pig\codegen\service\impl\GeneratorServiceImpl.java of the component pig-codegen. Such manipulation leads to...

6.5CVSS6.3AI score0.00376EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-57718

Name of the Vulnerable Software and Affected Versions PDF Generator for WordPress versions prior to 1.6.3 Description A Server-Side Request Forgery SSRF issue exists in the PDF Generator for WordPress plugin. This flaw allows an unauthenticated attacker to induce the server to make requests to...

7.2CVSS6.1AI score0.00266EPSS
Exploits0References3
Cvelist
Cvelist
added 2 days ago25 views

CVE-2026-15512 pig-mesh Pig pig-codegen GeneratorServiceImpl.java code injection

A vulnerability was identified in pig-mesh Pig up to 3.9.2. Affected by this issue is some unknown functionality of the file \pig-master\pig-visual\pig-codegen\src\main\java\com\pig4cloud\pig\codegen\service\impl\GeneratorServiceImpl.java of the component pig-codegen. Such manipulation leads to...

6.5CVSS0.00376EPSS
Exploits0References5
NVD
NVD
added 4 days ago8 views

CVE-2026-41482

Frappe is a full-stack web application framework. Prior to 16.18.3, possible path traversal and local file inclusion were possible through secure local resource access in the Chrome PDF Generator. This issue is fixed in version 16.18.3...

7.1CVSS0.00338EPSS
Exploits0References6
Rows per page
Query Builder