Lucene search
+L

8 matches found

vulnrichment
vulnrichment
added 2026/05/05 3:37 a.m.8 views

CVE-2026-2948 Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem <= 3.5.3 - Authenticated (Contributor+) Server-Side Request Forgery via 'imageUrl'

The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.5.3 via the importimages function. This makes it possible for authenticated attackers, with contributor-level access and above, t...

6.4CVSS5.9AI score0.00151EPSS
Exploits0References2
cve
cve
added 2026/05/05 3:37 a.m.15 views

CVE-2026-2948

The vulnerability CVE-2026-2948 affects the Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress (versions ≤ 3.5.3). It permits Server-Side Request Forgery via the import_images() function, exploitable by authenticated users with contributor-level access or higher. T...

6.4CVSS5.9AI score0.00151EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/05/05 3:37 a.m.4 views

CVE-2026-2948

The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.5.3 via the importimages function. This makes it possible for authenticated attackers, with contributor-level access and above, t...

6.4CVSS5.9AI score0.00151EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/05/05 12:0 a.m.11 views

PT-2026-36962

The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.5.3 via the import images function. This makes it possible for authenticated attackers, with contributor-level access and above, ...

6.4CVSS5.9AI score0.00151EPSS
Exploits0References3
euvd
euvd
added 2025/10/03 8:7 p.m.10 views

EUVD-2025-24220

Malicious code in bioql PyPI...

4.9CVSS6.3AI score0.00508EPSS
Exploits1References4
redhatcve
redhatcve
added 2025/08/14 6:28 a.m.13 views

CVE-2025-8081

The Elementor plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.30.2 via the ImportImages::import function due to insufficient controls on the filename specified. This makes it possible for authenticated attackers, with administrator-level access an...

4.9CVSS6.8AI score0.00508EPSS
Exploits1References1
nvd
nvd
added 2025/08/12 6:15 a.m.17 views

CVE-2025-8081

The Elementor plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.30.2 via the ImportImages::import function due to insufficient controls on the filename specified. This makes it possible for authenticated attackers, with administrator-level access an...

4.9CVSS0.00508EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2025/08/12 12:0 a.m.11 views

PT-2025-32629 · WordPress · Elementor

Name of the Vulnerable Software and Affected Versions: Elementor plugin for WordPress versions up to and including 3.30.2 Description: The Elementor plugin for WordPress is susceptible to arbitrary file reading due to insufficient filename controls within the Import Images::import function...

4.9CVSS7.2AI score0.00508EPSS
Exploits1References11
Rows per page
Query Builder