Lucene search
K

84 matches found

Nuclei
Nuclei
added yesterday81 views

WordPress InPost Gallery <2.1.4.1 - Local File Inclusion

WordPress InPost Gallery plugin before 2.1.4.1 is susceptible to local file inclusion. The plugin insecurely uses PHP's extract function when rendering HTML views, which can allow attackers to force inclusion of malicious files and URLs. This, in turn, can enable them to execute code remotely on...

9.8CVSS7.2AI score0.09519EPSS
Exploits2References5
EUVD
EUVD
added 2026/06/25 9:31 a.m.5 views

EUVD-2026-39188

The InPost PL WordPress plugin before 1.9.1 does not verify that the request originates from the legitimate buyer before allowing the WooCommerce order parcel-locker destination to be updated, allowing unauthenticated attackers to silently redirect the shipping destination of any pending or...

7.5CVSS5.9AI score0.00208EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 7:16 a.m.13 views

CVE-2026-9702

The InPost PL WordPress plugin before 1.9.1 does not verify that the request originates from the legitimate buyer before allowing the WooCommerce order parcel-locker destination to be updated, allowing unauthenticated attackers to silently redirect the shipping destination of any pending or...

7.5CVSS0.00208EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 6:0 a.m.31 views

CVE-2026-9702 InPost PL < 1.9.1 - Unauthenticated WooCommerce Order Parcel-Locker Hijacking

The InPost PL WordPress plugin before 1.9.1 does not verify that the request originates from the legitimate buyer before allowing the WooCommerce order parcel-locker destination to be updated, allowing unauthenticated attackers to silently redirect the shipping destination of any pending or...

0.00208EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 6:0 a.m.27 views

CVE-2026-9702

The CVE concerns the InPost PL WordPress plugin (before 1.9.1) failing to verify that a request to update the WooCommerce order parcel-locker destination originates from the legitimate buyer. This allows unauthenticated attackers to silently redirect the shipping destination of any pending or pro...

7.5CVSS5.9AI score0.00208EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 10:16 a.m.11 views

CVE-2026-39574

Unauthenticated SQL Injection in InPost Gallery = 2.1.4.6 versions...

9.3CVSS0.00234EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 9:0 a.m.20 views

CVE-2026-39574

CVE-2026-39574 : Unauthenticated SQL injection in the WordPress InPost Gallery plugin, affected versions ≤ 2.1.4.6. Root cause and exact exploit details are not provided in the documents; CVSS v3.1 base score 9.3 (CRITICAL, NETWORK, no privileges required, user interaction: none). No remediation ...

9.3CVSS5.7AI score0.00234EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 9:0 a.m.34 views

CVE-2026-39574 WordPress InPost Gallery plugin <= 2.1.4.6 - SQL Injection vulnerability

Unauthenticated SQL Injection in InPost Gallery = 2.1.4.6 versions...

9.3CVSS0.00234EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/16 9:0 a.m.9 views

EUVD-2026-37046

Unauthenticated SQL Injection in InPost Gallery = 2.1.4.6 versions...

9.3CVSS5.8AI score0.00234EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/04/20 9:57 a.m.6 views

WordPress InPost Gallery plugin <= 2.1.4.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by hivesec in WordPress Plugin InPost Gallery versions = 2.1.4.6...

5.8AI score0.00234EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/15 7:10 a.m.17 views

CVE-2026-0736

The Chatbot for WordPress by Collect.chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'inpostheadscriptsynthheaderscript' post meta field in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping. This makes it possible fo...

6.4CVSS5.7AI score0.00255EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/14 12:0 a.m.10 views

PT-2026-8066

The Chatbot for WordPress by Collect.chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ' inpost head scriptsynth header script' post meta field in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping. This makes it possib...

6.4CVSS5.7AI score0.00255EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/13 10:53 p.m.5 views

CVE-2025-11453

The Header and Footer Scripts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the inpostheadscript parameter in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS6.1AI score0.00235EPSS
Exploits0References1
NVD
NVD
added 2026/01/09 12:15 p.m.28 views

CVE-2025-11453

The Header and Footer Scripts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the inpostheadscript parameter in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00235EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/09 11:15 a.m.12 views

CVE-2025-11453 Header and Footer Scripts <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Header and Footer Scripts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the inpostheadscript parameter in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS6AI score0.00235EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.9 views

PT-2026-1694

Name of the Vulnerable Software and Affected Versions Header and Footer Scripts plugin for WordPress versions up to and including 2.2.2 Description The Header and Footer Scripts plugin for WordPress is susceptible to Stored Cross-Site Scripting through the inpost head script parameter. Insufficie...

6.4CVSS5.1AI score0.00235EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.29 views

EUVD-2023-32327

Malicious code in bioql PyPI...

5.4CVSS6.5AI score0.00441EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-27026

Malicious code in bioql PyPI...

7.5CVSS6.4AI score0.00361EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-11121

Malicious code in bioql PyPI...

4.3CVSS6.2AI score0.00153EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-33729

Malicious code in bioql PyPI...

6.3CVSS8.8AI score0.0057EPSS
Exploits0References4
Rows per page
Query Builder