Lucene search
K

260 matches found

Nuclei
Nuclei
added yesterday27 views

Woo Inquiry <= 0.1 - SQL Injection

The Woo Inquiry plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 0.1 due to insufficient escaping on the user supplied parameter 'dbid' and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to...

10CVSS6.1AI score0.04317EPSS
Exploits1References3
CVE
CVE
added 4 days ago17 views

CVE-2026-12994

Technical details are not publicly available in the provided documents. The description summarizes the vulnerability but lacks concrete affected versions, components, and remediation specifics beyond general impact. Monitor for updates.

5.3CVSS6.2AI score0.00361EPSS
Exploits0References12
Cvelist
Cvelist
added 4 days ago28 views

CVE-2026-12994 WCFM – Frontend Manager for WooCommerce <= 6.7.27 - Missing Authorization to Unauthenticated Arbitrary Inquiry Reply Injection via wcfm-my-account-enquiry-manage Controller

The WCFM – Frontend Manager for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.7.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attacker...

5.3CVSS0.00361EPSS
Exploits0References12
OSV
OSV
added 2026/06/30 8:22 a.m.3 views

SUSE-SU-2026:2690-1 Security update for sg3_utils

This update for sg3utils fixes the following issue Update to version 1.44763+23.769c9b5b: - sginq: --export output conformance for SCSI name string and ATA fields bsc1267823...

5.8AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.12 views

CVE-2026-4090

The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.2. This is due to missing nonce verification in the rdicsettingspage function when processing settings form submissions. This makes it possible for unauthenticated attackers...

6.1CVSS5.5AI score0.00243EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: A bad drive in the topology results in a kernel crash. When the SAS Transport Layer support is enabled and a device is exposed to the operating system through the driver, if INQUIRY commands fail, the driver release...

7.8CVSS6.2AI score0.00172EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/22 9:31 a.m.5 views

EUVD-2026-24656

The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.2. This is due to missing nonce verification in the rdicsettingspage function when processing settings form submissions. This makes it possible for unauthenticated attackers...

6.1CVSS5.7AI score0.00243EPSS
Exploits0References18
NVD
NVD
added 2026/04/22 9:16 a.m.8 views

CVE-2026-4090

The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.2. This is due to missing nonce verification in the rdicsettingspage function when processing settings form submissions. This makes it possible for unauthenticated attackers...

6.1CVSS0.00243EPSS
Exploits0References17
Cvelist
Cvelist
added 2026/04/22 7:45 a.m.29 views

CVE-2026-4090 Inquiry cart <= 3.4.2 - Cross-Site Request Forgery via Settings Form

The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.2. This is due to missing nonce verification in the rdicsettingspage function when processing settings form submissions. This makes it possible for unauthenticated attackers...

6.1CVSS0.00243EPSS
Exploits0References17
ATTACKERKB
ATTACKERKB
added 2026/04/22 7:45 a.m.3 views

CVE-2026-4090

The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.2. This is due to missing nonce verification in the rdicsettingspage function when processing settings form submissions. This makes it possible for unauthenticated attackers...

6.1CVSS5.7AI score0.00243EPSS
Exploits0References18
CVE
CVE
added 2026/04/22 7:45 a.m.14 views

CVE-2026-4090

Technical details beyond the CVE entry are not provided in the connected documents. Monitor for updates on affected plugin versions and remediation status.

6.1CVSS5.7AI score0.00243EPSS
Exploits0References17
Vulnrichment
Vulnrichment
added 2026/04/22 7:45 a.m.4 views

CVE-2026-4090 Inquiry cart <= 3.4.2 - Cross-Site Request Forgery via Settings Form

The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.2. This is due to missing nonce verification in the rdicsettingspage function when processing settings form submissions. This makes it possible for unauthenticated attackers...

6.1CVSS5.7AI score0.00243EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.12 views

PT-2026-34284

The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.2. This is due to missing nonce verification in the rd ic settings page function when processing settings form submissions. This makes it possible for unauthenticated...

6.1CVSS5.7AI score0.00243EPSS
Exploits0References19
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.10 views

WordPress plugin Inquiry Cart 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.1CVSS5.7AI score0.00243EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/15 6:46 a.m.33 views

CVE-2026-6293 Inquiry form to posts or pages <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'inq_header' Parameter

The Inquiry Form to Posts or Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Stored Cross-Site Scripting in version 1.0. This is due to missing nonce validation on the plugin settings update handler, combined with insufficient input sanitization on all...

4.3CVSS0.00219EPSS
Exploits0References9
Patchstack
Patchstack
added 2026/04/15 12:0 a.m.5 views

WordPress Inquiry form to posts or pages plugin <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'inq_header' Parameter vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting via 'inqheader' Parameter vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Inquiry form to posts or pages versions = 1.0...

4.3CVSS5.8AI score0.00219EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.9 views

WordPress plugin Inquiry Form to Posts or Pages 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Version...

4.3CVSS5.6AI score0.00219EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/13 7:24 p.m.4 views

CVE-2026-5169

The Inquiry Form to Posts or Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Form Header' field in versions up to and including 1.0. This is due to insufficient input sanitization when saving via updateoption and lack of output escaping when displaying the stored...

4.4CVSS5.9AI score0.00254EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 9:31 a.m.6 views

EUVD-2026-20119

The Inquiry Form to Posts or Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Form Header' field in versions up to and including 1.0. This is due to insufficient input sanitization when saving via updateoption and lack of output escaping when displaying the stored...

4.4CVSS6.1AI score0.00254EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/04/08 6:43 a.m.23 views

CVE-2026-5169 Inquiry form to posts or pages <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Form Header Field

The Inquiry Form to Posts or Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Form Header' field in versions up to and including 1.0. This is due to insufficient input sanitization when saving via updateoption and lack of output escaping when displaying the stored...

4.4CVSS0.00254EPSS
Exploits0References7
Rows per page
Query Builder