Lucene search
K

76 matches found

Cvelist
Cvelist
added 2026/06/15 8:18 p.m.24 views

CVE-2026-40779 WordPress Link Library plugin <= 7.8.8 - Arbitrary File Deletion vulnerability

Contributor Arbitrary File Deletion in Link Library = 7.8.8 versions...

7.7CVSS0.00327EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/07 7:22 a.m.5 views

CVE-2026-1401

The Tune Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via CSV import in all versions up to, and including, 1.6.3. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.4CVSS5.6AI score0.00235EPSS
Exploits0References1
NVD
NVD
added 2026/02/06 7:16 a.m.12 views

CVE-2026-1401

The Tune Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via CSV import in all versions up to, and including, 1.6.3. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.4CVSS0.00235EPSS
Exploits0References5
EUVD
EUVD
added 2026/02/06 6:46 a.m.5 views

EUVD-2026-5611

The Tune Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via CSV import in all versions up to, and including, 1.6.3. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.4CVSS5.6AI score0.00235EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.9 views

PT-2026-6679

Name of the Vulnerable Software and Affected Versions Tune Library plugin for WordPress versions up to and including 1.6.3 Description The Tune Library plugin for WordPress is susceptible to Stored Cross-Site Scripting through the CSV import functionality. This is a result of inadequate input...

6.4CVSS5.7AI score0.00235EPSS
Exploits0References8
CVE
CVE
added 2025/12/24 1:10 p.m.8 views

CVE-2025-68600

CVE-2025-68600 describes a Server-Side Request Forgery in the WordPress plugin Link Library (link-library) , affecting versions up to

4.9CVSS5.9AI score0.00119EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/24 9:35 a.m.9 views

WordPress Link Library plugin <= 7.8.7 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Krissaphat Jankaew in WordPress Plugin Link Library versions = 7.8.7...

9.1CVSS5.4AI score0.00119EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/31 9:27 a.m.3 views

CVE-2025-12041 ERI File Library <= 1.1.0 - Missing Authorization to Unauthenticated Protected File Download

The ERI File Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'eriflfile' AJAX action in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to download files restricted to specific user...

5.3CVSS5AI score0.00233EPSS
Exploits0References2
CVE
CVE
added 2025/10/31 9:27 a.m.21 views

CVE-2025-12041

The CVE-2025-12041 entry concerns the WordPress ERI File Library plugin up to version 1.1.0, where a missing capability check on the erifl_file AJAX action allows unauthenticated attackers to download files restricted to specific user roles. Affected software: WordPress ERI File Library plugin (v...

5.3CVSS5AI score0.00233EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.22 views

EUVD-2021-24808

Malware in sbrugna...

6.1CVSS6.3AI score0.00938EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-2718

Malware in sbrugna...

7.8CVSS7.7AI score0.00383EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-12004

Malware in sbrugna...

6.5CVSS6.4AI score0.0048EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-2717

Malware in sbrugna...

7.8CVSS7.7AI score0.00351EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-17305

Malicious code in bioql PyPI...

6.5CVSS7.2AI score0.00415EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-51560

Malicious code in bioql PyPI...

4.8CVSS7.3AI score0.0047EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-17444

Malicious code in bioql PyPI...

8.8CVSS9AI score0.00684EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 8:42 a.m.7 views

CVE-2024-5450

The Bug Library WordPress plugin before 2.1.1 does not check the file type on user-submitted bug reports, allowing an unauthenticated user to upload PHP files...

9.1CVSS7.1AI score0.00754EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:34 a.m.7 views

CVE-2024-4281

The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'link-library' shortcode in all versions up to, and including, 7.6.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

6.4CVSS5.8AI score0.00263EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:31 a.m.13 views

CVE-2024-5604

The Bug Library WordPress plugin before 2.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.00369EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:21 a.m.5 views

CVE-2024-1559

The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'llreciprocal' parameter in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.5CVSS5.3AI score0.00415EPSS
Exploits0References1
Rows per page
Query Builder