Lucene search
K

591 matches found

EUVD
EUVD
added 3 days ago7 views

EUVD-2026-43156

The WCFM – Frontend Manager for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.7.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attacker...

5.3CVSS6.2AI score0.00361EPSS
Exploits0References12
EUVD
EUVD
added last week10 views

EUVD-2026-42011

The Frontend File Manager Plugin WordPress plugin through 23.6 does not validate a file path derived from user input before deleting the referenced file, allowing unauthenticated users to delete arbitrary files on the server such as wp-config.php when guest upload mode is enabled. Deleting...

8.7CVSS5.9AI score0.00231EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/07/02 11:16 a.m.37 views

CVE-2026-57758 WordPress Permalink Manager for WooCommerce plugin <= 1.0.8.2 - CSRF to Stored XSS vulnerability

Unauthenticated Cross Site Request Forgery CSRF in Permalink Manager for WooCommerce = 1.0.8.2 versions...

7.1CVSS0.00094EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 8:16 a.m.7 views

CVE-2026-13733

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'nodatamsg' Shortcode Attribute in all versions up to, and including, 3.3.60 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00206EPSS
Exploits0References8
EUVD
EUVD
added 2026/07/01 7:53 a.m.6 views

EUVD-2026-40923

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'nodatamsg' Shortcode Attribute in all versions up to, and including, 3.3.60 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.9AI score0.00206EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/26 2:53 p.m.36 views

CVE-2026-57660 WordPress Booking and Rental Manager plugin <= 2.7.1 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Booking and Rental Manager = 2.7.1 versions...

5.3CVSS0.00176EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 6:0 a.m.8 views

EUVD-2026-39626

The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly verify ownership of every targeted post before permanent deletion, allowing authenticated users with author-level access and above to permanently delete arbitrary posts and pages. When the Frontend File Manager Plugi...

6.5CVSS5.9AI score0.00342EPSS
Exploits1References1
Patchstack
Patchstack
added 2026/06/19 8:59 a.m.12 views

WordPress License Manager for WooCommerce plugin <= 3.0.15 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by dodoh4t in WordPress Plugin License Manager for WooCommerce versions = 3.0.15...

6.5CVSS5.8AI score0.00235EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/15 8:19 p.m.7 views

CVE-2026-52692 WordPress Affiliates Manager plugin <= 2.9.50 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Affiliates Manager = 2.9.50 versions...

7.5CVSS5.2AI score0.00238EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/05 11:28 p.m.10 views

CVE-2026-9290 WP User Manager <= 2.9.17 - Unauthenticated Path Traversal to Local File Inclusion via 'tab' Query Parameter

The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.17 via the profile template scope function. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files...

7.5CVSS6.3AI score0.02403EPSS
Exploits1References13
NVD
NVD
added 2026/06/04 2:16 a.m.13 views

CVE-2026-10737

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the viewfile function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and obtain download links f...

7.5CVSS0.003EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.11 views

WordPress plugin ad manager wd 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

9.8CVSS5.5AI score0.0046EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.10 views

WordPress plugin SP Project & Document Manager 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.5CVSS5.5AI score0.003EPSS
Exploits0References4
CVE
CVE
added 2026/05/25 10:35 p.m.28 views

CVE-2026-42773

CVE-2026-42773 concerns the WordPress plugin eMagicOne Store Manager (versions up to 1.3.2). The connected documents identify a vulnerability of type SQL Injection (specifically a blind SQL injection) in this plugin. Affected component is the Store Manager code path handling SQL commands, with th...

9.3CVSS5.8AI score0.00372EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/25 10:30 p.m.8 views

CVE-2026-45216 WordPress Smart Manager plugin <= 8.85.0 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in StoreApps Smart Manager allows Privilege Escalation. This issue affects Smart Manager: from n/a through 8.85.0...

8.8CVSS5.8AI score0.00389EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.11 views

WordPress plugin Smart Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

8.8CVSS5.8AI score0.00389EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/03 12:0 a.m.10 views

WordPress plugin Frontend File Manager Plugin 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is a...

6.5CVSS5.8AI score0.00212EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.10 views

WordPress plugin WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The WordPres...

8.1CVSS5.8AI score0.00328EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/13 7:24 p.m.4 views

CVE-2026-4057

The Download Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the makeMediaPublic and makeMediaPrivate functions in all versions up to, and including, 3.3.51. This is due to the functions only checking for editposts capability...

4.3CVSS5.8AI score0.00373EPSS
Exploits0References1
NVD
NVD
added 2026/04/10 2:16 a.m.6 views

CVE-2026-4057

The Download Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the makeMediaPublic and makeMediaPrivate functions in all versions up to, and including, 3.3.51. This is due to the functions only checking for editposts capability...

4.3CVSS0.00373EPSS
Exploits0References7
Rows per page
Query Builder