Lucene search
K

1038 matches found

NVD
NVD
added 6 hours ago3 views

CVE-2026-11579

The Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.17 does not verify that a file upload is made against an existing form configured with a file-upload field, accepting uploads regardless of whether any such form exists, which allows unauthenticated users to upload...

5.3CVSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 hours ago2 views

CVE-2026-11579

The Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.17 does not verify that a file upload is made against an existing form configured with a file-upload field, accepting uploads regardless of whether any such form exists, which allows unauthenticated users to upload...

6.2AI score
Exploits0References1
Cvelist
Cvelist
added 6 hours ago8 views

CVE-2026-11579 Kali Forms < 2.4.17 - Unauthenticated Media Upload

The Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.17 does not verify that a file upload is made against an existing form configured with a file-upload field, accepting uploads regardless of whether any such form exists, which allows unauthenticated users to upload...

Exploits0References1
EUVD
EUVD
added 6 hours ago6 views

EUVD-2026-44592

The Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.17 does not verify that a file upload is made against an existing form configured with a file-upload field, accepting uploads regardless of whether any such form exists, which allows unauthenticated users to upload...

5.3CVSS6.2AI score
Exploits0References1
CVE
CVE
added 6 hours ago7 views

CVE-2026-11579

The CVE-2026-11579 entry concerns the Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin prior to version 2.4.17. The root cause is that file uploads are not verified against an existing form configured with a file-upload field, allowing unauthenticated users to upload files to th...

6.2AI score
Exploits0References1
Nuclei
Nuclei
added 8 hours ago22 views

Media Library Assistant < 2.82 - Unauthenticated Limited Local File Inclusion

Media Library Assistant plugin for WordPress before 2.82 contains a local file inclusion caused by unsanitized mlagallery link parameter, letting attackers include arbitrary local files, exploit requires access to the vulnerable link. id: CVE-2020-11732 info: name: Media Library Assistant 2.82 -...

7.5CVSS7AI score0.04917EPSS
Exploits4References1
Nuclei
Nuclei
added 8 hours ago25 views

WordPress Media Library Assistant <= 3.34 - SQL Injection

David Lingren Media Library Assistant = 3.34 contains an sql injection caused by improper neutralization of special elements in SQL commands, letting attackers execute arbitrary SQL queries, exploit requires crafted input. id: CVE-2026-34885 info: name: WordPress Media Library Assistant = 3.34 -...

8.5CVSS6.3AI score0.01668EPSS
Exploits0References3
Nuclei
Nuclei
added 8 hours ago126 views

Media Library Assistant < 3.09 - Remote Code Execution/Local File Inclusion

A vulnerability in the Wordpress Media-Library-Assistant plugins in version 3.09 is vulnerable to a local file inclusion which leading to RCE on default Imagegick installation/configuration. id: CVE-2023-4634 info: name: Media Library Assistant 3.09 - Remote Code Execution/Local File Inclusion...

9.8CVSS7AI score0.82585EPSS
Exploits6References5
NVD
NVD
added 2 days ago6 views

CVE-2026-15518

A vulnerability has been found in AREA 17 Twill CMS up to 3.6.0. The impacted element is the function FileLibraryController::storeFile of the file src/Http/Controllers/Admin/FileLibraryController.php of the component Media Library Insert Page. Such manipulation of the argument qqfilename leads to...

5.8CVSS0.00248EPSS
Exploits0References5
CVE
CVE
added 2 days ago21 views

CVE-2026-15518

AREA 17 Twill CMS

5.8CVSS5.7AI score0.00248EPSS
Exploits0References5
Cvelist
Cvelist
added 2 days ago36 views

CVE-2026-15518 AREA 17 Twill CMS Media Library Insert FileLibraryController.php storeFile unrestricted upload

A vulnerability has been found in AREA 17 Twill CMS up to 3.6.0. The impacted element is the function FileLibraryController::storeFile of the file src/Http/Controllers/Admin/FileLibraryController.php of the component Media Library Insert Page. Such manipulation of the argument qqfilename leads to...

5.8CVSS0.00248EPSS
Exploits0References5
NVD
NVD
added 5 days ago6 views

CVE-2026-6802

The Easy Upload Files During Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.0.1. This is due to missing authorization checks in the ufdccustominit function, which processes the 'eufdc-delete' parameter without any nonce verification,...

5.3CVSS0.00243EPSS
Exploits0References8
NVD
NVD
added 2026/06/18 2:17 p.m.13 views

CVE-2026-56012

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in David Lingren Media LIbrary Assistant allows Blind SQL Injection. This issue affects Media LIbrary Assistant: from n/a through 3.35...

8.5CVSS0.00211EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/18 2:2 p.m.7 views

CVE-2026-56012

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in David Lingren Media LIbrary Assistant allows Blind SQL Injection. This issue affects Media LIbrary Assistant: from n/a through 3.35...

8.5CVSS5.5AI score0.00211EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 2:2 p.m.35 views

CVE-2026-56012

The CVE concerns the WordPress plugin Media Library Assistant (vulnerable from unknown through 3.35). The issue is an SQL Injection due to improper neutralization of special elements in SQL commands, enabling blind SQL injection. Affected component is the plugin’s data handling for user input in ...

8.5CVSS5.6AI score0.00211EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/18 2:2 p.m.10 views

EUVD-2026-37895

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in David Lingren Media LIbrary Assistant allows Blind SQL Injection. This issue affects Media LIbrary Assistant: from n/a through 3.35...

8.5CVSS5.6AI score0.00211EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/18 2:2 p.m.20 views

CVE-2026-56012 WordPress Media LIbrary Assistant plugin <= 3.35 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in David Lingren Media LIbrary Assistant allows Blind SQL Injection. This issue affects Media LIbrary Assistant: from n/a through 3.35...

8.5CVSS0.00211EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/18 2:1 p.m.8 views

WordPress Media LIbrary Assistant plugin <= 3.35 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Media LIbrary Assistant versions = 3.35...

8.5CVSS5.8AI score0.00211EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/16 10:16 a.m.10 views

CVE-2026-54198

Unauthenticated Cross Site Scripting XSS in Media LIbrary Assistant = 3.35 versions...

7.1CVSS0.00146EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 9:0 a.m.33 views

CVE-2026-54198 WordPress Media LIbrary Assistant plugin <= 3.35 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Media LIbrary Assistant = 3.35 versions...

7.1CVSS0.00146EPSS
Exploits0References1
Rows per page
Query Builder