Lucene search
K

152 matches found

Nuclei
Nuclei
added 10 hours ago42 views

Hotel Booking Lite < 4.8.5 - Arbitrary File Download & Deletion

The Hotel Booking Lite WordPress plugin before 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server id: CVE-2023-5991 info: name: Hotel Booking...

9.8CVSS7.5AI score0.03313EPSS
Exploits2References2
NVD
NVD
added yesterday8 views

CVE-2026-13454

The MotoPress Appointment Booking plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 2.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS0.00361EPSS
Exploits0References6
CVE
CVE
added yesterday9 views

CVE-2026-13454

CVE-2026-13454 affects MotoPress Appointment Booking for WordPress (

6.5CVSS5.8AI score0.00361EPSS
Exploits0References6
Cvelist
Cvelist
added yesterday27 views

CVE-2026-13454 MotoPress Appointment Booking <= 2.4.5 - Authenticated (Staff+) SQL Injection via 's' Parameter

The MotoPress Appointment Booking plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 2.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS0.00361EPSS
Exploits0References6
Patchstack
Patchstack
added 2 days ago5 views

WordPress MotoPress Appointment Booking plugin <= 2.4.5 - Authenticated (Staff+) SQL Injection vulnerability

Authenticated Staff+ SQL Injection vulnerability discovered by MatilJ in WordPress Plugin MotoPress Appointment Booking versions = 2.4.5...

6.5CVSS5.8AI score0.00361EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 6 days ago7 views

EUVD-2025-210352

Subscriber Broken Access Control in Restaurant Menu by MotoPress = 2.4.11 versions...

4.3CVSS5.8AI score0.00243EPSS
Exploits0References2
NVD
NVD
added 6 days ago7 views

CVE-2026-57644

Contributor SQL Injection in Restaurant Menu by MotoPress = 2.4.10 versions...

8.5CVSS0.00211EPSS
Exploits0References1
NVD
NVD
added 6 days ago8 views

CVE-2025-63078

Subscriber Broken Access Control in Restaurant Menu by MotoPress = 2.4.11 versions...

4.3CVSS0.00243EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-57644 WordPress Restaurant Menu by MotoPress plugin <= 2.4.10 - SQL Injection vulnerability

Contributor SQL Injection in Restaurant Menu by MotoPress = 2.4.10 versions...

8.5CVSS0.00211EPSS
Exploits0References1
CVE
CVE
added 6 days ago8 views

CVE-2026-57644

CVE-2026-57644 describes a SQL Injection in the WordPress plugin “Restaurant Menu by MotoPress” for versions

8.5CVSS5.8AI score0.00211EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago32 views

CVE-2025-63078 WordPress Restaurant Menu by MotoPress plugin <= 2.4.11 - Broken Access Control vulnerability

Subscriber Broken Access Control in Restaurant Menu by MotoPress = 2.4.11 versions...

4.3CVSS0.00243EPSS
Exploits0References1
CVE
CVE
added 6 days ago10 views

CVE-2025-63078

The CVE-2025-63078 entry concerns the WordPress plugin “Restaurant Menu by MotoPress” (MotoPress) &lt;= 2.4.11. Affected component is the plugin’s access control mechanism, with root cause described as Broken Access Control. The vulnerability is reported to affect users of the plugin in WordPress...

4.3CVSS5.8AI score0.00243EPSS
Exploits0References1
Patchstack
Patchstack
added 6 days ago5 views

WordPress Restaurant Menu by MotoPress plugin <= 2.4.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Restaurant Menu by MotoPress versions = 2.4.11...

4.3CVSS5.8AI score0.00243EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago7 views

WordPress Restaurant Menu by MotoPress plugin <= 2.4.10 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Baikuya in WordPress Plugin Restaurant Menu by MotoPress versions = 2.4.10...

8.5CVSS5.8AI score0.00211EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.10 views

CVE-2026-9228

The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.16 via the actiongeteventdata due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS5.5AI score0.00218EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 5:16 a.m.14 views

CVE-2026-9228

The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.16 via the actiongeteventdata due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS0.00218EPSS
Exploits0References6
CVE
CVE
added 2026/05/28 3:27 a.m.16 views

CVE-2026-9228

The Timetable and Event Schedule by MotoPress plugin for WordPress (MP Timetable) is affected by an Insecure Direct Object Reference vulnerability (CVE-2026-9228) in all versions up to 2.4.16. The root cause is missing validation on a user-controlled key in the action_get_event_data endpoint, ena...

4.3CVSS5.8AI score0.00218EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/28 3:27 a.m.11 views

EUVD-2026-32705

The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.16 via the actiongeteventdata due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.00218EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.14 views

PT-2026-44180

The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.16 via the action get event data due to missing validation on a user controlled key. This makes it possible for authenticated attackers,...

4.3CVSS5.8AI score0.00218EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.8 views

WordPress plugin Timetable and Event Schedule by MotoPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

4.3CVSS5.8AI score0.00218EPSS
Exploits0References6
Rows per page
Query Builder