Lucene search
K

320 matches found

Nuclei
Nuclei
added yesterday17 views

GP Premium <= 2.4.0 - Cross-Site Scripting

The GP Premium plugin for WordPress up to 2.4.0 is vulnerable to reflected XSS via the 'message' parameter in inc/verify.php lines 95-101, where a message passed with slactivation=false is URL-decoded and used unsanitized in addsettingserror, allowing XSS payloads to be reflected in admin notices...

6.1CVSS5.7AI score0.00637EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/11 12:32 a.m.9 views

EUVD-2026-36140

Yoast Duplicate Post through 4.6 contains a cross-site request forgery vulnerability in the duplicatepostdismissnotice handler, which verifies no nonce or capability. Attackers can trick any authenticated user into sending a request that sets the duplicatepostshownotice site option, suppressing...

5.1CVSS5.2AI score0.00104EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 10:17 p.m.10 views

CVE-2026-53739

Yoast Duplicate Post through 4.6 contains a cross-site request forgery vulnerability in the duplicatepostdismissnotice handler, which verifies no nonce or capability. Attackers can trick any authenticated user into sending a request that sets the duplicatepostshownotice site option, suppressing...

5.1CVSS0.00104EPSS
Exploits0References2
CVE
CVE
added 2026/06/10 8:39 p.m.28 views

CVE-2026-53739

CVE-2026-53739 affects the WordPress plugin Yoast Duplicate Post up to version 4.6. The issue is a cross-site request forgery in the duplicate_post_dismiss_notice handler that does not verify a nonce or capability. This allows an attacker to trick an authenticated user into issuing a request that...

5.1CVSS5.2AI score0.00104EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/10 8:39 p.m.9 views

CVE-2026-53739 Yoast Duplicate Post through 4.6 Cross-Site Request Forgery via duplicate_post_dismiss_notice

Yoast Duplicate Post through 4.6 contains a cross-site request forgery vulnerability in the duplicatepostdismissnotice handler, which verifies no nonce or capability. Attackers can trick any authenticated user into sending a request that sets the duplicatepostshownotice site option, suppressing...

5.1CVSS5.2AI score0.00104EPSS
Exploits0References2
CVE
CVE
added 2026/06/10 8:39 p.m.22 views

CVE-2026-53740

The CVE-2026-53740 entry describes a stored cross-site scripting flaw in Yoast Duplicate Post (through 4.6) where an unescaped post title and permalink is injected into the Classic Editor scheduled republish notice. Attackers can craft a title to cause script execution when an administrator views...

5.4CVSS5.6AI score0.00141EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.10 views

PT-2026-48553

Yoast Duplicate Post through 4.6 contains a cross-site request forgery vulnerability in the duplicate post dismiss notice handler, which verifies no nonce or capability. Attackers can trick any authenticated user into sending a request that sets the duplicate post show notice site option,...

5.1CVSS5.2AI score0.00104EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

WordPress plugin Yoast Duplicate Post 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.1CVSS5.2AI score0.00104EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.12 views

PT-2026-48554

Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink into the Classic Editor scheduled republish notice. Attackers can schedule a republish copy with a crafted title to execute script when an administrator views the resulting notice...

5.4CVSS5.6AI score0.00141EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.8 views

CVE-2026-3488

The WP Statistics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 14.16.4. This is due to missing capability checks on multiple AJAX handlers including wpstatisticsgetfilters, wpstatisticsgetPrivacyStatus, wpstatisticsupdatePrivacyStatus, and...

6.5CVSS5.5AI score0.00312EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2026/06/02 6:24 p.m.11 views

These convincing copyright notices are designed to steal Google logins

A new scam is targeting people who publish Chrome extensions. The scam arrives as an official-looking "copyright removal request" claiming your extension is about to be removed from the Chrome Web Store and that you have 48 hours to appeal. It even looks personalized. After you enter your...

5.8AI score
Exploits0
NVD
NVD
added 2026/05/28 5:16 a.m.14 views

CVE-2026-2374

The Login No Captcha reCAPTCHA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $SERVER'PHPSELF' superglobal in all versions up to, and including, 1.8.0. This is due to the authenticate function storing the unsanitized output of basename$SERVER'PHPSELF' in the...

7.2CVSS0.00346EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/28 3:27 a.m.29 views

CVE-2026-2374 Login No Captcha reCAPTCHA <= 1.8.0 - Unauthenticated Stored Cross-Site Scripting via PHP_SELF

The Login No Captcha reCAPTCHA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $SERVER'PHPSELF' superglobal in all versions up to, and including, 1.8.0. This is due to the authenticate function storing the unsanitized output of basename$SERVER'PHPSELF' in the...

7.2CVSS0.00346EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/28 3:27 a.m.10 views

CVE-2026-2374

The Login No Captcha reCAPTCHA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $SERVER'PHPSELF' superglobal in all versions up to, and including, 1.8.0. This is due to the authenticate function storing the unsanitized output of basename$SERVER'PHPSELF' in the...

7.2CVSS6AI score0.00346EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.16 views

PT-2026-44172

The Login No Captcha reCAPTCHA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $ SERVER'PHP SELF' superglobal in all versions up to, and including, 1.8.0. This is due to the authenticate function storing the unsanitized output of basename$ SERVER'PHP SELF' in the login...

7.2CVSS6AI score0.00346EPSS
Exploits0References8
OSV
OSV
added 2026/05/07 4:13 a.m.5 views

CLSA-2026-1778127227 pcp: Fix of 2 CVEs

CVE-2024-45770: guard pmpost against symlink attacks on $PCPLOGDIR/NOTICES - CVE-2024-45769: harden libpcp pmDecodeValueSet to prevent heap corruption from crafted PDUs...

5.5CVSS7.3AI score0.00285EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/17 3:30 a.m.7 views

EUVD-2026-23337

The WP Statistics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 14.16.4. This is due to missing capability checks on multiple AJAX handlers including wpstatisticsgetfilters, wpstatisticsgetPrivacyStatus, wpstatisticsupdatePrivacyStatus, and...

6.5CVSS5.8AI score0.00312EPSS
Exploits0References10
NVD
NVD
added 2026/04/17 2:16 a.m.10 views

CVE-2026-3488

The WP Statistics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 14.16.4. This is due to missing capability checks on multiple AJAX handlers including wpstatisticsgetfilters, wpstatisticsgetPrivacyStatus, wpstatisticsupdatePrivacyStatus, and...

6.5CVSS0.00312EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/04/17 1:24 a.m.9 views

CVE-2026-3488

The WP Statistics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 14.16.4. This is due to missing capability checks on multiple AJAX handlers including wpstatisticsgetfilters, wpstatisticsgetPrivacyStatus, wpstatisticsupdatePrivacyStatus, and...

6.5CVSS5.8AI score0.00312EPSS
Exploits0References10
CVE
CVE
added 2026/04/17 1:24 a.m.13 views

CVE-2026-3488

The WP Statistics plugin for WordPress (vulnerable up to 14.16.4) suffers Missing Authorization due to missing capability checks on multiple AJAX handlers (wp_statistics_get_filters, wp_statistics_getPrivacyStatus, wp_statistics_updatePrivacyStatus, wp_statistics_dismiss_notices). These endpoints...

6.5CVSS5.8AI score0.00312EPSS
Exploits0References9
Rows per page
Query Builder