Lucene search
K

105362 matches found

Cvelist
Cvelist
added 2026/05/05 2:26 a.m.47 views

CVE-2026-6704 Blog Settings <= 1.0 - Reflected Cross-Site Scripting via 'page' Parameter

The Blog Settings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

6.1CVSS0.00211EPSS
Exploits0References4
CVE
CVE
added 2026/05/05 2:26 a.m.13 views

CVE-2026-6704

CVE-2026-6704 affects the WordPress WordPress Blog Settings plugin. It is vulnerable to a reflected Cross-Site Scripting attack via the 'page' parameter in all versions up to 1.0 due to insufficient input sanitization and output escaping. The weakness allows unauthenticated attackers to craft a l...

6.1CVSS6AI score0.00211EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/05 2:26 a.m.6 views

CVE-2026-6704

The Blog Settings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

6.1CVSS6AI score0.00211EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/05 2:26 a.m.8 views

CVE-2026-6704 Blog Settings <= 1.0 - Reflected Cross-Site Scripting via 'page' Parameter

The Blog Settings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

6.1CVSS6AI score0.00211EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/05 2:26 a.m.7 views

CVE-2026-5100 AWP Classifieds <= 4.4.5 - Unauthenticated SQL Injection via 'regions'

The AWP Classifieds plugin for WordPress is vulnerable to SQL Injection via the 'regions' parameter array keys in versions up to, and including, 4.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

7.5CVSS5.9AI score0.00413EPSS
Exploits0References19
Cvelist
Cvelist
added 2026/05/05 2:26 a.m.31 views

CVE-2026-5100 AWP Classifieds <= 4.4.5 - Unauthenticated SQL Injection via 'regions'

The AWP Classifieds plugin for WordPress is vulnerable to SQL Injection via the 'regions' parameter array keys in versions up to, and including, 4.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

7.5CVSS0.00413EPSS
Exploits0References19
CVE
CVE
added 2026/05/05 2:26 a.m.10 views

CVE-2026-5100

The CVE-2026-5100 entry concerns the WordPress AWP Classifieds plugin up to v4.4.5, vulnerable to SQL Injection via the regions parameter array keys due to insufficient escaping and lack of prepared statements. The issue allows unauthenticated attackers to append additional SQL to existing querie...

7.5CVSS5.9AI score0.00413EPSS
Exploits0References19
ATTACKERKB
ATTACKERKB
added 2026/05/05 2:26 a.m.6 views

CVE-2026-5100

The AWP Classifieds plugin for WordPress is vulnerable to SQL Injection via the 'regions' parameter array keys in versions up to, and including, 4.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

7.5CVSS5.9AI score0.00413EPSS
Exploits0References20
Vulnrichment
Vulnrichment
added 2026/05/05 2:26 a.m.5 views

CVE-2026-6696 Zingaya Click-to-Call <= 1.0 - Reflected Cross-Site Scripting via 'email' Parameter

The Zingaya Click-to-Call plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email', 'firstname', 'lastname', and 'phone' parameters on the plugin's sign-up admin page in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output...

6.1CVSS6AI score0.00219EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/05 2:26 a.m.36 views

CVE-2026-6696 Zingaya Click-to-Call <= 1.0 - Reflected Cross-Site Scripting via 'email' Parameter

The Zingaya Click-to-Call plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email', 'firstname', 'lastname', and 'phone' parameters on the plugin's sign-up admin page in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output...

6.1CVSS0.00219EPSS
Exploits0References6
CVE
CVE
added 2026/05/05 2:26 a.m.15 views

CVE-2026-6696

CVE-2026-6696 concerns the Zingaya Click-to-Call plugin for WordPress. The connected documents confirm a Reflected Cross-Site Scripting vulnerability on the plugin’s sign-up admin page, affecting all versions up to and including 1.0. The root cause is insufficient input sanitization and output es...

6.1CVSS6AI score0.00219EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/05 2:26 a.m.6 views

CVE-2026-6696

The Zingaya Click-to-Call plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email', 'firstname', 'lastname', and 'phone' parameters on the plugin's sign-up admin page in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output...

6.1CVSS6AI score0.00219EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/05/05 2:20 a.m.8 views

CVE-2026-7718

A vulnerability was identified in Totolink WA300 5.2cu.7112B20190227. Impacted is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument webWlanIdx leads to command injection. The attack may be initiated remotely. The...

6.5CVSS6.5AI score0.00916EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/05 12:30 a.m.9 views

EUVD-2026-27153

A vulnerability was detected in CodeCanyon Perfex CRM up to 3.4.1. This affects the function Clients::project of the file application/controllers/Clients.php of the component Tenant Handler. The manipulation of the argument ID results in authorization bypass. The attack may be performed from...

6.5CVSS5.5AI score0.00211EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.6 views

WordPress plugin GeekyBot SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

7.5CVSS5.9AI score0.00278EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.12 views

PT-2026-36961

Name of the Vulnerable Software and Affected Versions Blog Settings plugin for WordPress versions prior to 1.1 Description Insufficient input sanitization and output escaping allow unauthenticated attackers to inject arbitrary web scripts. This occurs via the page parameter, enabling scripts to...

6.1CVSS6AI score0.00211EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.7 views

NagaAgent 路径遍历漏洞

NagaAgent is a 2D AI assistant developed by RTGS2017. It supports streaming tool calls, knowledge graph memory, and voice interactions. Versions of NagaAgent 5.1.0 and earlier have a path traversal vulnerability. This vulnerability stems from the handling of the parameter Name by the Skills...

7.5CVSS7.2AI score0.00501EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.11 views

PT-2026-36969

The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to and including 1.6.5. This is due to a flawed path traversal validation in the create template method of the CheckForm class, where realpath is called on the allowed base directory...

6.5CVSS5.9AI score0.0057EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.10 views

PT-2026-37210

Name of the Vulnerable Software and Affected Versions Kestra versions prior to 1.3.4 Description SQL Injection occurs because user-controlled input from a GET parameter is directly concatenated into an SQL query without proper sanitization or parameterization. This allows attackers to inject...

9.8CVSS6AI score0.00367EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.12 views

PT-2026-36974

A vulnerability was identified in itsourcecode Courier Management System 1.0. This impacts an unknown function of the file /print pdets.php. The manipulation of the argument ids leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used...

6.5CVSS6.5AI score0.00196EPSS
Exploits0References6
Rows per page
Query Builder