Lucene search
K

105499 matches found

NVD
NVD
added 2026/05/02 8:16 a.m.6 views

CVE-2026-7649

The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.0.60 due to insufficient escaping on the user supplied paramete...

7.5CVSS0.00335EPSS
Exploits0References7
CVE
CVE
added 2026/05/02 7:46 a.m.23 views

CVE-2026-6229

The Royal Elementor Addons plugin for WordPress is vulnerable to Server-Side Request Forgery (SSRF) in versions up to 1.7.1057. The root cause is insufficient validation of user-supplied URLs in render_csv_data(), which can be bypassed by including docs.google.com/spreadsheets in a query paramete...

7.2CVSS5.9AI score0.00379EPSS
Exploits0References10
CVE
CVE
added 2026/05/02 6:44 a.m.12 views

CVE-2026-7649

ARMember for WordPress (vendor: ARMember plugin) is affected up to version 4.0.60 by a time-based blind SQL injection in the orderby parameter. Root cause: insufficient escaping of the user-supplied orderby value and lack of proper SQL query preparation, enabling unauthenticated attackers to appe...

7.5CVSS5.9AI score0.00335EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/02 6:44 a.m.35 views

CVE-2026-7649 ARMember <= 4.0.60 - Unauthenticated SQL Injection via 'orderby' Parameter

The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.0.60 due to insufficient escaping on the user supplied paramete...

7.5CVSS0.00335EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/05/02 6:44 a.m.5 views

CVE-2026-7649 ARMember <= 4.0.60 - Unauthenticated SQL Injection via 'orderby' Parameter

The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.0.60 due to insufficient escaping on the user supplied paramete...

7.5CVSS5.9AI score0.00335EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/05/02 5:29 a.m.7 views

CVE-2026-7049 PixelYourSite Pro <= 12.5.0.1 - Unauthenticated Blind Server-Side Request Forgery via 'urls[]' Parameter

The PixelYourSite Pro – Your smart PIXEL TAG Manager plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 12.5.0.1 via the scanvideo. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating fro...

7.2CVSS5.9AI score0.00577EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/05/02 5:29 a.m.30 views

CVE-2026-7049 PixelYourSite Pro <= 12.5.0.1 - Unauthenticated Blind Server-Side Request Forgery via 'urls[]' Parameter

The PixelYourSite Pro – Your smart PIXEL TAG Manager plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 12.5.0.1 via the scanvideo. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating fro...

7.2CVSS0.00577EPSS
Exploits0References10
CVE
CVE
added 2026/05/02 5:29 a.m.34 views

CVE-2026-7049

CVE-2026-7049 concerns the PixelYourSite Pro – Your smart PIXEL (TAG) Manager plugin for WordPress. All versions up to and including 12.5.0.1 are affected by a Server-Side Request Forgery via the scan_video parameter. The vulnerability allows unauthenticated attackers to cause the web application...

7.2CVSS5.9AI score0.00577EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/05/02 3:36 a.m.4 views

CVE-2026-6378

The Maxi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the /wp-json/maxi-blocks/v1.0/style-card REST API endpoint in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping of the scstyles parameter. This makes it possible...

6.4CVSS6AI score0.00234EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2026/05/02 3:36 a.m.5 views

CVE-2026-7638 App Builder <= 5.5.10 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Avatar Modification via 'user_id' Parameter

The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to and including 5.6.0. This is due to missing authorization validation in the uploadavatar function, which accepts an attacker-controlled...

5.3CVSS5.9AI score0.00306EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.9 views

WordPress plugin ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.5CVSS5.9AI score0.00335EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.7 views

TRENDnet TEW-821DAP 数据伪造问题漏洞

TRENDnet TEW-821DAP is a wireless access point from the company TRENDnet. The version TRENDnet TEW-821DAP 1.12B01 has a vulnerability related to data falsification. This vulnerability stems from improper handling of the parameter dest in the findHWid/newGuiUpdateFirmware function within the...

8.1CVSS5.8AI score0.00234EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.9 views

PT-2026-36623

A vulnerability was identified in Totolink N300RH 6.1c.1353 B20190305. This impacts the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument FileName leads to file inclusion. The attack may be performed from remote. The exploit is publicly available and...

6.9CVSS6.4AI score0.00329EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.7 views

PT-2026-36587

Name of the Vulnerable Software and Affected Versions ARMember – Membership Plugin versions prior to 4.0.61 Description The ARMember – Membership Plugin for WordPress is susceptible to time-based blind SQL Injection, a technique where an attacker asks the database true/false questions and...

7.5CVSS5.9AI score0.00335EPSS
Exploits0References13
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.13 views

WordPress plugin Maxi Blocks 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.8AI score0.00234EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.7 views

RHCOS 4 : OpenShift Container Platform 4.16.60 (RHSA-2026:10096)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:10096 advisory. - golang: net/url: Memory exhaustion in query parameter parsing in net/url CVE-2025-61726 Note that Nessus has not tested for this issue but...

7.5CVSS6.9AI score0.01945EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.8 views

itsourcecode Courier Management System 注入漏洞

itsourcecode Courier Management System is an open-source courier management system developed by itsourcecode. Version 1.0 of the itsourcecode Courier Management System has a vulnerability related to SQL injection, which arises from the use of unknown functions in the /edituser.php file when...

5.8CVSS5.8AI score0.00206EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.16 views

JeecgBoot 代码问题漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.1 and earlier have code vulnerabilities. These vulnerabilities stem from improper handling of parameters in the OpenApiController.add/OpenApiController.call...

6.5CVSS6.7AI score0.00214EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.9 views

PT-2026-36622

A vulnerability was determined in code-projects Online Hospital Management System 1.0. This affects an unknown function of the file /viewappointment.php. This manipulation of the argument delid causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly...

7.5CVSS6.9AI score0.00269EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.9 views

Code-Projects Online Hospital Management System 注入漏洞

Code-Projects Online Hospital Management System is an open-source online hospital management system developed by Code-Projects. Version 1.0 of the Code-Projects Online Hospital Management System has a vulnerability related to SQL injection, which arises from the use of unknown functions in the/vi...

7.5CVSS7.1AI score0.00269EPSS
Exploits0References2
Rows per page
Query Builder