Lucene search
K

365 matches found

NVD
NVD
added 2026/07/02 12:17 p.m.6 views

CVE-2026-57758

Unauthenticated Cross Site Request Forgery CSRF in Permalink Manager for WooCommerce = 1.0.8.2 versions...

7.1CVSS0.00094EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:16 a.m.10 views

CVE-2026-57758

Unauthenticated Cross Site Request Forgery CSRF in Permalink Manager for WooCommerce = 1.0.8.2 versions...

7.1CVSS5.8AI score0.00094EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/02 11:16 a.m.38 views

CVE-2026-57758 WordPress Permalink Manager for WooCommerce plugin <= 1.0.8.2 - CSRF to Stored XSS vulnerability

Unauthenticated Cross Site Request Forgery CSRF in Permalink Manager for WooCommerce = 1.0.8.2 versions...

7.1CVSS0.00094EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/02 11:16 a.m.6 views

EUVD-2026-41314

Unauthenticated Cross Site Request Forgery CSRF in Permalink Manager for WooCommerce = 1.0.8.2 versions...

7.1CVSS5.8AI score0.00094EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:16 a.m.14 views

CVE-2026-57758

CVE-2026-57758 corresponds to an unauthenticated CSRF in the WordPress Permalink Manager for WooCommerce plugin, affecting versions

7.1CVSS5.8AI score0.00094EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/02 8:56 a.m.8 views

WordPress Permalink Manager for WooCommerce plugin <= 1.0.8.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by dodoh4t in WordPress Plugin Permalink Manager for WooCommerce versions = 1.0.8.3...

7.1CVSS5.9AI score0.00094EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.7 views

PT-2026-55046

Name of the Vulnerable Software and Affected Versions Permalink Manager for WooCommerce versions prior to 1.0.8.3 Description An unauthenticated Cross Site Request Forgery CSRF issue exists, which can lead to Stored Cross-Site Scripting XSS. CSRF is a flaw that allows an attacker to trick a victi...

7.1CVSS6AI score0.00094EPSS
Exploits0References5
NVD
NVD
added 2026/06/17 1:21 p.m.11 views

CVE-2026-8494

The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in the admin URI Editor interface in all versions up to, and including, 2.5.3.3 due to insufficient output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00193EPSS
Exploits0References5
CVE
CVE
added 2026/06/17 6:49 a.m.15 views

CVE-2026-8494

CVE-2026-8494 concerns the WordPress plugin Permalink Manager Lite (affected versions up to 2.5.3.3). The issue is a Stored Cross-Site Scripting (XSS) flaw in the admin URI Editor interface, triggered by crafted post titles due to insufficient output escaping. Affected condition requires an attac...

6.4CVSS5.5AI score0.00193EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/17 6:49 a.m.30 views

CVE-2026-8494 Permalink Manager Lite <= 2.5.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title

The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in the admin URI Editor interface in all versions up to, and including, 2.5.3.3 due to insufficient output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00193EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/11 12:32 a.m.13 views

EUVD-2026-36141

Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink into the Classic Editor scheduled republish notice. Attackers can schedule a republish copy with a crafted title to execute script when an administrator views the resulting notice...

5.4CVSS5.6AI score0.00141EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 10:17 p.m.12 views

CVE-2026-53740

Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink into the Classic Editor scheduled republish notice. Attackers can schedule a republish copy with a crafted title to execute script when an administrator views the resulting notice...

5.4CVSS0.00141EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/10 8:39 p.m.11 views

CVE-2026-53740 Yoast Duplicate Post through 4.6 Stored Cross-Site Scripting via Scheduled Republish Notice

Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink into the Classic Editor scheduled republish notice. Attackers can schedule a republish copy with a crafted title to execute script when an administrator views the resulting notice...

5.4CVSS5.6AI score0.00141EPSS
Exploits0References2
CVE
CVE
added 2026/06/10 8:39 p.m.31 views

CVE-2026-53740

The CVE-2026-53740 entry describes a stored cross-site scripting flaw in Yoast Duplicate Post (through 4.6) where an unescaped post title and permalink is injected into the Classic Editor scheduled republish notice. Attackers can craft a title to cause script execution when an administrator views...

5.4CVSS5.6AI score0.00141EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.9 views

CVE-2026-5347

The HM Books Gallery plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.8.0. This is due to the absence of capability checks and nonce verification in the admininit hook that handles the permalink settings update at line 205-209 of wp-books-gallery.php...

5.3CVSS5.6AI score0.00323EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/01 9:17 a.m.10 views

WordPress Premmerce Permalink Manager for WooCommerce plugin <= 2.3.11 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Premmerce Permalink Manager for WooCommerce versions = 2.3.11...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/04/24 6:16 a.m.8 views

CVE-2026-5347

The HM Books Gallery plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.8.0. This is due to the absence of capability checks and nonce verification in the admininit hook that handles the permalink settings update at line 205-209 of wp-books-gallery.php...

5.3CVSS0.00323EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/24 5:29 a.m.9 views

EUVD-2026-25398

The HM Books Gallery plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.8.0. This is due to the absence of capability checks and nonce verification in the admininit hook that handles the permalink settings update at line 205-209 of wp-books-gallery.php...

5.3CVSS5.8AI score0.00323EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/24 5:29 a.m.2 views

CVE-2026-5347 WP Books Gallery <= 4.8.0 - Missing Authorization to Unauthenticated Settings Update via 'permalink_structure' Parameter

The HM Books Gallery plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.8.0. This is due to the absence of capability checks and nonce verification in the admininit hook that handles the permalink settings update at line 205-209 of wp-books-gallery.php...

5.3CVSS5.4AI score0.00323EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/24 5:29 a.m.9 views

CVE-2026-5347

The HM Books Gallery plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.8.0. This is due to the absence of capability checks and nonce verification in the admininit hook that handles the permalink settings update at line 205-209 of wp-books-gallery.php...

5.3CVSS5.8AI score0.00323EPSS
Exploits0References7
Rows per page
Query Builder