Lucene search
K

93342 matches found

RedhatCVE
RedhatCVE
added 2026/02/28 2:0 p.m.7 views

CVE-2024-10938

The OVRI Payment plugin for WordPress contains malicious .htaccess files in version 1.7.0. The files contain directives to prevent the execution of certain scripts while allowing execution of known malicious PHP files. If moved outside of the plugin's directory, they may interfere with the proper...

6.5CVSS6.1AI score0.00307EPSS
Exploits0References1
NVD
NVD
added 2026/02/28 7:15 a.m.9 views

CVE-2026-2471

The WP Mail Logging plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.15.0 via deserialization of untrusted input from the email log message field. This is due to the BaseModel class constructor calling maybeunserialize on all properties retrieved...

7.5CVSS0.00384EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/02/28 6:27 a.m.3 views

CVE-2026-2471 WP Mail Logging <= 1.15.0 - Unauthenticated PHP Object Injection via Email Log Message Field

The WP Mail Logging plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.15.0 via deserialization of untrusted input from the email log message field. This is due to the BaseModel class constructor calling maybeunserialize on all properties retrieved...

7.5CVSS6.2AI score0.00384EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/28 6:27 a.m.24 views

CVE-2026-2471 WP Mail Logging <= 1.15.0 - Unauthenticated PHP Object Injection via Email Log Message Field

The WP Mail Logging plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.15.0 via deserialization of untrusted input from the email log message field. This is due to the BaseModel class constructor calling maybeunserialize on all properties retrieved...

7.5CVSS0.00384EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/02/28 6:27 a.m.6 views

CVE-2026-2471

The WP Mail Logging plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.15.0 via deserialization of untrusted input from the email log message field. This is due to the BaseModel class constructor calling maybeunserialize on all properties retrieved...

7.5CVSS6.2AI score0.00384EPSS
Exploits0References6
NVD
NVD
added 2026/02/28 6:16 a.m.10 views

CVE-2026-1542

The Super Stage WP WordPress plugin through 1.0.1 unserializes user input via REQUEST, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

6.5CVSS0.00194EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/28 6:0 a.m.6 views

CVE-2026-1542

The Super Stage WP WordPress plugin through 1.0.1 unserializes user input via REQUEST, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

6.5CVSS6AI score0.00194EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/28 6:0 a.m.25 views

CVE-2026-1542 Super Stage WP <= 1.0.1 - Unauthenticated PHP Object Injection

The Super Stage WP WordPress plugin through 1.0.1 unserializes user input via REQUEST, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

0.00194EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/28 6:0 a.m.4 views

CVE-2026-1542 Super Stage WP <= 1.0.1 - Unauthenticated PHP Object Injection

The Super Stage WP WordPress plugin through 1.0.1 unserializes user input via REQUEST, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

6AI score0.00194EPSS
Exploits0References1
CVE
CVE
added 2026/02/28 6:0 a.m.17 views

CVE-2026-1542

The CVE-2026-1542 entry concerns the WordPress plugin Simple Stage WP (Super Stage WP) versions up to 1.0.1. The vulnerability arises from unserializing user input via REQUEST, enabling unauthenticated PHP Object Injection when a suitable gadget is present on the blog. Affected component: WordPre...

6.5CVSS6AI score0.00194EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/28 12:0 a.m.5 views

PT-2026-22463

The Super Stage WP WordPress plugin through 1.0.1 unserializes user input via REQUEST, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

6AI score0.00194EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/28 12:0 a.m.7 views

WordPress plugin WP Mail Logging 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

7.5CVSS7.2AI score0.00384EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/28 12:0 a.m.12 views

PT-2026-22464

Name of the Vulnerable Software and Affected Versions WP Mail Logging versions prior to 1.15.1 Description The WP Mail Logging plugin for WordPress is susceptible to PHP Object Injection in versions up to and including 1.15.0. This occurs due to the deserialization of untrusted input from the ema...

7.5CVSS7.1AI score0.00384EPSS
Exploits0References10
CVE
CVE
added 2026/02/27 9:52 p.m.12 views

CVE-2026-28411

WeGIA Web Manager prior to version 3.6.5 is vulnerable to an authentication bypass via unsafe use of extract($_REQUEST). The issue allows an unauthenticated attacker to overwrite local variables across multiple PHP scripts, enabling unauthorized access to administrative and protected areas. remed...

9.8CVSS6AI score0.00593EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/02/27 7:54 p.m.20 views

CVE-2026-27836

phpMyFAQ prior to v4.0.18 is vulnerable due to the WebAuthn prepare endpoint (/api/webauthn/prepare), which creates new active user accounts without authentication, CSRF protection, captcha, or config checks. This allows unauthenticated attackers to create unlimited user accounts even when regist...

7.5CVSS5.9AI score0.0041EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/02/27 5:23 p.m.24 views

CVE-2019-25492 Homey BNB V4 SQL Injection via getcmsdata.php

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pt' parameter. Attackers can send GET requests to the admin/getcmsdata.php endpoint with malicious 'pt' values to extract sensitive database...

8.8CVSS0.00315EPSS
Exploits1References3
EUVD
EUVD
added 2026/02/27 12:31 p.m.9 views

EUVD-2024-55454

The OVRI Payment plugin for WordPress contains malicious .htaccess files in version 1.7.0. The files contain directives to prevent the execution of certain scripts while allowing execution of known malicious PHP files. If moved outside of the plugin's directory, they may interfere with the proper...

6.5CVSS6.1AI score0.00307EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/27 9:23 a.m.28 views

CVE-2024-10938 OVRI Payment 1.7.0 - Malicious .htaccess directive

The OVRI Payment plugin for WordPress contains malicious .htaccess files in version 1.7.0. The files contain directives to prevent the execution of certain scripts while allowing execution of known malicious PHP files. If moved outside of the plugin's directory, they may interfere with the proper...

6.5CVSS0.00307EPSS
Exploits0References3
CVE
CVE
added 2026/02/27 9:23 a.m.15 views

CVE-2024-10938

The CVE-2024-10938 entry concerns the OVRI Payment WordPress plugin (v1.7.0). The connected documents describe malicious ".htaccess" files included with the plugin that contain directives intended to block execution of certain scripts while permitting execution of selected malicious PHP files. If...

6.5CVSS6.1AI score0.00307EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/02/27 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-27590

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's FastCGI path splitting logic computes the split index on a...

9.8CVSS7.5AI score0.00542EPSS
Exploits1References3
Rows per page
Query Builder