Lucene search
K

1744 matches found

Nuclei
Nuclei
added 6 hours ago32 views

Export WP Page to Static HTML <= 4.3.4 - Cookie Exposure

Export WP Page to Static HTML & PDF WordPress plugin = 4.3.4 contains a sensitive information exposure caused by publicly exposed cookies.txt files with authentication cookies, letting unauthenticated attackers access sensitive authentication data, exploit requires site administrator to trigger...

9.8CVSS5.8AI score0.01954EPSS
Exploits0References2
Nuclei
Nuclei
added 6 hours ago42 views

WordPress Themify Builder < 7.5.8 - Open Redirect

The Themify Builder WordPress plugin before version 7.5.8 contains an open redirect vulnerability. The plugin does not validate the tbredirectfail parameter before redirecting users to its value, which could allow attackers to redirect users to malicious websites. id: CVE-2024-3032 info: name:...

6.1CVSS5.9AI score0.00823EPSS
Exploits2References2
Nuclei
Nuclei
added 6 hours ago10 views

Giga Messenger WordPress - Cross-Site Scripting

Giga Messenger WordPress plugin = 2.3.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

6.1CVSS7.1AI score0.00567EPSS
Exploits1References2
CVE
CVE
added 6 days ago16 views

CVE-2026-57763

CVE-2026-57763 affects the WordPress Structured Content plugin (versions ≤ 1.7.0). The description notes a Contributor Cross Site Scripting (XSS) vulnerability; the provided documents do not specify the exact root cause, impacted file(s), or remediation steps.

6.5CVSS5.8AI score0.00139EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-57755 WordPress Mosaic Gallery &#8211; Advanced Gallery plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting XSS in Mosaic Gallery Advanced Gallery = 1.2.0 versions...

6.5CVSS0.00139EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-57751 WordPress Heateor Social Login plugin <= 1.1.39 - Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF in Heateor Social Login = 1.1.39 versions...

8.1CVSS0.00139EPSS
Exploits0References1
CVE
CVE
added 6 days ago11 views

CVE-2026-57354

The CVE-2026-57354 entry describes a Subscriber Cross Site Scripting (XSS) vulnerability in the WordPress JetReviews plugin limited to versions

6.5CVSS5.8AI score0.00224EPSS
Exploits0References1
Patchstack
Patchstack
added 6 days ago5 views

WordPress SportsPress Pro plugin <= 2.7.29 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by w41bu1 in WordPress Plugin SportsPress Pro versions = 2.7.29...

7.5CVSS5.8AI score0.00278EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/01 10:0 a.m.11 views

WordPress Ninja Forms – The Contact Form Builder That Grows With You plugin <= 3.14.1 - Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability

Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability discovered by suyoung kimAhnLab - AhnLab in WordPress Plugin Ninja Forms versions = 3.14.1...

7.5CVSS5.8AI score0.0026EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/30 6:0 a.m.14 views

CVE-2026-9576

CVE-2026-9576 affects the Fluent Booking WordPress plugin (versions before 2.1.2). The vulnerability arises from not verifying ownership of the requested group_id before exporting attendees data via the export endpoint, allowing users with at least the Calendar Manager role to access attendees’ P...

4.9CVSS5.8AI score0.00234EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:53 p.m.32 views

CVE-2026-57656 WordPress Hester Core plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability

Author Cross Site Scripting XSS in Hester Core = 1.1.8 versions...

5.9CVSS0.0014EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:53 p.m.16 views

CVE-2026-57653

CVE-2026-57653 describes a SQL Injection vulnerability in the WordPress plugin WP Job Portal (versions

8.5CVSS5.8AI score0.00211EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:53 p.m.32 views

CVE-2026-57652 WordPress JS Help Desk plugin <= 3.1.0 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in JS Help Desk = 3.1.0 versions...

5.3CVSS0.00187EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.10 views

CVE-2026-57313

CVE-2026-57313 concerns a Subscriber XSS vulnerability in the WordPress plugin SureCart up to version 4.2.2 . The public records describe an XSS issue affecting subscribers, but do not provide concrete exploit scenarios, affected subcomponents, or a detailed root cause beyond the general class of...

6.5CVSS5.8AI score0.00211EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.18 views

CVE-2026-56067

CVE-2026-56067 affects WordPress JetSmartFilters plugin versions up to and including 3.8.3. The vulnerability is an unauthenticated SQL Injection in JetSmartFilters (plugin/WP integration). The root cause, as stated in the sources, is a SQL injection flaw that can be exploited without authenticat...

9.3CVSS5.8AI score0.00236EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.11 views

CVE-2026-56039

The provided connected sources confirm a vulnerability in the WordPress Quick Interest Slider plugin, version

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.12 views

CVE-2026-24547

The vulnerability CVE-2026-24547 affects the WordPress SiteGround Email Marketing plugin (versions up to and including 1.7.5). It is described as Unauthenticated Broken Access Control, indicating that an attacker could access restricted functionality or data without authentication. The CVSS v3.1 ...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 1:20 p.m.32 views

CVE-2026-57299

Missing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow attackers with Overall/Read permission to enumerate the names of configured Contrast metadata...

0.00167EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 1:20 p.m.11 views

CVE-2026-57298

CVE-2026-57298: A CSRF in the Jenkins Contrast Continuous Application Security Plugin (version 3.11 and earlier) allows an attacker to cause Jenkins to access an attacker-specified URL using attacker-specified username, API key, and service key. Affected: Jenkins Contrast Continuous Application S...

5.4CVSS5.8AI score0.00101EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/23 10:2 a.m.7 views

WordPress Uncanny Automator plugin <= 7.3.1.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by VanTastic in WordPress Plugin Uncanny Automator versions = 7.3.1.2...

8.1CVSS5.9AI score0.00317EPSS
Exploits0Affected Software1
Rows per page
Query Builder