Lucene search
K

738 matches found

Patchstack
Patchstack
added 3 days ago4 views

WordPress SupportCandy plugin <= 3.4.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Abduljalal Saminu in WordPress Plugin SupportCandy versions = 3.4.8...

6.5CVSS6.1AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago6 views

WordPress Extensions for Leaflet Map plugin <= 5.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by manop55555 in WordPress Plugin Extensions for Leaflet Map versions = 5.1...

7.1CVSS5.9AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/06 2:22 p.m.5 views

WordPress ChatBot plugin <= 8.3.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin ChatBot versions = 8.3.7...

7.1CVSS5.9AI score
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.37 views

CVE-2026-57682 WordPress Simple Link Directory plugin <= 15.0.5 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Simple Link Directory = 15.0.5 versions...

7.1CVSS0.00191EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/30 8:6 p.m.5 views

WordPress MotoPress Appointment Booking plugin <= 2.4.5 - Authenticated (Staff+) SQL Injection vulnerability

Authenticated Staff+ SQL Injection vulnerability discovered by MatilJ in WordPress Plugin MotoPress Appointment Booking versions = 2.4.5...

6.5CVSS5.8AI score0.00361EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/27 3:46 p.m.6 views

WordPress nicen-localize-image plugin <= 1.4.9 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Aurélien BOURDOIS Elymaro in WordPress Plugin nicen-localize-image versions = 1.4.9...

8.5CVSS5.8AI score0.0022EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/06/26 2:53 p.m.34 views

CVE-2026-57648 WordPress Nelio Content plugin <= 4.3.4 - Broken Access Control vulnerability

Contributor Broken Access Control in Nelio Content = 4.3.4 versions...

4.3CVSS0.00152EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:53 p.m.5 views

EUVD-2026-39750

Contributor Insecure Direct Object References IDOR in PPWP = 1.9.19 versions...

4.3CVSS5.8AI score0.00185EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.11 views

CVE-2026-54825

wpDataTables (WordPress plugin) versions

9.3CVSS5.8AI score0.00283EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/25 8:33 a.m.6 views

WordPress Featured Image plugin <= 2.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Featured Image versions = 2.1...

6.5CVSS5.8AI score0.00161EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/23 2:2 p.m.4 views

WordPress Themify Event Post plugin <= 1.3.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Themify Event Post versions = 1.3.3...

8.8CVSS5.9AI score0.00309EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/18 4:2 p.m.6 views

WordPress WP DSGVO Tools (GDPR) plugin <= 3.1.39 - Missing Authorization to Unauthenticated Sensitive Personal Data Disclosure vulnerability

Missing Authorization to Unauthenticated Sensitive Personal Data Disclosure vulnerability discovered by kalomba - KAPENTEST in WordPress Plugin WP DSGVO Tools GDPR versions = 3.1.39...

5.3CVSS5.3AI score0.00385EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/18 1:3 p.m.6 views

WordPress Intranet & Private Site – All-In-One Intranet plugin <= 1.8.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by dodoh4t in WordPress Plugin Intranet & Private Site All-In-One Intranet versions = 1.8.1...

7.5CVSS5.8AI score0.00278EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/06/17 9:51 a.m.31 views

CVE-2026-49075 WordPress JetEngine plugin <= 3.8.9.1 - PHP Object Injection vulnerability

Contributor PHP Object Injection in JetEngine = 3.8.9.1 versions...

9.8CVSS0.00375EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:50 a.m.23 views

CVE-2025-69135

Technical details (affected plugin version range, root cause, impact, remediation) are not publicly available in the provided connected documents. Monitor for updates; current sources do not specify vulnerable functions or fixes.

8.5CVSS5.7AI score0.00342EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 9:30 p.m.10 views

EUVD-2026-36919

Subscriber Broken Access Control in Rank Math SEO = 1.0.271 versions...

6.5CVSS5.1AI score0.00271EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/15 8:19 p.m.7 views

CVE-2026-49776 WordPress GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin <= 2.32.6 - SQL Injection vulnerability

Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites = 2.32.6 versions...

9.3CVSS5.7AI score0.00289EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 8:19 p.m.8 views

CVE-2026-49065 WordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.5 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce = 1.9.5 versions...

8.2CVSS5.1AI score0.00237EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 8:17 p.m.10 views

CVE-2026-39489 WordPress Download Monitor plugin <= 5.1.9 - Non-Arbitrary File Download vulnerability

Author Arbitrary File Download in Download Monitor = 5.1.9 versions...

4.4CVSS5.2AI score0.00337EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/12 11:53 a.m.8 views

WordPress JetEngine plugin <= 3.8.10 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by VanTastic in WordPress Plugin JetEngine versions = 3.8.10...

9.8CVSS5.5AI score0.00466EPSS
Exploits0Affected Software1
Rows per page
Query Builder