Lucene search
K

15909 matches found

Cvelist
Cvelist
added 2025/07/19 2:22 a.m.11 views

CVE-2025-7661 Partnerský systém Martinus <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Partnerský systém Martinus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'martinus' shortcode in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00182EPSS
Exploits0References2
CVE
CVE
added 2025/07/19 2:22 a.m.29 views

CVE-2025-7658

CVE-2025-7658 refers to a Stored Cross-Site Scripting vulnerability in the WordPress plugin Temporarily Hidden Content (Temporarily Hidden Content) via the shortcodes temphc-start. Affected versions are those up to and including 1.0.6. The issue arises from insufficient input sanitization and out...

6.4CVSS5.9AI score0.00218EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/07/19 1:57 a.m.10 views

CVE-2025-5396

The Bears Backup plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.0. This is due to the bbackupajaxhandle function not having a capability check, nor validating user supplied input passed directly to calluserfunc. This makes it possible for...

9.8CVSS8.2AI score0.47809EPSS
Exploits3References1
Positive Technologies
Positive Technologies
added 2025/07/19 12:0 a.m.3 views

PT-2025-30109 · WordPress · Epay.Bg Payments

Name of the Vulnerable Software and Affected Versions: EPay.bg Payments plugin for WordPress versions up to and including 0.1 Description: The EPay.bg Payments plugin for WordPress is susceptible to Stored Cross-Site Scripting through the plugin’s epay shortcode. Insufficient input sanitization a...

6.4CVSS5.7AI score0.00182EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/07/19 12:0 a.m.2 views

WordPress plugin Vchasno Kasa 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security...

5.3CVSS6.4AI score0.00358EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/07/19 12:0 a.m.5 views

WordPress plugin Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A code issue vulnerability exists ...

9.8CVSS7.1AI score0.01033EPSS
Exploits0References5
Patchstack
Patchstack
added 2025/07/18 10:13 a.m.18 views

WordPress Malcure Malware Scanner plugin <= 16.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary File Read vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Malcure Malware Scanner versions = 16.8...

6.5CVSS6.7AI score0.00309EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/07/18 10:4 a.m.6 views

CVE-2025-6993

The Ultimate WP Mail plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the getemaillogdetails AJAX handler in versions 1.0.17 to 1.3.6. The handler reads the client-supplied postid and retrieves the corresponding email log post content including the...

8.8CVSS6.9AI score0.00441EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/18 7:3 a.m.8 views

CVE-2025-5845

The Affiliate Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘numColumns’ parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS5.5AI score0.00225EPSS
Exploits0References1
NVD
NVD
added 2025/07/18 6:15 a.m.8 views

CVE-2025-5752

The Vertical scroll image slideshow gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 11.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00218EPSS
Exploits0References3
NVD
NVD
added 2025/07/18 6:15 a.m.7 views

CVE-2025-5754

The Useful Tab Block – Responsive & AMP-Compatible plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00218EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/07/18 5:24 a.m.5 views

CVE-2025-5811 Listly: Listicles For WordPress <= 2.7 - Unauthenticated Arbitrary Transient Deletion

The Listly: Listicles For WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Init function in all versions up to, and including, 2.7. This makes it possible for unauthenticated attackers to delete arbitrary transient values o...

5.3CVSS7AI score0.00273EPSS
Exploits0References3
CVE
CVE
added 2025/07/18 5:24 a.m.35 views

CVE-2025-5752

CVE-2025-5752 : The WordPress plugin “Vertical scroll image slideshow gallery” is vulnerable to a Stored Cross-Site Scripting (XSS) via the width parameter in all versions up to 11.1. The issue arises from insufficient input sanitization and output escaping, enabling authenticated attackers with ...

6.4CVSS5.6AI score0.00218EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/07/18 4:23 a.m.29 views

CVE-2025-5816 Plugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo – Biteship <= 3.2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) View Order Tracking Details

The Plugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo – Biteship plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.2.0 via the getorderdetail due to missing validation on a user controlled key. This makes it possible for...

4.3CVSS0.00232EPSS
Exploits0References3
CVE
CVE
added 2025/07/18 4:23 a.m.25 views

CVE-2025-3740

CVE-2025-3740 affects the WordPress plugin School Management System for Wordpress. It allows authenticated users with Subscriber+ privileges to perform Local File Inclusion via the page parameter, enabling arbitrary PHP file inclusion/execution and potentially password-change-based privilege esca...

8.8CVSS7.7AI score0.00675EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/07/18 4:17 a.m.21 views

WordPress Attachment Manager plugin <= 2.1.2 - Unauthenticated Arbitrary File Deletion vulnerability

Unauthenticated Arbitrary File Deletion vulnerability discovered by johska in WordPress Plugin Attachment Manager versions = 2.1.2...

9.1CVSS6.8AI score0.00722EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/07/18 4:12 a.m.12 views

WordPress Listly plugin <= 2.7 - Unauthenticated Arbitrary Transient Deletion vulnerability

Unauthenticated Arbitrary Transient Deletion vulnerability discovered by ch4r0n in WordPress Plugin Listly versions = 2.7...

5.3CVSS6.8AI score0.00273EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/07/18 4:10 a.m.6 views

WordPress Block Editor Gallery Slider plugin <= 1.1.1 - Missing Authorization to Authenticated (Subscriber+) Limited Post Meta Update vulnerability

Missing Authorization to Authenticated Subscriber+ Limited Post Meta Update vulnerability discovered by Poli in WordPress Plugin Block Editor Gallery Slider versions = 1.1.1...

4.3CVSS6.8AI score0.00228EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/07/18 4:8 a.m.9 views

WordPress Biteship plugin <= 3.2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) View Order Tracking Details vulnerability

Insecure Direct Object Reference to Authenticated Subscriber+ View Order Tracking Details vulnerability discovered by ch4r0n in WordPress Plugin Biteship versions = 3.2.0...

4.3CVSS6.8AI score0.00232EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/07/18 4:7 a.m.12 views

WordPress aapanel WP Toolkit plugin 1.0 - 1.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via auto_login() Function vulnerability

WordPress aapanel WP Toolkit plugin 1.0 - 1.1 - Missing Authorization to Authenticated Subscriber+ Privilege Escalation via autologin Function vulnerability discovered by kr0d in WordPress Plugin aapanel WP Toolkit versions 1.0 - 1.1...

8.8CVSS6.8AI score0.00355EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder