Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

221343 matches found

Nuclei
Nucleiadded yesterday21 views

WordPress Plugin Tera Charts - Local File Inclusion

Multiple local file inclusion vulnerabilities in Tera Charts tera-charts plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. dot dot in the fn parameter to 1 charts/treemap.php or 2 charts/zoomabletreemap.php. id: CVE-2014-4940 info: name: WordPress Plugin Tera Charts...

5CVSS7.9AI score0.42619EPSS
Exploits2References4
Nuclei
Nucleiadded yesterday25 views

Tom M8te (tom-m8te) Plugin 1.5.3 - Directory Traversal

Directory traversal vulnerability in the Tom M8te tom-m8te plugin 1.5.3 for WordPress allows remote attackers to read arbitrary files via the file parameter to tom-download-file.php. id: CVE-2014-5187 info: name: Tom M8te tom-m8te Plugin 1.5.3 - Directory Traversal author: DhiyaneshDK severity:...

5CVSS7.9AI score0.00232EPSS
Exploits1References2
Nuclei
Nucleiadded yesterday24 views

WordPress Plugin Advanced Dewplayer 1.2 - Directory Traversal

A directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the dewfile parameter. id: CVE-2013-7240 info: name: WordPress Plugin Advanced Dewplayer 1.2 - Directory Traversal author...

5CVSS7.9AI score0.41455EPSS
Exploits2References5
Nuclei
Nucleiadded yesterday20 views

WordPress AJAX Random Post <=2.00 - Cross-Site Scripting

WordPress AJAX Random Post 2.00 is vulnerable to reflected cross-site scripting. id: CVE-2016-1000127 info: name: WordPress AJAX Random Post =2.00 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress AJAX Random Post 2.00 is vulnerable to reflected cross-site scripting...

6.1CVSS5.8AI score0.02196EPSS
Exploits2References4
Nuclei
Nucleiadded yesterday17 views

User Role by BestWebSoft < 1.5.6 - Cross-Site Scripting

The user-role plugin before 1.5.6 for WordPress has multiple XSS issues. id: CVE-2017-18566 info: name: User Role by BestWebSoft 1.5.6 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The user-role plugin before 1.5.6 for WordPress has multiple XSS issues. impact: |...

6.1CVSS6.3AI score0.00097EPSS
Exploits1References4
Nuclei
Nucleiadded yesterday22 views

AdPush < 1.44 - Cross-Site Scripting

The adsense-plugin aka Google AdSense plugin before 1.44 for WordPress has multiple XSS issues. id: CVE-2017-18487 info: name: AdPush 1.44 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The adsense-plugin aka Google AdSense plugin before 1.44 for WordPress has multip...

6.1CVSS6.2AI score0.00271EPSS
Exploits1References4
Nuclei
Nucleiadded yesterday20 views

Pagination by BestWebSoft < 1.0.7 - Cross-Site Scripting

The pagination plugin before 1.0.7 for WordPress has multiple XSS issues. id: CVE-2017-18527 info: name: Pagination by BestWebSoft 1.0.7 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The pagination plugin before 1.0.7 for WordPress has multiple XSS issues. impact: |...

6.1CVSS6.2AI score0.00059EPSS
Exploits1References4
Nuclei
Nucleiadded yesterday17 views

Timesheet Plugin < 0.1.5 - Cross-Site Scripting

The Timesheet plugin before 0.1.5 for WordPress has multiple XSS issues. id: CVE-2017-18590 info: name: Timesheet Plugin 0.1.5 - Cross-Site Scripting author: Splint3r7 severity: medium description: | The Timesheet plugin before 0.1.5 for WordPress has multiple XSS issues. impact: | Authenticated...

6.1CVSS6.2AI score0.00015EPSS
Exploits1References3
Nuclei
Nucleiadded yesterday52 views

TablePress < 2.4.3 - XXE Injection

The PHPSpreadsheet library used by the plugin is affected by an XXE as the security scanner that prevents XXE attacks in the XLSX reader can be bypassed by slightly modifying the XML structure, utilizing white spaces. On servers that allow users to upload their own Excel XLSX sheets, Server files...

7.5CVSS5.4AI score0.71632EPSS
Exploits1References4
Nuclei
Nucleiadded yesterday8 views

WPZOOM Social Icons Widget <= 4.2.15 - Missing Authorization

WPZOOM Social Icons Widget & Block versions up to 4.2.15 contain a missing authorization vulnerability caused by insufficient access control in the widget and block, letting attackers perform unauthorized actions, exploit requires no special conditions. id: CVE-2024-30464 info: name: WPZOOM Socia...

8.8CVSS7.7AI score0.41698EPSS
Exploits0References1
Nuclei
Nucleiadded yesterday13 views

ArForms < 6.6 - Remote Code Execution

The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form id: CVE-2024-4620 info: name: ArForms 6.6 - Remote Code Execution autho...

9.8CVSS5.5AI score0.72422EPSS
Exploits2References1
Nuclei
Nucleiadded yesterday24 views

WPMobile.App <= 11.56 - Open Redirect

The WPMobile.App plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 11.56. This is due to insufficient validation on the redirect URL supplied via the 'redirect' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially...

7.2CVSS7.8AI score0.01945EPSS
Exploits0References2
Nuclei
Nucleiadded yesterday3 views

Video Conferencing with Zoom API < 4.6.6 - Unauthenticated SDK Signature Generation

Zoom WordPress plugin 4.6.6 contains a broken authentication caused by disabled nonce verification in an AJAX handler, letting unauthenticated attackers generate valid Zoom SDK signatures and retrieve the Zoom SDK key. id: CVE-2026-1368 info: name: Video Conferencing with Zoom API 4.6.6 -...

7.5CVSS5.4AI score0.32922EPSS
Exploits0References3
Nuclei
Nucleiadded yesterday21 views

Ninja Forms 3.8.6-3.8.10 - Cross-Site Scripting

The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin id: CVE-2024-7354 info: name: Ninja Forms 3.8.6-3.8.10 - Cross-Site Scripting...

6.1CVSS5.4AI score0.01473EPSS
Exploits1References2
Nuclei
Nucleiadded yesterday10 views

JustRows WordPress - Cross-Site Scripting

JustRows free WordPress plugin v0.2 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

7.1CVSS7.6AI score0.01771EPSS
Exploits1References1
Nuclei
Nucleiadded yesterday28 views

WordPress JSmol2WP <=1.07 - Cross-Site Scripting

WordPress JSmol2WP version 1.07 and earlier is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via the jsmol.php data parameter. id: CVE-2018-20462 info: name: WordPress JSmol2WP =1.07 - Cross-Site Scripting author: daffainfo severity: medium...

7.5CVSS6.7AI score0.81476EPSS
Exploits4References5
Nuclei
Nucleiadded yesterday11 views

Alert Before Your Post <= 0.1.1 - Cross-Site Scripting

A cross-site scripting vulnerability in postalert.php in Alert Before Your Post plugin, possibly 0.1.1 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the name parameter. id: CVE-2011-5107 info: name: Alert Before Your Post = 0.1.1 - Cross-Site...

4.3CVSS5.4AI score0.00798EPSS
Exploits1References4
Nuclei
Nucleiadded yesterday53 views

WordPress WP01 - Path Traversal

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in wp01ru WP01 allows Path Traversal. This issue affects WP01: from n/a through 2.6.2. id: CVE-2025-30567 info: name: WordPress WP01 - Path Traversal author: s4e-io severity: high description: | Improper...

7.5CVSS5.4AI score0.43807EPSS
Exploits0References3
Nuclei
Nucleiadded yesterday7 views

SureForms <= 1.13.1 - Sensitive Information Exposure

SureForms WordPress plugin = 1.13.1 contains a sensitive information exposure caused by setting 'authcallback' to 'returntrue' in 'srfmemailnotification' post meta registration, letting unauthenticated attackers access sensitive email notification data, exploit requires no authentication. id:...

7.5CVSS5.4AI score0.30797EPSS
Exploits0References2
Nuclei
Nucleiadded yesterday27 views

FooGallery plugin <= 2.2.35 - Cross-Site Scripting

Reflected Cross-Site Scripting XSS vulnerability in FooPlugins FooGallery plugin = 2.2.35 versions. id: CVE-2023-29439 info: name: FooGallery plugin = 2.2.35 - Cross-Site Scripting author: theamanrawat severity: medium description: | Reflected Cross-Site Scripting XSS vulnerability in FooPlugins...

7.1CVSS6.8AI score0.65372EPSS
Exploits1References5
Rows per page
Query Builder