224867 matches found
CVE-2026-8206 Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password'
The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions 6.0.0 to 6.0.6. This is due to the plugin accepting an arbitrary email address when a username is used in the password reset request. Thi...
CVE-2026-8206
The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions 6.0.0 to 6.0.6. This is due to the plugin accepting an arbitrary email address when a username is used in the password reset request. Thi...
CVE-2026-8206
The CVE-2026-8206 entry documents an unauthenticated privilege-escalation vulnerability in the Kirki – Freeform Page Builder for WordPress, affecting versions 6.0.0–6.0.6. The root cause is in the password-reset flow: the vulnerable CompLibFormHandler.php reads an attacker-supplied email from the...
CVE-2026-10100
The Simple Custom Login Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the color settings fields Page Background, Form Background, Text Color, Link Color in versions up to and including 1.0.3. This is due to insufficient input sanitization of the color option values th...
CVE-2026-27136 affecting package sriov-network-device-plugin for versions less than 3.7.0-6
CVE-2026-27136 affecting package sriov-network-device-plugin for versions less than 3.7.0-6. A patched version of the package is available...
CVE-2026-42506 affecting package sriov-network-device-plugin for versions less than 3.7.0-6
CVE-2026-42506 affecting package sriov-network-device-plugin for versions less than 3.7.0-6. A patched version of the package is available...
CVE-2026-25681 affecting package sriov-network-device-plugin for versions less than 3.7.0-6
CVE-2026-25681 affecting package sriov-network-device-plugin for versions less than 3.7.0-6. A patched version of the package is available...
CVE-2026-42502 affecting package sriov-network-device-plugin for versions less than 3.7.0-6
CVE-2026-42502 affecting package sriov-network-device-plugin for versions less than 3.7.0-6. A patched version of the package is available...
CVE-2026-25680 affecting package sriov-network-device-plugin for versions less than 3.7.0-6
CVE-2026-25680 affecting package sriov-network-device-plugin for versions less than 3.7.0-6. A patched version of the package is available...
CVE-2026-39821 affecting package sriov-network-device-plugin for versions less than 3.7.0-6
CVE-2026-39821 affecting package sriov-network-device-plugin for versions less than 3.7.0-6. A patched version of the package is available...
Exploit for CVE-2026-8732
WP Maps Pro Unauthenticated Stored Cross-Site Scripting CVE-2...
CVE-2026-10100 Simple Custom Login Page <= 1.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting
The Simple Custom Login Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the color settings fields Page Background, Form Background, Text Color, Link Color in versions up to and including 1.0.3. This is due to insufficient input sanitization of the color option values th...
CVE-2026-10100
The Simple Custom Login Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the color settings fields Page Background, Form Background, Text Color, Link Color in versions up to and including 1.0.3. This is due to insufficient input sanitization of the color option values th...
EUVD-2026-33870
The Simple Custom Login Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the color settings fields Page Background, Form Background, Text Color, Link Color in versions up to and including 1.0.3. This is due to insufficient input sanitization of the color option values th...
CVE-2026-10100 Simple Custom Login Page <= 1.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting
The Simple Custom Login Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the color settings fields Page Background, Form Background, Text Color, Link Color in versions up to and including 1.0.3. This is due to insufficient input sanitization of the color option values th...
CVE-2026-3722 Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO) <= 4.9 - Authenticated (Author+) Stored Cross-Site Scripting via Image Attribute
The Auto Image Attributes From Filename With Bulk Updater Add Alt Text, Image Title For Image SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the attachment metadata in all versions up to, and including, 4.9 due to insufficient input sanitization and output escaping. Thi...
CVE-2026-3722
The CVE concerns the WordPress plugin “Auto Image Attributes From Filename With Bulk Updater” (versions ≤ 4.9). The root cause is insufficient input sanitization and output escaping in attachment metadata, enabling Stored Cross-Site Scripting. Impact: authenticated attackers with Author-level acc...
EUVD-2026-33869
The Auto Image Attributes From Filename With Bulk Updater Add Alt Text, Image Title For Image SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the attachment metadata in all versions up to, and including, 4.9 due to insufficient input sanitization and output escaping. Thi...
CVE-2026-3722 Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO) <= 4.9 - Authenticated (Author+) Stored Cross-Site Scripting via Image Attribute
The Auto Image Attributes From Filename With Bulk Updater Add Alt Text, Image Title For Image SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the attachment metadata in all versions up to, and including, 4.9 due to insufficient input sanitization and output escaping. Thi...
CVE-2026-3722
The Auto Image Attributes From Filename With Bulk Updater Add Alt Text, Image Title For Image SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the attachment metadata in all versions up to, and including, 4.9 due to insufficient input sanitization and output escaping. Thi...