Lucene search
K

225134 matches found

EUVD
EUVD
added 2026/05/22 7:50 a.m.14 views

EUVD-2026-31418

The FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.9.87 via the 'SubscribeURL' parameter. This makes it possible for...

5.4CVSS5.8AI score0.00645EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/22 7:50 a.m.11 views

CVE-2026-7798

The FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.9.87 via the 'SubscribeURL' parameter. This makes it possible for...

5.4CVSS5.8AI score0.00645EPSS
Exploits0References9
EUVD
EUVD
added 2026/05/22 7:50 a.m.10 views

EUVD-2026-31417

The MotoPress Hotel Booking plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite or...

5.3CVSS5.9AI score0.00278EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/22 7:50 a.m.30 views

CVE-2026-7798 FluentCRM <= 2.9.87 - Unauthenticated Blind Server-Side Request Forgery via 'SubscribeURL' Parameter

The FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.9.87 via the 'SubscribeURL' parameter. This makes it possible for...

5.4CVSS0.00645EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/05/22 7:50 a.m.8 views

CVE-2026-8684 MotoPress Hotel Booking <= 6.0.1 - Missing Authorization to Unauthenticated Arbitrary Booking Notes Modification via mphb_update_booking_notes AJAX Action

The MotoPress Hotel Booking plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite or...

5.3CVSS5.9AI score0.00278EPSS
Exploits0References8
CVE
CVE
added 2026/05/22 7:50 a.m.31 views

CVE-2026-7798

The CVE-2026-7798 entry concerns the FluentCRM WordPress plugin (versions up to and including 2.9.87). A Blind Server-Side Request Forgery exists via the SubscribeURL parameter, enabling unauthenticated actors to make web requests from the application to internal/internal-facing targets and poten...

5.4CVSS5.8AI score0.00645EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/22 7:50 a.m.10 views

EUVD-2026-31419

The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.65. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

7.5CVSS5.8AI score0.00447EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/05/22 7:50 a.m.9 views

CVE-2026-9011 Ditty <= 3.1.65 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via ditty_init AJAX Action

The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.65. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

7.5CVSS5.8AI score0.00447EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/22 7:50 a.m.29 views

CVE-2026-7615 Widget Context <= 1.3.3 - Cross-Site Request Forgery to Settings Update via 'wl' Parameter

The Widget Context plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.3. This is due to missing or incorrect nonce validation on the savewidgetcontextsettings function. This makes it possible for unauthenticated attackers to modify widget...

4.3CVSS0.00168EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/22 7:50 a.m.26 views

CVE-2026-7636 Slider by Soliloquy <= 2.8.1 - Authenticated (Subscriber+) Information Disclosure via REST API Endpoint

The Slider by Soliloquy – Responsive Image Slider for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.1 via the mapmetacap. This makes it possible for authenticated attackers, with subscriber-level access and above, to extra...

4.3CVSS0.00236EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/22 7:50 a.m.7 views

CVE-2026-9011

The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.65. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

7.5CVSS5.8AI score0.00447EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/05/22 7:50 a.m.33 views

CVE-2026-9011 Ditty <= 3.1.65 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via ditty_init AJAX Action

The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.65. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

7.5CVSS0.00447EPSS
Exploits0References8
CVE
CVE
added 2026/05/22 7:50 a.m.22 views

CVE-2026-9011

Technical details are not publicly available in the provided documents. Monitor for updates.

7.5CVSS5.8AI score0.00447EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/05/22 7:50 a.m.8 views

CVE-2026-7636 Slider by Soliloquy <= 2.8.1 - Authenticated (Subscriber+) Information Disclosure via REST API Endpoint

The Slider by Soliloquy – Responsive Image Slider for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.1 via the mapmetacap. This makes it possible for authenticated attackers, with subscriber-level access and above, to extra...

4.3CVSS5.8AI score0.00236EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/22 7:50 a.m.27 views

CVE-2026-8692 Vedrixa Forms <= 1.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Structure Modification via wefb_save_form_structure AJAX Action

The Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it...

4.3CVSS0.00225EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/05/22 7:50 a.m.7 views

CVE-2026-8692 Vedrixa Forms <= 1.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Structure Modification via wefb_save_form_structure AJAX Action

The Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it...

4.3CVSS5.8AI score0.00225EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/22 7:50 a.m.14 views

EUVD-2026-31414

The Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it...

4.3CVSS5.8AI score0.00225EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/22 7:50 a.m.7 views

CVE-2026-8692

The Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it...

4.3CVSS5.8AI score0.00225EPSS
Exploits0References9
Patchstack
Patchstack
added 2026/05/22 7:4 a.m.14 views

WordPress Ditty – Responsive News Tickers, Sliders, and Lists plugin <= 3.1.65 - Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability

Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Ditty versions = 3.1.65...

7.5CVSS5.8AI score0.00447EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/22 7:3 a.m.8 views

WordPress AudioIgniter Music Player plugin <= 2.0.2 - Unauthenticated Insecure Direct Object Reference to 'audioigniter_playlist_id' Parameter vulnerability

Unauthenticated Insecure Direct Object Reference to 'audioigniterplaylistid' Parameter vulnerability discovered by ? in WordPress Plugin AudioIgniter Music Player versions = 2.0.2...

7.5CVSS5.8AI score0.01508EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder