Lucene search
K

225155 matches found

Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.13 views

PT-2026-42726

The CBX 5 Star Rating & Review plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6AI score0.00264EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.11 views

PT-2026-42727

The Location Weather plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the splw update block options and lwp clean weather transients functions in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers...

4.3CVSS5.8AI score0.00248EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.17 views

WordPress plugin Easy Elements for Elementor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

8.8CVSS5.8AI score0.00541EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.8 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in Mattermost versions 11.6.0 and earlier 11.6.x series, 11.5.3 and earlier 11.5.x series, 11.4.4 and earlier 11.4.x series, as well as 10.11.14 and earlier 10.11.x series. Thes...

7.5CVSS5.8AI score0.00254EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.14 views

PT-2026-42735

The FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.9.87 via the 'SubscribeURL' parameter. This makes it possible for...

5.4CVSS5.8AI score0.00645EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.14 views

PT-2026-42729

Name of the Vulnerable Software and Affected Versions Easy Elements for Elementor – Addons & Website Templates versions prior to 1.4.6 Description An issue exists in the easyel handle register function where the wp ajax nopriv eel register AJAX handler processes the custom meta POST array. The...

8.8CVSS5.7AI score0.00541EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.12 views

PT-2026-42737

The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the handle playlist endpoint function hooked to template redirect accepting a user-controlled playlist ID via the audioigniter playlist id query var or t...

7.5CVSS5.8AI score0.01508EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.8 views

WordPress plugin Alfie – Feed Plugin 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00164EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.12 views

PT-2026-42748

Name of the Vulnerable Software and Affected Versions Mattermost version 11.6.0 Mattermost version 11.5.3 Mattermost version 11.4.4 Mattermost version 10.11.14 Description Insufficient input validation in the GitHub plugin API request handlers allows an authenticated attacker to cause a denial of...

4.3CVSS5.8AI score0.0025EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.12 views

PT-2026-42749

Name of the Vulnerable Software and Affected Versions Mattermost version 11.6.0 Mattermost version 11.5.3 Mattermost version 11.4.4 Mattermost version 10.11.14 Description Failure to enforce request body size limits on plugin HTTP endpoints allows an attacker to cause a denial of service by sendi...

7.8CVSS5.8AI score0.00254EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.8 views

WordPress plugin Draft List 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.8AI score0.0022EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.8 views

WordPress plugin Ditty 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.5CVSS5.8AI score0.00447EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.16 views

PT-2026-42722

Name of the Vulnerable Software and Affected Versions FastX theme for WordPress versions prior to 1.0.3 Description The FastX theme for WordPress allows authenticated attackers with Subscriber-level access or higher to install and activate the PostX plugin. This is caused by missing capability...

4.3CVSS5.8AI score0.0023EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.15 views

PT-2026-42739

The Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it...

4.3CVSS5.8AI score0.00225EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.11 views

PT-2026-42724

Name of the Vulnerable Software and Affected Versions Alfie – Feed Plugin for WordPress versions prior to 1.2.2 Description Cross-Site Request Forgery occurs due to missing nonce validation in the alfie manage function, which handles feed deletion through the 'delete' GET parameter. This allows...

4.3CVSS5.8AI score0.00164EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.8 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in versions of Mattermost 11.6.0 and earlier 11.6.x series, as well as versions prior to 11.5.3 11.5.x series, 11.4.4 and earlier 11.4.x series, and 10.11.14 and earlier 10.11.x...

4.3CVSS5.8AI score0.0025EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.9 views

WordPress plugin KIA Subtitle 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.8AI score0.00249EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.12 views

PT-2026-42738

The MotoPress Hotel Booking plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite or...

5.3CVSS5.9AI score0.00278EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.18 views

PT-2026-42740

The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.65. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

7.5CVSS5.8AI score0.00447EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.16 views

Mattermost Server 10.11.x <= 10.11.13 / 11.4.x <= 11.4.3 / 11.5.x <= 11.5.1 Multiple Vulnerabilities (MMSA-2026-00573 / MMSA-2026-00576 / MMSA-2026-00591 / MMSA-2026-00605 / MMSA-2026-00607 / MMSA-2026-00608 / MMSA-2026-00614 / MMSA-2026-00627)

The version of Mattermost Server installed on the remote host is affected by multiple vulnerabilities: - Mattermost fails to sanitize sensitive configuration fields before including them in support packet generation, which allows a Mattermost System Admin or any party with access to a support...

8.7CVSS5.8AI score0.0029EPSS
Exploits0References9
Rows per page
Query Builder