Lucene search
K

225210 matches found

CVE
CVE
added 2026/05/22 3:39 a.m.23 views

CVE-2026-7509

The CVE-2026-7509 affects the WordPress KIA Subtitle plugin (

6.4CVSS6AI score0.00249EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/22 3:39 a.m.8 views

CVE-2026-9104

The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to...

6.4CVSS6AI score0.0022EPSS
Exploits0References8Affected Software1
EUVD
EUVD
added 2026/05/22 3:39 a.m.12 views

EUVD-2026-31405

The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to...

6.4CVSS6AI score0.0022EPSS
Exploits0References7
CVE
CVE
added 2026/05/22 3:39 a.m.21 views

CVE-2026-9104

The CVE concerns the Draft List plugin for WordPress, affecting all versions up to 2.6.3. It describes a Stored Cross-Site Scripting (XSS) vulnerability in draft post titles caused by insufficient input sanitization and output escaping. Exploitation requires at least author-level access; authenti...

6.4CVSS6AI score0.0022EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/05/22 3:39 a.m.7 views

CVE-2026-9104 Draft List <= 2.6.3 - Authenticated (Author+) Stored Cross-Site Scripting via Draft Post Title

The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to...

6.4CVSS6AI score0.0022EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/22 3:39 a.m.37 views

CVE-2026-9104 Draft List <= 2.6.3 - Authenticated (Author+) Stored Cross-Site Scripting via Draft Post Title

The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to...

6.4CVSS0.0022EPSS
Exploits0References7
Snyk
Snyk
added 2026/05/22 2:42 a.m.12 views

Malicious Package

Overview hardhat-gas-profiler-plugin is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
EUVD
EUVD
added 2026/05/22 2:28 a.m.10 views

EUVD-2026-31391

The WP ERP Pro plugin for WordPress is vulnerable to SQL Injection via the 'searchkey' parameter in all versions up to, and including, 1.5.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...

7.5CVSS5.9AI score0.00273EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/22 2:28 a.m.6 views

CVE-2026-4834

The WP ERP Pro plugin for WordPress is vulnerable to SQL Injection via the 'searchkey' parameter in all versions up to, and including, 1.5.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...

7.5CVSS5.9AI score0.00273EPSS
Exploits0References3
CVE
CVE
added 2026/05/22 2:28 a.m.29 views

CVE-2026-4834

The CVE-2026-4834 entry concerns the WP ERP Pro plugin for WordPress, affected up to version 1.5.1. The vulnerability is a SQL Injection via the 'search_key' parameter due to insufficient escaping and lack of proper query preparation. This allows unauthenticated attackers to append additional SQL...

7.5CVSS5.9AI score0.00273EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/22 12:31 a.m.14 views

EUVD-2026-31367

The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpressvalidatesubmittedbookingformfunc' function in all versions up to, and including, 5.6. This makes it possible for unauthenticated attackers to upload arbitrary...

9.8CVSS6.5AI score0.00672EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/22 12:31 a.m.14 views

EUVD-2026-31353

Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password...

5.8AI score0.00196EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.15 views

PT-2026-42723

Name of the Vulnerable Software and Affected Versions WP Blockade versions prior to 0.9.15 Description The plugin is subject to Reflected Cross-Site Scripting, a flaw where an application includes untrusted data in a web page without proper validation, allowing attackers to execute scripts in the...

6.1CVSS5.9AI score0.00249EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.8 views

WordPress plugin Location Weather 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.3CVSS5.8AI score0.00248EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.10 views

WordPress plugin Vedrixa Forms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

4.3CVSS5.8AI score0.00225EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.13 views

PT-2026-42726

The CBX 5 Star Rating & Review plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6AI score0.00264EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.11 views

PT-2026-42727

The Location Weather plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the splw update block options and lwp clean weather transients functions in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers...

4.3CVSS5.8AI score0.00248EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.17 views

WordPress plugin Easy Elements for Elementor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

8.8CVSS5.8AI score0.00541EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.14 views

PT-2026-42735

The FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.9.87 via the 'SubscribeURL' parameter. This makes it possible for...

5.4CVSS5.8AI score0.00645EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.14 views

PT-2026-42729

Name of the Vulnerable Software and Affected Versions Easy Elements for Elementor – Addons & Website Templates versions prior to 1.4.6 Description An issue exists in the easyel handle register function where the wp ajax nopriv eel register AJAX handler processes the custom meta POST array. The...

8.8CVSS5.7AI score0.00541EPSS
Exploits1References10
Rows per page
Query Builder