Lucene search
K

225290 matches found

Vulnrichment
Vulnrichment
added 2026/05/22 3:39 a.m.8 views

CVE-2026-7249 Location Weather <= 3.0.2 - Missing Authorization to Authenticated (Contributor+) Block Settings Modification and Cache Purging

The Location Weather plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the splwupdateblockoptions and lwpcleanweathertransients functions in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.00248EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/22 3:39 a.m.5 views

CVE-2026-7249

The Location Weather plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the splwupdateblockoptions and lwpcleanweathertransients functions in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.00248EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/22 3:39 a.m.38 views

CVE-2026-7249 Location Weather <= 3.0.2 - Missing Authorization to Authenticated (Contributor+) Block Settings Modification and Cache Purging

The Location Weather plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the splwupdateblockoptions and lwpcleanweathertransients functions in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with...

4.3CVSS0.00248EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/22 3:39 a.m.15 views

EUVD-2026-31404

The Location Weather plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the splwupdateblockoptions and lwpcleanweathertransients functions in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.00248EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/22 3:39 a.m.45 views

CVE-2026-7509 KIA Subtitle <= 4.0.1 - [Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')]

The KIA Subtitle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's the-subtitle shortcode before and after attributes in all versions up to, and including, 4.0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS0.00249EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/22 3:39 a.m.9 views

CVE-2026-6864

The CBX 5 Star Rating & Review plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6AI score0.00264EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/22 3:39 a.m.9 views

CVE-2026-7509

The KIA Subtitle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's the-subtitle shortcode before and after attributes in all versions up to, and including, 4.0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS6AI score0.00249EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/05/22 3:39 a.m.7 views

CVE-2026-7509 KIA Subtitle <= 4.0.1 - [Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')]

The KIA Subtitle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's the-subtitle shortcode before and after attributes in all versions up to, and including, 4.0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS6AI score0.00249EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/05/22 3:39 a.m.11 views

CVE-2026-6864 CBX 5 Star Rating & Review <= 1.0.7 - Reflected Cross-Site Scripting via 'page' Parameter

The CBX 5 Star Rating & Review plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6AI score0.00264EPSS
Exploits0References5
CVE
CVE
added 2026/05/22 3:39 a.m.23 views

CVE-2026-7509

The CVE-2026-7509 affects the WordPress KIA Subtitle plugin (

6.4CVSS6AI score0.00249EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/22 3:39 a.m.11 views

EUVD-2026-31406

The KIA Subtitle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's the-subtitle shortcode before and after attributes in all versions up to, and including, 4.0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS6AI score0.00249EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/22 3:39 a.m.36 views

CVE-2026-6864 CBX 5 Star Rating & Review <= 1.0.7 - Reflected Cross-Site Scripting via 'page' Parameter

The CBX 5 Star Rating & Review plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.00264EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/22 3:39 a.m.12 views

EUVD-2026-31409

The CBX 5 Star Rating & Review plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6AI score0.00264EPSS
Exploits0References5
CVE
CVE
added 2026/05/22 3:39 a.m.21 views

CVE-2026-6864

The CVE-2026-6864 concern affects the CBX 5 Star Rating & Review plugin for WordPress. It is a Reflected Cross-Site Scripting flaw via the 'page' parameter in all versions up to 1.0.7, caused by insufficient input sanitization and output escaping. This enables unauthenticated attackers to inject ...

6.1CVSS6AI score0.00264EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/22 3:39 a.m.7 views

CVE-2026-9104 Draft List <= 2.6.3 - Authenticated (Author+) Stored Cross-Site Scripting via Draft Post Title

The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to...

6.4CVSS6AI score0.0022EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/22 3:39 a.m.8 views

CVE-2026-9104

The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to...

6.4CVSS6AI score0.0022EPSS
Exploits0References8Affected Software1
EUVD
EUVD
added 2026/05/22 3:39 a.m.12 views

EUVD-2026-31405

The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to...

6.4CVSS6AI score0.0022EPSS
Exploits0References7
CVE
CVE
added 2026/05/22 3:39 a.m.21 views

CVE-2026-9104

The CVE concerns the Draft List plugin for WordPress, affecting all versions up to 2.6.3. It describes a Stored Cross-Site Scripting (XSS) vulnerability in draft post titles caused by insufficient input sanitization and output escaping. Exploitation requires at least author-level access; authenti...

6.4CVSS6AI score0.0022EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/22 3:39 a.m.37 views

CVE-2026-9104 Draft List <= 2.6.3 - Authenticated (Author+) Stored Cross-Site Scripting via Draft Post Title

The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to...

6.4CVSS0.0022EPSS
Exploits0References7
Snyk
Snyk
added 2026/05/22 2:42 a.m.12 views

Malicious Package

Overview hardhat-gas-profiler-plugin is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Rows per page
Query Builder