Lucene search
K

225297 matches found

Vulnrichment
Vulnrichment
added 2026/05/21 4:56 p.m.11 views

CVE-2026-39593 WordPress HAPPY plugin <= 1.0.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in VillaTheme HAPPY allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HAPPY: from n/a through 1.0.10...

6.5CVSS5.8AI score0.00307EPSS
Exploits0References1
CVE
CVE
added 2026/05/21 4:56 p.m.16 views

CVE-2026-39593

CVE-2026-39593 affects the WordPress plugin HAPPY (versions up to 1.0.10). The issue is a Missing Authorization / Broken Access Control vulnerability caused by incorrectly configured access controls, potentially enabling unauthenticated network requests to affect integrity and availability. CVSS ...

6.5CVSS5.8AI score0.00307EPSS
Exploits0References1
NVD
NVD
added 2026/05/21 4:16 p.m.14 views

CVE-2026-9089

The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update operations. This issue is addressed in Automate 2026.5...

8.8CVSS0.00311EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/21 4:12 p.m.9 views

WordPress Alfie – Feed Plugin plugin <= 1.2.1 - Cross-Site Request Forgery to Feed Deletion vulnerability

Cross-Site Request Forgery to Feed Deletion vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Alfie versions = 1.2.1...

4.3CVSS5.8AI score0.00164EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/21 3:59 p.m.10 views

WordPress FastX theme <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Installation and Activation vulnerability

Missing Authorization to Authenticated Subscriber+ Limited Plugin Installation and Activation vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Theme FastX versions = 1.0.2...

4.3CVSS5.8AI score0.0023EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/21 3:8 p.m.16 views

CVE-2026-39531

The CVE-2026-39531 affects the WordPress plugin WP Directory Kit (

9.3CVSS5.8AI score0.00243EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/21 3:8 p.m.8 views

CVE-2026-39531 WordPress WP Directory Kit plugin <= 1.5.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This issue affects WP Directory Kit: from n/a through 1.5.0...

9.3CVSS5.8AI score0.00243EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/21 3:8 p.m.37 views

CVE-2026-39531 WordPress WP Directory Kit plugin <= 1.5.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This issue affects WP Directory Kit: from n/a through 1.5.0...

9.3CVSS0.00243EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/21 2:41 p.m.9 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection due to the extension failing to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of...

8.2CVSS6AI score0.00386EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/21 2:37 p.m.12 views

WordPress KIA Subtitle plugin <= 4.0.1 - [Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')] vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability discovered by zaim in WordPress Plugin KIA Subtitle versions = 4.0.1...

6.4CVSS5.8AI score0.00249EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/21 2:36 p.m.8 views

WordPress Location Weather – WordPress Weather Forecast, AQI, Temperature and Weather Widget plugin <= 3.0.2 - Missing Authorization to Authenticated (Contributor+) Block Settings Modification and Cache Purging vulnerability

Missing Authorization to Authenticated Contributor+ Block Settings Modification and Cache Purging vulnerability discovered by momopon1415 in WordPress Plugin Location Weather versions = 3.0.2...

4.3CVSS5.8AI score0.00248EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/21 2:32 p.m.12 views

CVE-2026-9089

The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update operations. This issue is addressed in Automate 2026.5...

8.8CVSS5.8AI score0.00311EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/21 2:32 p.m.8 views

CVE-2026-9089

The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update operations. This issue is addressed in Automate 2026.5...

8.8CVSS5.8AI score0.00311EPSS
Exploits0References1
CVE
CVE
added 2026/05/21 2:32 p.m.22 views

CVE-2026-9089

The CVE-2026-9089 issue affects the ConnectWise Automate Agent. According to connected sources, the agent does not fully verify the authenticity of components during plugin loading and self-update operations. The underlying impact is risk of tampered or unverified components being loaded during e...

8.8CVSS5.8AI score0.00311EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/21 2:32 p.m.8 views

EUVD-2026-31290

The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update operations. This issue is addressed in Automate 2026.5...

8.8CVSS5.8AI score0.00311EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/21 2:32 p.m.37 views

CVE-2026-9089

The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update operations. This issue is addressed in Automate 2026.5...

8.8CVSS0.00311EPSS
Exploits0References1
NVD
NVD
added 2026/05/21 1:16 p.m.20 views

CVE-2026-5118

The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.2. This is due to the plugin accepting a user-controlled 'role' parameter from POST data during user registration without validating it against the form's configured...

9.8CVSS0.00487EPSS
Exploits4References2
Patchstack
Patchstack
added 2026/05/21 11:47 a.m.10 views

WordPress Avada (Fusion) Builder plugin <= 3.15.2 - Unauthenticated Remote Code Execution vulnerability

Unauthenticated Remote Code Execution vulnerability discovered by ? in WordPress Plugin Fusion Builder versions = 3.15.2...

9.8CVSS5.8AI score0.02163EPSS
Exploits4References1Affected Software1
Patchstack
Patchstack
added 2026/05/21 11:33 a.m.9 views

WordPress Infility Global plugin < 2.15.21 - SQL Injection vulnerability

SQL Injection vulnerability discovered by oolongeya - Dreamhack in WordPress Plugin Infility Global versions 2.15.21...

6.5CVSS5.9AI score0.00359EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/21 11:32 a.m.14 views

WordPress Kirki – Freeform Page Builder, Website Builder & Customizer plugin <= 6.0.6 - Unauthenticated Limited Arbitrary File Read and Deletion vulnerability

Unauthenticated Limited Arbitrary File Read and Deletion vulnerability discovered by Rafie Muhammad - Awesome Motive, Inc. in WordPress Plugin Kirki – Freeform Page Builder, Website Builder & Customizer versions = 6.0.6...

7.5CVSS5.8AI score0.00564EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder