Lucene search
K

225299 matches found

Patchstack
Patchstack
added 2026/05/21 11:33 a.m.9 views

WordPress Infility Global plugin < 2.15.21 - SQL Injection vulnerability

SQL Injection vulnerability discovered by oolongeya - Dreamhack in WordPress Plugin Infility Global versions 2.15.21...

6.5CVSS5.9AI score0.00359EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/21 11:32 a.m.14 views

WordPress Kirki – Freeform Page Builder, Website Builder & Customizer plugin <= 6.0.6 - Unauthenticated Limited Arbitrary File Read and Deletion vulnerability

Unauthenticated Limited Arbitrary File Read and Deletion vulnerability discovered by Rafie Muhammad - Awesome Motive, Inc. in WordPress Plugin Kirki – Freeform Page Builder, Website Builder & Customizer versions = 6.0.6...

7.5CVSS5.8AI score0.00564EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/21 11:32 a.m.11 views

CVE-2026-5118

The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.2. This is due to the plugin accepting a user-controlled 'role' parameter from POST data during user registration without validating it against the form's configured...

9.8CVSS5.8AI score0.00487EPSS
Exploits4References3
Cvelist
Cvelist
added 2026/05/21 11:32 a.m.39 views

CVE-2026-5118 Divi Form Builder <= 5.1.2 - Unauthenticated Privilege Escalation via 'role'

The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.2. This is due to the plugin accepting a user-controlled 'role' parameter from POST data during user registration without validating it against the form's configured...

9.8CVSS0.00487EPSS
Exploits4References2
Vulnrichment
Vulnrichment
added 2026/05/21 11:32 a.m.6 views

CVE-2026-5118 Divi Form Builder <= 5.1.2 - Unauthenticated Privilege Escalation via 'role'

The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.2. This is due to the plugin accepting a user-controlled 'role' parameter from POST data during user registration without validating it against the form's configured...

9.8CVSS5.8AI score0.00487EPSS
Exploits4References2
GithubExploit
GithubExploit
added 2026/05/21 10:12 a.m.104 views

Exploit for CVE-2026-5118

🔥 CVE-2026-5118 Divi Form Builder --- 🎯 Ring...

5.8AI score0.00487EPSS
Exploits4
Patchstack
Patchstack
added 2026/05/21 8:25 a.m.12 views

WordPress Zoho ZeptoMail plugin <= 3.2.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Zoho ZeptoMail versions = 3.2.9...

4.3CVSS5.8AI score0.00306EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/05/21 8:24 a.m.23 views

CVE-2026-27393

The CVE-2026-27393 entry concerns the WordPress plugin CF7 WOW Styler (versions n/a–1.7.6). The issue is described as a Missing Authorization / Broken Access Control vulnerability in which access permissions are incorrectly configured, allowing unauthorized access to functionality. The available ...

5.3CVSS5.8AI score0.00171EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/21 8:24 a.m.12 views

EUVD-2026-31248

Missing Authorization vulnerability in Tobias CF7 WOW Styler allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CF7 WOW Styler: from n/a through 1.7.6...

5.3CVSS5.8AI score0.00171EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/21 8:24 a.m.9 views

CVE-2026-27393 WordPress CF7 WOW Styler plugin <= 1.7.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tobias CF7 WOW Styler allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CF7 WOW Styler: from n/a through 1.7.6...

5.3CVSS5.8AI score0.00171EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/21 8:21 a.m.9 views

CVE-2026-27349 WordPress Mail Mint plugin <= 1.19.5 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPFunnels Team Mail Mint allows Retrieve Embedded Sensitive Data. This issue affects Mail Mint: from n/a through 1.19.5...

4.3CVSS5.8AI score0.00171EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/21 8:20 a.m.8 views

WordPress Mail Mint plugin <= 1.19.5 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Que Thanh Tuan in WordPress Plugin Mail Mint versions = 1.19.5...

4.3CVSS5.8AI score0.00171EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/21 7:26 a.m.11 views

WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.70 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Wannes Verwimp in WordPress Plugin Piotnet Addons For Elementor Pro versions = 7.1.70...

9.8CVSS5.8AI score0.00953EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2026/05/21 7:22 a.m.8 views

WordPress ProSolution WP Client plugin <= 2.0.0 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by snr in WordPress Plugin ProSolution WP Client versions = 2.0.0...

9.8CVSS5.8AI score0.00978EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/21 7:21 a.m.8 views

WordPress Easy Elements for Elementor – Addons & Website Templates plugin <= 1.4.4 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Ankit Patel in WordPress Plugin Easy Elements for Elementor Addons & Website Templates versions = 1.4.4...

9.8CVSS5.8AI score0.00494EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/21 6:40 a.m.8 views

WordPress GSheet For Woo Importer plugin <= 2.3.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Reset vulnerability

Missing Authorization to Authenticated Subscriber+ Plugin Settings Reset vulnerability discovered by Legion Hunter in WordPress Plugin GSheet For Woo Importer versions = 2.3.1...

4.3CVSS5.8AI score0.00192EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/21 5:16 a.m.24 views

CVE-2026-6279

The Avada Builder fusion-builder plugin for WordPress is vulnerable to Unauthenticated Remote Code Execution via PHP Function Injection in versions up to and including 3.15.2. This is due to the wpconditionaltags case in FusionBuilderConditionalRenderHelper::getvalue passing attacker-controlled...

9.8CVSS0.02163EPSS
Exploits4References12
Cvelist
Cvelist
added 2026/05/21 4:28 a.m.50 views

CVE-2026-1543 Avada (Fusion) Builder <= 3.15.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple Shortcodes

The Avada Fusion Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in all versions up to, and including, 3.15.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level...

6.4CVSS0.00337EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/21 4:28 a.m.11 views

CVE-2026-1543 Avada (Fusion) Builder <= 3.15.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple Shortcodes

The Avada Fusion Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in all versions up to, and including, 3.15.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level...

6.4CVSS6AI score0.00337EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/21 4:28 a.m.14 views

CVE-2026-1543

The Avada Fusion Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in all versions up to, and including, 3.15.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level...

6.4CVSS6AI score0.00337EPSS
Exploits0References4
Rows per page
Query Builder