Lucene search
K

225299 matches found

EUVD
EUVD
added 2026/05/21 4:28 a.m.21 views

EUVD-2026-31211

The Avada Fusion Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in all versions up to, and including, 3.15.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level...

6.4CVSS6AI score0.00337EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/21 4:27 a.m.15 views

CVE-2026-6279

The Avada Builder fusion-builder plugin for WordPress is vulnerable to Unauthenticated Remote Code Execution via PHP Function Injection in versions up to and including 3.15.2. This is due to the wpconditionaltags case in FusionBuilderConditionalRenderHelper::getvalue passing attacker-controlled...

9.8CVSS6.3AI score0.02163EPSS
Exploits4References13
NVD
NVD
added 2026/05/21 4:16 a.m.22 views

CVE-2026-4811

The WPB Floating Menu & Categories for WordPress – Sticky Side Menu with Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Icon CSS Class' category field in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This mak...

4.9CVSS0.00311EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/21 2:28 a.m.16 views

SUSE CVE-2026-44933

PluginScript attempts to chroot the plugin to the repoManagerRoot, this root is frequently / the system root in standard configurations or when using --root. If the chroot target is /, it is a no-op, allowing the traversed path to execute host binaries like /bin/bash with root privileges...

7.8CVSS5.9AI score0.00214EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2026/05/21 2:27 a.m.5 views

CVE-2026-4811

The WPB Floating Menu & Categories for WordPress – Sticky Side Menu with Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Icon CSS Class' category field in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This mak...

4.9CVSS6AI score0.00311EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/21 2:27 a.m.9 views

EUVD-2026-31208

The WPB Floating Menu & Categories for WordPress – Sticky Side Menu with Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Icon CSS Class' category field in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This mak...

4.9CVSS6AI score0.00311EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/21 2:27 a.m.40 views

CVE-2026-4811 WPB Floating Menu or Categories – Sticky Floating Side Menu & Categories with Icons <= 1.0.8 - Authenticated (Editor+) Stored Cross-Site Scripting via 'Icon CSS Class' Category Field

The WPB Floating Menu & Categories for WordPress – Sticky Side Menu with Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Icon CSS Class' category field in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This mak...

4.9CVSS0.00311EPSS
Exploits0References2
CVE
CVE
added 2026/05/21 2:27 a.m.17 views

CVE-2026-4811

CVE-2026-4811 affects the WordPress plugin WPB Floating Menu & Categories (Sticky Floating Side Menu & Categories with Icons). All versions up to 1.0.8 are vulnerable to Stored Cross-Site Scripting via the Icon CSS Class category field due to insufficient input sanitization and output escaping. E...

4.9CVSS6AI score0.00311EPSS
Exploits0References2
NVD
NVD
added 2026/05/21 2:16 a.m.30 views

CVE-2026-48172

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation possibly to root, as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpaneljsonapifunc=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2/dev/null in Bash. If you get no output,...

10CVSS0.18914EPSS
Exploits1References4
NVD
NVD
added 2026/05/21 2:16 a.m.18 views

CVE-2026-1881

The Broadstreet plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.52.2 via the getsponsoredmeta AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS0.00219EPSS
Exploits0References2
OSV
OSV
added 2026/05/21 1:32 a.m.12 views

MAL-2026-4558 Malicious code in fastgrc-openclaw (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 158457237168ef50e3a6c4cd33f51e23f6aec642593745a3d11b9b4870ef36ce The package is an AI agent policy-check plugin. When a consumer does not configure their own API key, resolveApiKey returns a hardcoded BUNDLEDAPIKEY...

5.8AI score
Exploits0References1
CVE
CVE
added 2026/05/21 1:26 a.m.21 views

CVE-2026-1881

The CVE-2026-1881 entry concerns the Broadstreet WordPress plugin (versions

4.3CVSS5.8AI score0.00219EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/21 1:26 a.m.6 views

CVE-2026-1881

The Broadstreet plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.52.2 via the getsponsoredmeta AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS5.8AI score0.00219EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/21 1:26 a.m.9 views

CVE-2026-1881 Broadstreet <= 1.52.2 - Authenticated (Subscriber+) Private Post Meta Disclosure via get_sponsored_meta

The Broadstreet plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.52.2 via the getsponsoredmeta AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS5.8AI score0.00219EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/21 1:26 a.m.12 views

EUVD-2026-31206

The Broadstreet plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.52.2 via the getsponsoredmeta AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS5.8AI score0.00219EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/21 1:26 a.m.45 views

CVE-2026-1881 Broadstreet <= 1.52.2 - Authenticated (Subscriber+) Private Post Meta Disclosure via get_sponsored_meta

The Broadstreet plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.52.2 via the getsponsoredmeta AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS0.00219EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/21 12:38 a.m.58 views

CVE-2026-48172

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation possibly to root, as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpaneljsonapifunc=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2/dev/null in Bash. If you get no output,...

10CVSS0.18914EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/05/21 12:38 a.m.12 views

CVE-2026-48172

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation possibly to root, as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpaneljsonapifunc=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2/dev/null in Bash. If you get no output,...

10CVSS5.8AI score0.18914EPSS
Exploits1References3
CVE
CVE
added 2026/05/21 12:38 a.m.42 views

CVE-2026-48172

The vulnerability CVE-2026-48172 affects LiteSpeed User-End cPanel Plugin prior to 2.4.5. The issue stems from mishandling of Redis enable/disable features, enabling privilege escalation (possibly to root). In-the-wild exploitation was reported in May 2026. Detection guidance is provided: run gre...

10CVSS5.8AI score0.18914EPSS
In wildExploits1References4Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/05/21 12:38 a.m.10 views

CVE-2026-48172

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation possibly to root, as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpaneljsonapifunc=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2/dev/null in Bash. If you get no output,...

10CVSS5.8AI score0.18914EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder