Lucene search
K

225304 matches found

Cvelist
Cvelist
added 2026/05/21 1:26 a.m.45 views

CVE-2026-1881 Broadstreet <= 1.52.2 - Authenticated (Subscriber+) Private Post Meta Disclosure via get_sponsored_meta

The Broadstreet plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.52.2 via the getsponsoredmeta AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS0.00219EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/21 12:38 a.m.58 views

CVE-2026-48172

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation possibly to root, as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpaneljsonapifunc=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2/dev/null in Bash. If you get no output,...

10CVSS0.18914EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/05/21 12:38 a.m.12 views

CVE-2026-48172

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation possibly to root, as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpaneljsonapifunc=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2/dev/null in Bash. If you get no output,...

10CVSS5.8AI score0.18914EPSS
Exploits1References3
CVE
CVE
added 2026/05/21 12:38 a.m.42 views

CVE-2026-48172

The vulnerability CVE-2026-48172 affects LiteSpeed User-End cPanel Plugin prior to 2.4.5. The issue stems from mishandling of Redis enable/disable features, enabling privilege escalation (possibly to root). In-the-wild exploitation was reported in May 2026. Detection guidance is provided: run gre...

10CVSS5.8AI score0.18914EPSS
In wildExploits1References4Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/05/21 12:38 a.m.10 views

CVE-2026-48172

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation possibly to root, as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpaneljsonapifunc=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2/dev/null in Bash. If you get no output,...

10CVSS5.8AI score0.18914EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/05/21 12:38 a.m.12 views

EUVD-2026-31204

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation possibly to root, as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpaneljsonapifunc=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2/dev/null in Bash. If you get no output,...

10CVSS5.8AI score0.18914EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.7 views

WordPress plugin wpb-floating-menu-or-categories 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

4.9CVSS5.8AI score0.00311EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.8 views

WordPress plugin Avada (Fusion) Builder 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.8AI score0.00337EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.14 views

WordPress plugin Avada (Fusion) Builder 注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

9.8CVSS6.1AI score0.02163EPSS
Exploits4References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.8 views

WordPress plugin HAPPY 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.5CVSS5.8AI score0.00307EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.10 views

WordPress plugin WP Directory Kit SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. The WordPre...

9.3CVSS5.9AI score0.00243EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.14 views

PT-2026-42478

Name of the Vulnerable Software and Affected Versions ConnectWise Automate versions prior to 2026.5 Description The ConnectWise Automate Agent fails to fully verify the authenticity of components obtained during plugin loading and self-update operations. This lack of integrity checks during the...

8.8CVSS6.1AI score0.00311EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.11 views

PT-2026-42533

The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the process ajax restore action function in all versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with Subscriber-level access a...

4.3CVSS5.8AI score0.00192EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.7 views

WordPress plugin CF7 WOW Styler 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00171EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.21 views

PT-2026-42460

Name of the Vulnerable Software and Affected Versions Divi Form Builder versions prior to 5.1.3 Description The Divi Form Builder plugin for WordPress allows unauthenticated attackers to create administrator accounts. This occurs because the plugin accepts a user-controlled role parameter from PO...

9.8CVSS5.8AI score0.00487EPSS
Exploits4References5
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.9 views

Catalyst-Plugin-Authentication 安全漏洞

Catalyst-Plugin-Authentication is an open-source authentication plugin framework developed by Catalyst. Versions of Catalyst-Plugin-Authentication prior to 0.10024 contain security vulnerabilities; these vulnerabilities stem from the use of the Perl built-in eq comparison function, which may lead...

5.1CVSS5.8AI score0.00196EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.10 views

LiteSpeed User-End cPanel Plugin 安全漏洞

The LiteSpeed User-End cPanel Plugin is an integrated management plugin for LiteSpeed server users, developed by LiteSpeed Corporation and designed to work within the cPanel environment. Versions of the LiteSpeed User-End cPanel Plugin prior to version 2.4.5 contained security vulnerabilities...

10CVSS6AI score0.18914EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.14 views

PT-2026-42391

The Broadstreet plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.52.2 via the get sponsored meta AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS5.8AI score0.00219EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.10 views

WordPress plugin Broadstreet 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.3CVSS5.9AI score0.00219EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.11 views

PT-2026-42551

Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password...

5.1CVSS5.8AI score0.00196EPSS
Exploits0References5
Rows per page
Query Builder