Lucene search
K

225318 matches found

Snyk
Snyk
added 2026/05/20 7:7 p.m.4 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the diagnostics endpoint. An attacker can obtain sensitive secret-backed plugin configuration data by accessing this endpoint. Remediation Upgrade...

6.1CVSS5.8AI score
Exploits0References3
OSV
OSV
added 2026/05/20 7:7 p.m.9 views

GO-2026-5010 Kong Ingress Controller for Kubernetes (KIC): Secret-backed plugin configurations leak through non-sensitive diagnostics endpoint in github.com/kong/kubernetes-ingress-controller

Kong Ingress Controller for Kubernetes KIC: Secret-backed plugin configurations leak through non-sensitive diagnostics endpoint in github.com/kong/kubernetes-ingress-controller...

5.8AI score
Exploits0References1
Patchstack
Patchstack
added 2026/05/20 6:17 p.m.11 views

WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Evan NR in WordPress Plugin VikBooking Hotel Booking Engine & PMS versions = 1.8.8...

7.1CVSS5.8AI score0.00142EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/05/20 6:0 p.m.29 views

CVE-2026-45444 WordPress Gift Cards For WooCommerce Pro plugin <= 4.2.6 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files. This issue affects Gift Cards For WooCommerce Pro: from n/a through 4.2.6...

10CVSS0.00282EPSS
Exploits0References1
CVE
CVE
added 2026/05/20 6:0 p.m.16 views

CVE-2026-45444

CVE-2026-45444 describes an arbitrary file upload vulnerability in the WordPress plugin Gift Cards For WooCommerce Pro (WP Swings Gift Cards For WooCommerce Pro) up to version 4.2.6. The issue is triggered by uploading a file of an unrestricted/ dangerous type, potentially enabling the attacker t...

10CVSS5.8AI score0.00282EPSS
In wildExploits0References1
NVD
NVD
added 2026/05/20 5:16 p.m.11 views

CVE-2026-7613

The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csvdata0costofgoodsvalue' parameter in versions up to, and including, 1.2.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacke...

7.2CVSS0.00255EPSS
Exploits0References2
OSV
OSV
added 2026/05/20 4:57 p.m.6 views

CLSA-2026-1779296233 sos: Fix of CVE-2022-2806

CVE-2022-2806: ovirt plugin: filter out all password keys in answer files...

5.5CVSS5.8AI score0.00233EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/20 4:27 p.m.8 views

CVE-2026-7613

The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csvdata0costofgoodsvalue' parameter in versions up to, and including, 1.2.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacke...

7.2CVSS6AI score0.00255EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/20 4:27 p.m.36 views

CVE-2026-7613 Cost of Goods by PixelYourSite <= 1.2.12 - Unauthenticated Stored Cross-Site Scripting via Cost of Goods Import

The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csvdata0costofgoodsvalue' parameter in versions up to, and including, 1.2.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacke...

7.2CVSS0.00255EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/20 4:27 p.m.8 views

CVE-2026-7613 Cost of Goods by PixelYourSite <= 1.2.12 - Unauthenticated Stored Cross-Site Scripting via Cost of Goods Import

The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csvdata0costofgoodsvalue' parameter in versions up to, and including, 1.2.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacke...

7.2CVSS6AI score0.00255EPSS
Exploits0References2
CVE
CVE
added 2026/05/20 4:27 p.m.18 views

CVE-2026-7613

CVE-2026-7613 affects the Cost of Goods by PixelYourSite plugin for WordPress. It allows unauthenticated Stored XSS via csvdata[0][cost_of_goods_value] in versions up to 1.2.12 due to insufficient input sanitization and output escaping, enabling arbitrary scripts to run on pages loaded by users. ...

7.2CVSS6AI score0.00255EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/20 4:27 p.m.9 views

EUVD-2026-31126

The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csvdata0costofgoodsvalue' parameter in versions up to, and including, 1.2.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacke...

7.2CVSS6AI score0.00255EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/20 1:37 p.m.8 views

WordPress HT Contact Form 7 plugin <= 2.8.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin HT Contact Form 7 versions = 2.8.2...

7.1CVSS5.8AI score0.00175EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/20 1:15 p.m.10 views

WordPress Broadstreet plugin <= 1.52.2 - Authenticated (Subscriber+) Private Post Meta Disclosure vulnerability

Authenticated Subscriber+ Private Post Meta Disclosure vulnerability discovered by Tarcísio Luchesi De Almeida Silva Poystick in WordPress Plugin Broadstreet Ads versions = 1.52.2...

4.3CVSS5.8AI score0.00219EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/20 12:55 p.m.11 views

CVE-2026-42383 WordPress YITH WooCommerce Product Add-Ons plugin <= 4.29.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YITH YITH WooCommerce Product Add-Ons allows Blind SQL Injection. This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.29.0...

7.6CVSS5.8AI score0.00289EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/20 12:54 p.m.38 views

CVE-2026-24573 WordPress Visualizer plugin < 4.0.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeisle Visualizer allows Stored XSS. This issue affects Visualizer: from n/a before 4.0.0...

6.5CVSS0.00166EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/20 12:54 p.m.10 views

WordPress YITH WooCommerce Product Add-Ons plugin <= 4.29.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin YITH WooCommerce Product Add-Ons versions = 4.29.0...

7.6CVSS5.9AI score0.00289EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/20 12:16 p.m.12 views

CVE-2026-27405 WordPress WpBookingly plugin <= 1.2.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpBookingly: from n/a through 1.2.9...

6.5CVSS5.8AI score0.00307EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/20 12:16 p.m.38 views

CVE-2026-27405 WordPress WpBookingly plugin <= 1.2.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpBookingly: from n/a through 1.2.9...

6.5CVSS0.00307EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/20 12:14 p.m.9 views

WordPress WpBookingly plugin <= 1.2.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jitlada in WordPress Plugin WpBookingly versions = 1.2.9...

6.5CVSS5.8AI score0.00307EPSS
Exploits0Affected Software1
Rows per page
Query Builder