Lucene search
K

225321 matches found

Cvelist
Cvelist
added 2026/05/20 6:0 a.m.40 views

CVE-2026-5776 Email Encoder < 2.4.7 - Unauthenticated Stored XSS

The Email Encoder WordPress plugin before 2.4.7 does not escape email addresses retrieved via user input, allowing unauthenticated attackers to perform Stored XSS attacks...

0.00213EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/20 6:0 a.m.5 views

CVE-2026-5776

The Email Encoder WordPress plugin before 2.4.7 does not escape email addresses retrieved via user input, allowing unauthenticated attackers to perform Stored XSS attacks...

5.8AI score0.00213EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/20 6:0 a.m.12 views

EUVD-2026-31068

The Email Encoder WordPress plugin before 2.4.7 does not escape email addresses retrieved via user input, allowing unauthenticated attackers to perform Stored XSS attacks...

6.1CVSS5.8AI score0.00213EPSS
Exploits0References1
CVE
CVE
added 2026/05/20 6:0 a.m.24 views

CVE-2026-5776

The CVE concerns the Email Encoder WordPress plugin prior to version 2.4.7. The root cause is failure to escape email addresses retrieved from user input, enabling unauthenticated stored XSS when affected data is rendered. Affected product: Email Encoder plugin for WordPress; vulnerable component...

6.1CVSS5.8AI score0.00213EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/20 6:0 a.m.8 views

CVE-2026-5776 Email Encoder < 2.4.7 - Unauthenticated Stored XSS

The Email Encoder WordPress plugin before 2.4.7 does not escape email addresses retrieved via user input, allowing unauthenticated attackers to perform Stored XSS attacks...

5.8AI score0.00213EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/20 5:31 a.m.6 views

CVE-2026-2955

The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' header in versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

6.4CVSS6AI score0.00223EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/20 5:31 a.m.10 views

CVE-2026-2955 AI Chatbot & Workflow Automation by AIWU <= 1.4.14 - Unauthenticated Stored Cross-Site Scripting via 'X-Forwarded-For' Header

The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' header in versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

6.4CVSS6AI score0.00223EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/20 5:31 a.m.11 views

EUVD-2026-31064

The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' header in versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

6.4CVSS6AI score0.00223EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/20 5:31 a.m.40 views

CVE-2026-2955 AI Chatbot & Workflow Automation by AIWU <= 1.4.14 - Unauthenticated Stored Cross-Site Scripting via 'X-Forwarded-For' Header

The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' header in versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

6.4CVSS0.00223EPSS
Exploits0References2
CVE
CVE
added 2026/05/20 5:31 a.m.22 views

CVE-2026-2955

CVE-2026-2955 affects the WordPress plugin “AI Chatbot & Workflow Automation by AIWU” up to version 1.4.14. The issue is a Stored Cross-Site Scripting (XSS) vulnerability that can be triggered via the X-Forwarded-For header due to insufficient input sanitization and output escaping. It is exploit...

6.4CVSS6AI score0.00223EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/20 5:31 a.m.6 views

CVE-2026-6566

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 4.2.0. This is due to insufficient object-level authorization in the image deletion REST flow where the permission callback for...

4.3CVSS5.7AI score0.00264EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/20 5:31 a.m.13 views

CVE-2026-6566 Photo Gallery, Sliders, Proofing and Themes <= 4.2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Image Deletion via REST API

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 4.2.0. This is due to insufficient object-level authorization in the image deletion REST flow where the permission callback for...

4.3CVSS5.7AI score0.00264EPSS
Exploits0References2
NVD
NVD
added 2026/05/20 5:16 a.m.16 views

CVE-2026-7522

The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.1.0 via the 'template' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .ph...

8.8CVSS0.00755EPSS
Exploits0References3
NVD
NVD
added 2026/05/20 5:16 a.m.38 views

CVE-2026-5075

The All in One SEO plugin for WordPress is vulnerable to Sensitive Information Exposure via 'internalOptions' localized script data in versions up to, and including, 4.9.7 due to sensitive internal option data being passed to wplocalizescript in post editor contexts without effective masking for...

4.3CVSS0.00285EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/20 4:27 a.m.10 views

EUVD-2026-31062

The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.1.0 via the 'template' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .ph...

8.8CVSS6.4AI score0.00755EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/20 4:27 a.m.44 views

CVE-2026-7522 Advanced Database Cleaner – Premium <= 4.1.0 - Authenticated (Subscriber+) Local File Inclusion via 'template'

The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.1.0 via the 'template' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .ph...

8.8CVSS0.00755EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/20 4:27 a.m.10 views

CVE-2026-7522

The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.1.0 via the 'template' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .ph...

8.8CVSS6.4AI score0.00755EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/20 4:27 a.m.9 views

CVE-2026-7522 Advanced Database Cleaner – Premium <= 4.1.0 - Authenticated (Subscriber+) Local File Inclusion via 'template'

The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.1.0 via the 'template' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .ph...

8.8CVSS6.4AI score0.00755EPSS
Exploits0References3
CVE
CVE
added 2026/05/20 4:27 a.m.29 views

CVE-2026-7522

The CVE-2026-7522 issue affects the WordPress plugin The Advanced Database Cleaner – Premium, vulnerable in versions up to 4.1.0. The root cause is Local File Inclusion via the template parameter, allowing authenticated users with Subscriber-level access and above to include and execute arbitrary...

8.8CVSS6.4AI score0.00755EPSS
Exploits0References3
NVD
NVD
added 2026/05/20 4:16 a.m.13 views

CVE-2026-9010

The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'currenturl' and 'username' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes i...

7.5CVSS0.00366EPSS
Exploits0References2
Rows per page
Query Builder