Lucene search
K

225323 matches found

CVE
CVE
added 2026/05/20 4:27 a.m.29 views

CVE-2026-7522

The CVE-2026-7522 issue affects the WordPress plugin The Advanced Database Cleaner – Premium, vulnerable in versions up to 4.1.0. The root cause is Local File Inclusion via the template parameter, allowing authenticated users with Subscriber-level access and above to include and execute arbitrary...

8.8CVSS6.4AI score0.00755EPSS
Exploits0References3
NVD
NVD
added 2026/05/20 4:16 a.m.13 views

CVE-2026-9010

The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'currenturl' and 'username' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes i...

7.5CVSS0.00366EPSS
Exploits0References2
NVD
NVD
added 2026/05/20 4:16 a.m.17 views

CVE-2026-7637

The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of untrusted input in the STYXKEY-BOOSTUSERLOCATION cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present i...

9.8CVSS0.00573EPSS
Exploits0References2
NVD
NVD
added 2026/05/20 4:16 a.m.13 views

CVE-2025-15369

The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getcontenteditor function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to create...

5.3CVSS0.00248EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/20 3:28 a.m.12 views

CVE-2026-5075

The All in One SEO plugin for WordPress is vulnerable to Sensitive Information Exposure via 'internalOptions' localized script data in versions up to, and including, 4.9.7 due to sensitive internal option data being passed to wplocalizescript in post editor contexts without effective masking for...

4.3CVSS5.8AI score0.00285EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/20 3:28 a.m.26 views

CVE-2026-5075 All in One SEO <= 4.9.7 - Authenticated (Contributor+) Sensitive Information Exposure via 'internalOptions' Localized Script Data

The All in One SEO plugin for WordPress is vulnerable to Sensitive Information Exposure via 'internalOptions' localized script data in versions up to, and including, 4.9.7 due to sensitive internal option data being passed to wplocalizescript in post editor contexts without effective masking for...

4.3CVSS5.8AI score0.00285EPSS
Exploits0References2
CVE
CVE
added 2026/05/20 3:28 a.m.24 views

CVE-2026-5075

The CVE-2026-5075 affects the WordPress plugin All in One SEO Pack (All in One SEO) up to version 4.9.7. The vulnerability is a Sensitive Information Exposure due to internalOptions data being passed to wp_localize_script() in post editor contexts without effective masking. This allows authentica...

4.3CVSS5.8AI score0.00285EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/20 2:27 a.m.40 views

CVE-2025-15369 Xpro Addons — 140+ Widgets for Elementor <= 1.5.0 - Missing Authorization to Unauthenticated Xpro Template Creation

The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getcontenteditor function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to create...

5.3CVSS0.00248EPSS
Exploits0References2
CVE
CVE
added 2026/05/20 2:27 a.m.25 views

CVE-2026-7637

The CVE-2026-7637 entry concerns the Boost plugin for WordPress (versions up to and including 2.0.3). The vulnerability is a PHP Object Injection via deserialization of untrusted input in the STYXKEY-BOOST_USER_LOCATION cookie. It requires no authenticated privileges and no user interaction. The ...

9.8CVSS6.1AI score0.00573EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/20 2:27 a.m.44 views

CVE-2026-7637 Boost <= 2.0.3 - Unauthenticated PHP Object Injection via STYXKEY-BOOST_USER_LOCATION Cookie

The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of untrusted input in the STYXKEY-BOOSTUSERLOCATION cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present i...

9.8CVSS0.00573EPSS
Exploits0References2
CVE
CVE
added 2026/05/20 2:27 a.m.18 views

CVE-2025-15369

CVE-2025-15369 affects the WordPress plugin Xpro Addons — 140+ Widgets for Elementor. All versions up to and including 1.5.0 are vulnerable due to a missing capability check in the get_content_editor function, enabling unauthenticated attackers to modify data and create published Xpro templates. ...

5.3CVSS5.8AI score0.00248EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/20 2:27 a.m.8 views

EUVD-2026-31045

The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of untrusted input in the STYXKEY-BOOSTUSERLOCATION cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present i...

9.8CVSS6.1AI score0.00573EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/20 2:27 a.m.6 views

CVE-2026-9010

The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'currenturl' and 'username' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes i...

7.5CVSS5.9AI score0.00366EPSS
Exploits0References3
CVE
CVE
added 2026/05/20 2:27 a.m.17 views

CVE-2026-9010

The CVE concerns the Boost plugin for WordPress, affected through time-based SQL Injection in the plugin’s handling of the current_url and user_name parameters. Vulnerable in versions up to and including 2.0.3 due to insufficient escaping of user-supplied inputs and inadequate preparation of exis...

7.5CVSS5.9AI score0.00366EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/20 2:27 a.m.11 views

EUVD-2026-31044

The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'currenturl' and 'username' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes i...

7.5CVSS5.9AI score0.00366EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/20 2:27 a.m.42 views

CVE-2026-9010 Boost <= 2.0.3 - Unauthenticated Blind SQL Injection via Multiple Parameters

The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'currenturl' and 'username' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes i...

7.5CVSS0.00366EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/20 2:27 a.m.8 views

CVE-2026-9010 Boost <= 2.0.3 - Unauthenticated Blind SQL Injection via Multiple Parameters

The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'currenturl' and 'username' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes i...

7.5CVSS5.9AI score0.00366EPSS
Exploits0References2
NVD
NVD
added 2026/05/20 2:16 a.m.25 views

CVE-2026-8424

The Remove Yellow BGBOX plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'rybbapisettings' page. This makes it possible for unauthenticated attackers to reset the plugin's stored...

4.3CVSS0.00158EPSS
Exploits0References5
NVD
NVD
added 2026/05/20 2:16 a.m.16 views

CVE-2026-8420

The BLOGCHAT Chat System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious...

6.1CVSS0.00174EPSS
Exploits0References9
NVD
NVD
added 2026/05/20 2:16 a.m.17 views

CVE-2026-8610

The TypeSquare Webfonts for ConoHa plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS0.00294EPSS
Exploits0References4
Rows per page
Query Builder