Lucene search
K

225336 matches found

EUVD
EUVD
added 2026/05/20 1:25 a.m.12 views

EUVD-2026-31042

The Logo Manager For Enamad plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' attribute of the vcenamadnamad, vcenamadshamed, and vcenamadcustom shortcodes in all versions up to, and including, 0.7.4 due to insufficient input sanitization and output escaping on use...

6.4CVSS6AI score0.00245EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/20 1:25 a.m.12 views

EUVD-2026-31041

The Word 2 Cash plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Stored Cross-Site Scripting in versions up to and including 0.9.2. This is due to the complete absence of nonce verification on the settings save handler in the w2cadmin function, combined with missing inp...

6.1CVSS6AI score0.00153EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/20 1:25 a.m.4 views

CVE-2026-6549

The Logo Manager For Enamad plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' attribute of the vcenamadnamad, vcenamadshamed, and vcenamadcustom shortcodes in all versions up to, and including, 0.7.4 due to insufficient input sanitization and output escaping on use...

6.4CVSS6AI score0.00245EPSS
Exploits0References5
CVE
CVE
added 2026/05/20 1:25 a.m.21 views

CVE-2026-6549

Technical details about CVE-2026-6549 are not publicly available in the provided documents; monitor for updates.

6.4CVSS6AI score0.00245EPSS
Exploits0References4
CVE
CVE
added 2026/05/20 1:25 a.m.14 views

CVE-2026-8038

The CVE concerns the WordPress plugin Faces of Users, vulnerable to Stored Cross-Site Scripting via the default shortcode attribute in the facesofusers shortcode, affecting all versions up to 0.0.3. Root cause: insufficient input sanitization and output escaping. Exploitation requires authenticat...

6.4CVSS6AI score0.00246EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/20 1:25 a.m.39 views

CVE-2026-6400 Child Height Predictor by Ostheimer <= 1.3 - Cross-Site Request Forgery to Settings Update via Plugin Settings Form

The Child Height Predictor by Ostheimer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.3. This is due to missing nonce verification in the options function, which handles plugin settings updates. The form template does not include a...

4.3CVSS0.00163EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/20 1:25 a.m.39 views

CVE-2026-6401 Bottom Bar <= 0.1.7 - Cross-Site Request Forgery to Settings Update

The Bottom Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 0.1.7. This is due to missing nonce verification on the plugin's settings update forms handled in bottom-bar-admin.php. None of the three settings forms main settings, sharing...

4.3CVSS0.00187EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/20 1:25 a.m.11 views

EUVD-2026-31038

The Child Height Predictor by Ostheimer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.3. This is due to missing nonce verification in the options function, which handles plugin settings updates. The form template does not include a...

4.3CVSS5.7AI score0.00163EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/20 1:25 a.m.14 views

CVE-2026-6400

The Child Height Predictor by Ostheimer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.3. This is due to missing nonce verification in the options function, which handles plugin settings updates. The form template does not include a...

4.3CVSS5.7AI score0.00163EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/20 1:25 a.m.10 views

CVE-2026-6401 Bottom Bar <= 0.1.7 - Cross-Site Request Forgery to Settings Update

The Bottom Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 0.1.7. This is due to missing nonce verification on the plugin's settings update forms handled in bottom-bar-admin.php. None of the three settings forms main settings, sharing...

4.3CVSS5.9AI score0.00187EPSS
Exploits0References5
CVE
CVE
added 2026/05/20 1:25 a.m.19 views

CVE-2026-6401

The Bottom Bar plugin for WordPress (versions

4.3CVSS5.9AI score0.00187EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/20 1:25 a.m.12 views

EUVD-2026-31039

The Bottom Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 0.1.7. This is due to missing nonce verification on the plugin's settings update forms handled in bottom-bar-admin.php. None of the three settings forms main settings, sharing...

4.3CVSS5.9AI score0.00187EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/20 1:25 a.m.6 views

CVE-2026-6401

The Bottom Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 0.1.7. This is due to missing nonce verification on the plugin's settings update forms handled in bottom-bar-admin.php. None of the three settings forms main settings, sharing...

4.3CVSS5.9AI score0.00187EPSS
Exploits0References6
CVE
CVE
added 2026/05/20 1:25 a.m.18 views

CVE-2026-6400

The CVE-2026-6400 entry concerns the WordPress plugin “Child Height Predictor by Ostheimer” (versions

4.3CVSS5.7AI score0.00163EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/20 1:25 a.m.8 views

CVE-2026-6400 Child Height Predictor by Ostheimer <= 1.3 - Cross-Site Request Forgery to Settings Update via Plugin Settings Form

The Child Height Predictor by Ostheimer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.3. This is due to missing nonce verification in the options function, which handles plugin settings updates. The form template does not include a...

4.3CVSS5.7AI score0.00163EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/20 1:25 a.m.33 views

CVE-2026-6399 General Options <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'ad_contact_number' Parameter

The General Options plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.1.0. This is due to the use of sanitizetextfield for output escaping in the Contact Number adcontactnumber field — a function that strips HTML tags but does not encode...

4.4CVSS0.0023EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/20 1:25 a.m.9 views

CVE-2026-6399 General Options <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'ad_contact_number' Parameter

The General Options plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.1.0. This is due to the use of sanitizetextfield for output escaping in the Contact Number adcontactnumber field — a function that strips HTML tags but does not encode...

4.4CVSS6AI score0.0023EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/20 1:25 a.m.12 views

CVE-2026-7472

The Read More & Accordion plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 3.5.7. This is due to the use of escsql without surrounding the value in quotes in an ORDER BY clause inside the getAllDataByLimit and...

4.9CVSS6AI score0.00448EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/05/20 1:25 a.m.7 views

CVE-2026-7472 Read More & Accordion <= 3.5.7 - Authenticated (Administrator+) SQL Injection via 'orderby' Parameter

The Read More & Accordion plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 3.5.7. This is due to the use of escsql without surrounding the value in quotes in an ORDER BY clause inside the getAllDataByLimit and...

4.9CVSS6AI score0.00448EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/05/20 1:25 a.m.10 views

CVE-2026-6072 Oliver POS <= 2.4.2.6 - Unauthenticated Authorization Bypass Through User-Controlled Key to 'OliverAuth' Header

The Oliver POS – A WooCommerce Point of Sale POS plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.4.2.6. The plugin protects its entire /wp-json/pos-bridge/ REST API namespace through the oliverposrestauthentication...

6.5CVSS5.7AI score0.00475EPSS
Exploits0References11
Rows per page
Query Builder