Lucene search
K

225336 matches found

EUVD
EUVD
added 2026/05/20 1:25 a.m.9 views

EUVD-2026-31036

The Oliver POS – A WooCommerce Point of Sale POS plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.4.2.6. The plugin protects its entire /wp-json/pos-bridge/ REST API namespace through the oliverposrestauthentication...

6.5CVSS5.7AI score0.00475EPSS
Exploits0References11
EUVD
EUVD
added 2026/05/20 1:25 a.m.10 views

EUVD-2026-31040

The General Options plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.1.0. This is due to the use of sanitizetextfield for output escaping in the Contact Number adcontactnumber field — a function that strips HTML tags but does not encode...

4.4CVSS6AI score0.0023EPSS
Exploits0References5
CVE
CVE
added 2026/05/20 1:25 a.m.11 views

CVE-2026-6399

The CVE concerns the WordPress General Options plugin (up to version 1.1.0). Root cause: the code uses sanitize_text_field() for output escaping in the ad_contact_number field, which strips HTML but does not encode double quotes, so when echoed inside a double-quoted HTML attribute (value="..."),...

4.4CVSS6AI score0.0023EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/20 1:25 a.m.12 views

EUVD-2026-31035

The Read More & Accordion plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 3.5.7. This is due to the use of escsql without surrounding the value in quotes in an ORDER BY clause inside the getAllDataByLimit and...

4.9CVSS6AI score0.00448EPSS
Exploits0References9
CVE
CVE
added 2026/05/20 1:25 a.m.14 views

CVE-2026-7472

The Read More & Accordion WordPress plugin (up to version 3.5.7) is vulnerable to time-based blind SQL injection via the 'orderby' parameter. The root cause is that the value from $_GET['orderby'] is passed through esc_attr() and then concatenated unquoted into an ORDER BY clause, where esc_sql()...

4.9CVSS6AI score0.00448EPSS
Exploits0References9
CVE
CVE
added 2026/05/20 1:25 a.m.21 views

CVE-2026-6072

The Oliver POS plugin for WordPress (WooCommerce integration) is affected up to version 2.4.2.6 by an Authorization Bypass in the /wp-json/pos-bridge/* API. The issue arises from a loose PHP comparison in oliver_pos_rest_authentication() that compares the attacker-supplied OliverAuth header to th...

6.5CVSS5.7AI score0.00475EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2026/05/20 1:25 a.m.9 views

CVE-2026-8419 Amazon Scraper <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Update

The Amazon Scraper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scrip...

4.3CVSS5.7AI score0.00191EPSS
Exploits0References9
EUVD
EUVD
added 2026/05/20 1:25 a.m.8 views

EUVD-2026-31037

The Amazon Scraper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scrip...

4.3CVSS5.7AI score0.00191EPSS
Exploits0References9
EUVD
EUVD
added 2026/05/20 1:25 a.m.10 views

EUVD-2026-31034

The 診断ジェネレータ作成プラグイン Diagnosis Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'js' parameter in versions up to and including 1.4.16. This is due to missing authorization checks and insufficient input sanitization in the themeFunc function. The function is hooke...

6.4CVSS6AI score0.00308EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/05/20 1:25 a.m.45 views

CVE-2026-8424 Remove Yellow BGBOX <= 1.0 - Cross-Site Request Forgery

The Remove Yellow BGBOX plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'rybbapisettings' page. This makes it possible for unauthenticated attackers to reset the plugin's stored...

4.3CVSS0.00158EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/20 1:25 a.m.8 views

CVE-2026-8424 Remove Yellow BGBOX <= 1.0 - Cross-Site Request Forgery

The Remove Yellow BGBOX plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'rybbapisettings' page. This makes it possible for unauthenticated attackers to reset the plugin's stored...

4.3CVSS5.7AI score0.00158EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/20 1:25 a.m.8 views

CVE-2026-5293 診断ジェネレータ作成プラグイン <= 1.4.16 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'js' Parameter

The 診断ジェネレータ作成プラグイン Diagnosis Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'js' parameter in versions up to and including 1.4.16. This is due to missing authorization checks and insufficient input sanitization in the themeFunc function. The function is hooke...

6.4CVSS6AI score0.00308EPSS
Exploits0References9
EUVD
EUVD
added 2026/05/20 1:25 a.m.10 views

EUVD-2026-31032

The Remove Yellow BGBOX plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'rybbapisettings' page. This makes it possible for unauthenticated attackers to reset the plugin's stored...

4.3CVSS5.7AI score0.00158EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/20 1:25 a.m.39 views

CVE-2026-5293 診断ジェネレータ作成プラグイン <= 1.4.16 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'js' Parameter

The 診断ジェネレータ作成プラグイン Diagnosis Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'js' parameter in versions up to and including 1.4.16. This is due to missing authorization checks and insufficient input sanitization in the themeFunc function. The function is hooke...

6.4CVSS0.00308EPSS
Exploits0References9
CVE
CVE
added 2026/05/20 1:25 a.m.18 views

CVE-2026-5293

The CVE concerns the WordPress plugin Diagnosis Generator (診断ジェネレータ作成プラグイン) up to version 1.4.16. It enables Stored Cross-Site Scripting via the js parameter due to missing authorization checks and insufficient input sanitization in themeFunc(), which runs on admin_init and processes theme update...

6.4CVSS6AI score0.00308EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/05/20 1:25 a.m.39 views

CVE-2026-8419 Amazon Scraper <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Update

The Amazon Scraper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scrip...

4.3CVSS0.00191EPSS
Exploits0References9
CVE
CVE
added 2026/05/20 1:25 a.m.17 views

CVE-2026-8424

CVE-2026-8424 concerns the WordPress plugin Remove Yellow BGBOX (versions

4.3CVSS5.7AI score0.00158EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/20 1:25 a.m.6 views

CVE-2026-5293

The 診断ジェネレータ作成プラグイン Diagnosis Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'js' parameter in versions up to and including 1.4.16. This is due to missing authorization checks and insufficient input sanitization in the themeFunc function. The function is hooke...

6.4CVSS6AI score0.00308EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/05/20 1:25 a.m.8 views

CVE-2026-8424

The Remove Yellow BGBOX plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'rybbapisettings' page. This makes it possible for unauthenticated attackers to reset the plugin's stored...

4.3CVSS5.7AI score0.00158EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/20 1:25 a.m.11 views

CVE-2026-6394

The Nexa Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Server-Side Request Forgery SSRF in versions up to and including 1.1.1. This is due to the importdemo function accepting a user-supplied URL in the demojsonfile POST parameter and...

5.4CVSS5.9AI score0.00316EPSS
Exploits0References8
Rows per page
Query Builder