Lucene search
K

225337 matches found

EUVD
EUVD
added 2026/05/20 1:25 a.m.10 views

EUVD-2026-31033

The Nexa Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Server-Side Request Forgery SSRF in versions up to and including 1.1.1. This is due to the importdemo function accepting a user-supplied URL in the demojsonfile POST parameter and...

5.4CVSS5.9AI score0.00316EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/20 1:25 a.m.37 views

CVE-2026-7467 Read More & Accordion <= 3.5.7 - Privilege Escalation via importData

The Read More & Accordion plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.7. This is due to the 'RadMoreAjax::importData' function not restricting which database tables can be written to during import and not properly validating the imported...

8.8CVSS0.00357EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/20 1:25 a.m.9 views

CVE-2026-6394 Nexa Blocks <= 1.1.1 - Unauthenticated Blind Server-Side Request Forgery via 'demo_json_file' Parameter

The Nexa Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Server-Side Request Forgery SSRF in versions up to and including 1.1.1. This is due to the importdemo function accepting a user-supplied URL in the demojsonfile POST parameter and...

5.4CVSS5.9AI score0.00316EPSS
Exploits0References7
CVE
CVE
added 2026/05/20 1:25 a.m.12 views

CVE-2026-7467

The Read More & Accordion plugin for WordPress (up to version 3.5.7) is vulnerable to privilege escalation due to RadMoreAjax::importData not restricting target tables and not validating data. Authenticated attackers with site-owner granted role permissions can insert rows into wp_users and wp_us...

8.8CVSS5.8AI score0.00357EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/20 1:25 a.m.10 views

CVE-2026-7467

The Read More & Accordion plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.7. This is due to the 'RadMoreAjax::importData' function not restricting which database tables can be written to during import and not properly validating the imported...

8.8CVSS5.8AI score0.00357EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/20 1:25 a.m.15 views

EUVD-2026-31030

The Read More & Accordion plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.7. This is due to the 'RadMoreAjax::importData' function not restricting which database tables can be written to during import and not properly validating the imported...

8.8CVSS5.8AI score0.00357EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/20 1:25 a.m.40 views

CVE-2026-6456 Account Switcher <= 1.0.2 - Authenticated (Subscriber+) Authentication Bypass to Privilege Escalation

The Account Switcher plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.2. This is due to the rememberLogin REST API endpoint using a loose comparison != instead of !== for secret validation at app/RestAPI.php:111, combined with no validation that...

8.8CVSS0.00385EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/20 1:25 a.m.42 views

CVE-2026-8420 BLOGCHAT Chat System <= 1.3.6.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Update

The BLOGCHAT Chat System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious...

6.1CVSS0.00174EPSS
Exploits0References9
EUVD
EUVD
added 2026/05/20 1:25 a.m.16 views

EUVD-2026-31031

The Sentence To SEO keywords, description and tags plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the createadminpage function. This makes it possible for unauthenticated attackers...

6.1CVSS5.7AI score0.00174EPSS
Exploits0References9
EUVD
EUVD
added 2026/05/20 1:25 a.m.15 views

EUVD-2026-31026

The Account Switcher plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.2. This is due to the rememberLogin REST API endpoint using a loose comparison != instead of !== for secret validation at app/RestAPI.php:111, combined with no validation that...

8.8CVSS5.8AI score0.00385EPSS
Exploits0References4
CVE
CVE
added 2026/05/20 1:25 a.m.20 views

CVE-2026-6456

The CVE-2026-6456 entry documents a Privilege Escalation in the WordPress Account Switcher plugin up to version 1.0.2. The root cause is the rememberLogin REST API endpoint using a loose comparison (!=) instead of strict (!==) for secret validation at app/RestAPI.php:111, plus validation that the...

8.8CVSS5.8AI score0.00385EPSS
Exploits0References4
CVE
CVE
added 2026/05/20 1:25 a.m.19 views

CVE-2026-6391

The WordPress plugin Sentence To SEO (keywords, description and tags)

6.1CVSS5.7AI score0.00174EPSS
Exploits0References9
EUVD
EUVD
added 2026/05/20 1:25 a.m.13 views

EUVD-2026-31028

The BLOGCHAT Chat System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious...

6.1CVSS5.7AI score0.00174EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/05/20 1:25 a.m.8 views

CVE-2026-6391 Sentence To SEO (keywords, description and tags) <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Page Parameters

The Sentence To SEO keywords, description and tags plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the createadminpage function. This makes it possible for unauthenticated attackers...

6.1CVSS5.7AI score0.00174EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/05/20 1:25 a.m.9 views

CVE-2026-6456 Account Switcher <= 1.0.2 - Authenticated (Subscriber+) Authentication Bypass to Privilege Escalation

The Account Switcher plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.2. This is due to the rememberLogin REST API endpoint using a loose comparison != instead of !== for secret validation at app/RestAPI.php:111, combined with no validation that...

8.8CVSS5.8AI score0.00385EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/20 1:25 a.m.13 views

CVE-2026-6391

The Sentence To SEO keywords, description and tags plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the createadminpage function. This makes it possible for unauthenticated attackers...

6.1CVSS5.7AI score0.00174EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/05/20 1:25 a.m.9 views

CVE-2026-8420

The BLOGCHAT Chat System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious...

6.1CVSS5.7AI score0.00174EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/05/20 1:25 a.m.7 views

CVE-2026-8420 BLOGCHAT Chat System <= 1.3.6.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Update

The BLOGCHAT Chat System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious...

6.1CVSS5.7AI score0.00174EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/05/20 1:25 a.m.36 views

CVE-2026-6391 Sentence To SEO (keywords, description and tags) <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Page Parameters

The Sentence To SEO keywords, description and tags plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the createadminpage function. This makes it possible for unauthenticated attackers...

6.1CVSS0.00174EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/05/20 1:25 a.m.6 views

CVE-2026-6456

The Account Switcher plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.2. This is due to the rememberLogin REST API endpoint using a loose comparison != instead of !== for secret validation at app/RestAPI.php:111, combined with no validation that...

8.8CVSS5.8AI score0.00385EPSS
Exploits0References5
Rows per page
Query Builder