Lucene search
K

27690 matches found

CVE
CVE
added 2026/07/02 11:15 a.m.11 views

CVE-2026-57680

CVE-2026-57680 affects the WordPress Kirki plugin versions

6.5CVSS5.8AI score0.00253EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:15 a.m.9 views

CVE-2026-57680

Unauthenticated Insecure Direct Object References IDOR in Kirki = 6.0.11 versions...

6.5CVSS5.8AI score0.00253EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 11:15 a.m.11 views

CVE-2026-57673

Technical details of CVE-2026-57673 are not publicly provided in the supplied documents. Monitor for updates from authoritative sources; the available entries indicate unauthenticated XSS in Optimole

7.1CVSS5.8AI score0.00191EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.33 views

CVE-2026-57669 WordPress Advanced Contact form 7 DB plugin <= 2.0.9 - Broken Access Control vulnerability

Subscriber Broken Access Control in Advanced Contact form 7 DB = 2.0.9 versions...

6.5CVSS0.0034EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/02 11:15 a.m.6 views

EUVD-2026-41279

Unauthenticated Cross Site Scripting XSS in Admin and Site Enhancements ASE Pro = 8.8.5 versions...

9.6CVSS5.8AI score0.00269EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.33 views

CVE-2026-57353 WordPress Link Whisper Premium plugin <= 2.9.0 - Broken Access Control vulnerability

Subscriber Broken Access Control in Link Whisper Premium = 2.9.0 versions...

6.5CVSS0.00299EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.33 views

CVE-2026-57352 WordPress ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce plugin <= 2.2.0 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce = 2.2.0 versions...

4.8CVSS0.0021EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:15 a.m.12 views

CVE-2026-57352

CVE-2026-57352 concerns the WordPress plugin ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce (

4.8CVSS5.8AI score0.0021EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.36 views

CVE-2026-57343 WordPress Real Estate 7 theme <= 3.5.9 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Real Estate 7 = 3.5.9 versions...

7.1CVSS0.00191EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.34 views

CVE-2026-42382 WordPress Audrey theme <= 1.5 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Audrey = 1.5 versions...

8.1CVSS0.00303EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:14 a.m.37 views

CVE-2026-27060 WordPress ARMember Premium plugin <= 7.0 - PHP Object Injection vulnerability

Contributor PHP Object Injection in ARMember Premium = 7.0 versions...

8.8CVSS0.00288EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:14 a.m.9 views

CVE-2025-69156

CVE-2025-69156 details unauthenticated Cross Site Scripting in the WordPress Kids Zone – Children WordPress Theme, affected Versions

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/02 11:14 a.m.6 views

EUVD-2025-210407

Unauthenticated Cross Site Scripting XSS in Fitness Zone WordPress Theme = 5.7 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:14 a.m.12 views

CVE-2025-69155

CVE-2025-69155 affects the Fitness Zone WordPress Theme up to version 5.7. It is described as an unauthenticated Cross Site Scripting (XSS) vulnerability in the theme, with CVSS v3.1 base score 7.1 (HIGH). Attack vector: NETWORK; Attack complexity: LOW; Privileges required: NONE; User interaction...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:14 a.m.31 views

CVE-2025-69153 WordPress Trendy Travel theme <= 6.7 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Trendy Travel = 6.7 versions...

7.1CVSS0.0018EPSS
Exploits0References1
NVD
NVD
added 2026/07/02 10:16 a.m.7 views

CVE-2026-14029

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'select' parameter in all versions up to, and including, 4.5.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS0.00441EPSS
Exploits0References10
NVD
NVD
added 2026/07/02 10:16 a.m.8 views

CVE-2026-13459

The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS0.00333EPSS
Exploits0References12
EUVD
EUVD
added 2026/07/02 8:42 a.m.7 views

EUVD-2026-41271

A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 included, 4.8.0 to 4.8.15 included , 5.0.0 to 5.0.5 included There is a possible leak of secret information if administration commands have been passed with the CLI command line tool. Someone with SSH access to the...

4.3CVSS5.8AI score0.00212EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 8:33 a.m.36 views

CVE-2026-10104 Product Video Gallery for Woocommerce <= 1.5.1.8 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via custom_thumbnail Parameter

The Product Video Gallery for Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via customthumbnail Parameter in all versions up to, and including, 1.5.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS0.00263EPSS
Exploits1References8
Patchstack
Patchstack
added 2026/07/02 7:11 a.m.9 views

WordPress Ninja Forms - File Uploads plugin <= 3.3.29 - Unauthenticated Arbitrary File Read vulnerability

WordPress Ninja Forms - File Uploads plugin = 3.3.29 - Unauthenticated Arbitrary File Read vulnerability discovered by daroo in WordPress Plugin Ninja Forms File Uploads Extension versions = 3.3.29...

7.5CVSS5.8AI score0.00522EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder