Lucene search
K

8 matches found

CVE
CVE
added 12 hours ago10 views

CVE-2026-12738

CVE-2026-12738 affects WP Easy Pay

4.3CVSS6.1AI score
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/11/13 11:7 a.m.4 views

CVE-2025-11454

The Specific Content For Mobile – Customize the mobile version without redirections plugin for WordPress is vulnerable to SQL Injection via the eosscfmduplicatepostasdraft function in all versions up to, and including, 0.5.5 due to insufficient escaping on the user supplied parameter and lack of...

6.5CVSS6.5AI score0.00312EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/12 11:5 a.m.3 views

EUVD-2025-124905

The Specific Content For Mobile – Customize the mobile version without redirections plugin for WordPress is vulnerable to SQL Injection via the eosscfmduplicatepostasdraft function in all versions up to, and including, 0.5.5 due to insufficient escaping on the user supplied parameter and lack of...

6.5CVSS6AI score0.00312EPSS
Exploits0References3
wpexploit
wpexploit
added 2024/03/07 12:0 a.m.173 views

Pz-LinkCard < 2.5.3 - Contributor+ SSRF

Description The plugin does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks. Setup a listener on a localhost/LAN host such as nc -l 127.0.0.1 9000, then as a contributor, put the followi...

9.4AI score0.00263EPSS
Exploits2References1
OSV
OSV
added 2024/02/29 1:43 a.m.4 views

CVE-2024-1318

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'feedzywizardstepprocess' and 'importstatus' functions in all versions up to, and...

6.5CVSS7.4AI score0.00518EPSS
Exploits0References4
wpexploit
wpexploit
added 2024/01/08 12:0 a.m.167 views

PageLayer < 1.8.0 - Author+ Stored XSS

Description The plugin doesn't prevent attackers with administrator privileges from inserting malicious JavaScript inside a post's header or footer code, even when unfilteredhtml is disallowed, such as in multi-site WordPress configurations. - As a user with Author+ capabilities, create a new pos...

4.8CVSS6.7AI score0.00377EPSS
Exploits2
wpexploit
wpexploit
added 2023/09/25 12:0 a.m.154 views

PageLayer < 1.7.8 - Author+ Stored XSS

Description The plugin doesn't prevent attackers with author privileges and higher from inserting malicious JavaScript inside a post's header or footer code. - As a user with Author+ capabilities, create a new post draft - Save it, then edit it using the PageLayer page builder - Navigate to the...

5.4CVSS5.6AI score0.00415EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2023/09/25 12:0 a.m.8 views

PageLayer < 1.7.8 - Author+ Stored XSS

Description The plugin doesn't prevent attackers with author privileges and higher from inserting malicious JavaScript inside a post's header or footer code. PoC - As a user with Author+ capabilities, create a new post draft - Save it, then edit it using the PageLayer page builder - Navigate to...

5.4CVSS5.6AI score0.00415EPSS
Exploits2Affected Software1
Rows per page
Query Builder