Lucene search
K

4 matches found

NVD
NVD
added 2026/06/10 8:16 a.m.17 views

CVE-2026-9019

The Easy Image Collage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'gridpropertiesborderColor' and 'gridimagesNattachmenturl' Parameters in all versions up to, and including, 1.13.6 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00195EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/10 6:48 a.m.9 views

EUVD-2026-35993

The Easy Image Collage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'gridpropertiesborderColor' and 'gridimagesNattachmenturl' Parameters in all versions up to, and including, 1.13.6 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.6AI score0.00195EPSS
Exploits0References6
CVE
CVE
added 2026/04/11 7:40 a.m.12 views

CVE-2026-5809

The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to 3.0.2. The flaw stems from topic_add() and topic_edit() accepting arbitrary user data in $_REQUEST and storing it as postmeta without restricting which fields may be arrays. Since data[body][fileurl] ...

7.1CVSS5.9AI score0.00499EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/01/07 6:36 a.m.2 views

CVE-2025-13371 Money Space <= 2.13.9 - Unauthenticated Sensitive Information Exposure

The MoneySpace plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.9. This is due to the plugin storing full payment card details PAN, card holder name, expiry month/year, and CVV in WordPress postmeta using base64encode, and then...

8.6CVSS5.8AI score0.00372EPSS
Exploits0References5
Rows per page
Query Builder