Lucene search
K

347 matches found

NVD
NVD
added 10 hours ago6 views

CVE-2026-12435

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.111. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS
Exploits0References8
Cvelist
Cvelist
added 11 hours ago6 views

CVE-2026-12435 Motors <= 1.4.111 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Modification via 'stm_mark_as_sold_car' Parameter

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.111. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS
Exploits0References8
CVE
CVE
added 11 hours ago8 views

CVE-2026-12435

The Motors – Car Dealership & Classified Listings Plugin for WordPress is affected up to version 1.4.111 by an authorization bypass. An authenticated user with subscriber-level access can mark or unmark another user’s car listing as Sold by replaying a valid nonce from their own listing against a...

4.3CVSS5.9AI score
Exploits0References8
EUVD
EUVD
added 11 hours ago6 views

EUVD-2026-40935

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.111. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS5.9AI score
Exploits0References8
Patchstack
Patchstack
added yesterday5 views

WordPress Motors – Car Dealership & Classified Listings Plugin plugin <= 1.4.111 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Post Meta Modification vulnerability discovered by Michael Perla vizen5 - clixhouse in WordPress Plugin Motors versions = 1.4.111...

4.3CVSS5.8AI score
Exploits0References1Affected Software1
NVD
NVD
added yesterday9 views

CVE-2026-12560

The Editorial Rating – Product Review & Rating System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'Link URL' Field in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS0.0024EPSS
Exploits0References9
EUVD
EUVD
added yesterday4 views

EUVD-2026-40251

The Editorial Rating – Product Review & Rating System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'Link URL' Field in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS5.9AI score0.0024EPSS
Exploits0References9
EUVD
EUVD
added 3 days ago9 views

EUVD-2026-39968

The Frontend File Manager Plugin plugin for WordPress is vulnerable to Authenticated Arbitrary File Deletion in versions up to and including 23.6. This is due to a case-sensitive bypass of the wpfmdirpath parameter sanitization in the wpfmfilemetaupdate AJAX handler, where supplying WPFMDIRPATH i...

8.1CVSS5.8AI score0.00417EPSS
Exploits0References4
CVE
CVE
added 4 days ago15 views

CVE-2026-8095

CVE-2026-8095 — The Frontend File Manager Plugin for WordPress (up to version 23.6) is vulnerable to Authenticated Arbitrary File Deletion. A case-sensitive bypass of the wpfm_dir_path parameter sanitization in the wpfm_file_meta_update AJAX handler allows an attacker to overwrite the stored file...

8.1CVSS5.8AI score0.00417EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-39955

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via panelsdata Parameter in all versions up to, and including, 2.34.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS6AI score0.00241EPSS
Exploits0References10
Cvelist
Cvelist
added 4 days ago38 views

CVE-2026-13335 CodePeople Post Map for Google Maps <= 1.2.6 - Authenticated (Contributor +) Stored Cross-Site Scripting via 'cpm_point' Post Meta

The CodePeople Post Map for Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'cpmpoint' Post Meta in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.0021EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-13335

The CodePeople Post Map for Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'cpmpoint' Post Meta in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.9AI score0.0021EPSS
Exploits0References9
Patchstack
Patchstack
added 2026/06/22 8:45 a.m.9 views

WordPress Motors Car Dealership & Classified Listings plugin < 1.4.110 - Unauthenticated Post-Meta Write via stm_ajax_add_a_car_media vulnerability

Unauthenticated Post-Meta Write via stmajaxaddacarmedia vulnerability discovered by Mustafa Ahmed in WordPress Plugin Motors versions 1.4.110...

5.3CVSS5.8AI score0.00117EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.9 views

CVE-2026-9019

The Easy Image Collage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'gridpropertiesborderColor' and 'gridimagesNattachmenturl' Parameters in all versions up to, and including, 1.13.6 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.6AI score0.00195EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 8:59 a.m.11 views

CVE-2026-8365

The Blocksy theme for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution via the 'blocksymeta' REST API field and the V200 database migration in versions up to and including 2.1.35. This is due to insufficient input sanitization in the blocksysanitizepostmetaoptions...

8.8CVSS5.8AI score0.00849EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 8:16 a.m.17 views

CVE-2026-9019

The Easy Image Collage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'gridpropertiesborderColor' and 'gridimagesNattachmenturl' Parameters in all versions up to, and including, 1.13.6 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00195EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/10 7:50 a.m.12 views

EUVD-2026-35995

The MW WP Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'memo' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above,...

4.4CVSS5.7AI score0.00201EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/10 7:50 a.m.36 views

CVE-2026-8853 MW WP Form <= 5.1.3 - Authenticated (Editor+) Stored Cross-Site Scripting via 'memo' Parameter

The MW WP Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'memo' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above,...

4.4CVSS0.00201EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/10 6:48 a.m.9 views

EUVD-2026-35993

The Easy Image Collage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'gridpropertiesborderColor' and 'gridimagesNattachmenturl' Parameters in all versions up to, and including, 1.13.6 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.6AI score0.00195EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.16 views

PT-2026-48393

The MW WP Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'memo' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above,...

4.4CVSS5.7AI score0.00201EPSS
Exploits0References7
Rows per page
Query Builder