Lucene search
K

1136 matches found

Nuclei
Nuclei
added 11 hours ago63 views

WordPress Easy Pricing Tables <3.2.1 - Cross-Site Scripting

WordPress Easy Pricing Tables plugin before 3.2.1 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter before reflecting it back in a page available to any user both authenticated and unauthenticated when a specific setting is enabled. id:...

6.1CVSS6.4AI score0.01421EPSS
Exploits2References5
Nuclei
Nuclei
added 11 hours ago22 views

Responsive Pricing Table <= 5.1.12 - Cross-Site Scripting

The Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'planicons' parameter in all versions up to, and including, 5.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-lev...

6.4CVSS6.2AI score0.00598EPSS
Exploits0References3
Nuclei
Nuclei
added 11 hours ago30 views

WP Pricing Table - Reflected XSS

WP Pricing Table WordPress plugin = 1.1 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute scripts in the context of high privilege users, exploit requires attacker to craft malicious URL. id: CVE-2024-13628 info: name: WP Pricing Table -...

6.1CVSS7AI score0.00641EPSS
Exploits1References1
Nuclei
Nuclei
added 11 hours ago65 views

WordPress Pricing Deals for WooCommerce <=2.0.2.02 - SQL Injection

WordPress Pricing Deals for WooCommerce plugin through 2.0.2.02 contains a SQL injection vulnerability. The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or...

9.8CVSS7.1AI score0.07942EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday70 views

AP Pricing Tables Lite <= 1.1.6 - SQL Injection

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins. id: CVE-2023-0900 info: name: AP Pricing Tables Lite = 1.1.6 - SQL Injection author: r3Y3r53 severity: high description: ...

7.2CVSS7AI score0.03229EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday65 views

WordPress ARPrice <3.6.1 - SQL Injection

WordPress ARPrice plugin prior to 3.6.1 contains a SQL injection vulnerability. It fails to properly sanitize and escape user supplied POST data before being inserted in an SQL statement and executed via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or...

9.8CVSS7.2AI score0.13256EPSS
Exploits1References5
The Hacker News
The Hacker News
added 2 days ago8 views

Forg365 PhaaS Targets Microsoft 365 with Device Code and AitM Session Theft

A new phishing-as-a-service PhaaS operation called Forg365 is using a combination of device code phishing, adversary-in-the-middle AitM tactics, antibot evasion, artificial intelligence AI-assisted lure creation, and post-compromise mailbox operations targeting Microsoft 365 accounts. Distributed...

6.1AI score
Exploits0
NVD
NVD
added 2026/06/19 6:17 a.m.12 views

CVE-2026-9822

The WP Hotel Booking WordPress plugin before 2.3.1 does not enforce capability checks in several of its AJAX handlers, allowing authenticated users with Subscriber-level access to read other users' booking line items, enumerate active coupons, and read pricing data...

6.5CVSS0.00201EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 6:0 a.m.13 views

EUVD-2026-37994

The WP Hotel Booking WordPress plugin before 2.3.1 does not enforce capability checks in several of its AJAX handlers, allowing authenticated users with Subscriber-level access to read other users' booking line items, enumerate active coupons, and read pricing data...

5.8AI score0.00201EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 6:0 a.m.24 views

CVE-2026-9822

The CVE-2026-9822 entry concerns the WP Hotel Booking WordPress plugin prior to version 2.3.1. Root cause: missing capability checks in several AJAX handlers. Impact: authenticated users with Subscriber-level access can read other users’ booking line items, enumerate active coupons, and read pric...

6.5CVSS5.8AI score0.00201EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 6:0 a.m.34 views

CVE-2026-9822 WP Hotel Booking < 2.3.1 - Subscriber+ Missing Authorization in Multiple AJAX Handlers

The WP Hotel Booking WordPress plugin before 2.3.1 does not enforce capability checks in several of its AJAX handlers, allowing authenticated users with Subscriber-level access to read other users' booking line items, enumerate active coupons, and read pricing data...

0.00201EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/19 6:0 a.m.6 views

CVE-2026-9822

The WP Hotel Booking WordPress plugin before 2.3.1 does not enforce capability checks in several of its AJAX handlers, allowing authenticated users with Subscriber-level access to read other users' booking line items, enumerate active coupons, and read pricing data...

5.8AI score0.00201EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.22 views

PT-2026-50848

Name of the Vulnerable Software and Affected Versions WP Hotel Booking versions prior to 2.3.1 Description Several AJAX handlers do not enforce capability checks, which allows authenticated users with Subscriber-level access to read booking line items of other users, enumerate active coupons, and...

6.5CVSS5.9AI score0.00201EPSS
Exploits0References7
HackRead
HackRead
added 2026/06/17 10:52 a.m.25 views

ESET MDR vs Sophos MDR: Compared Time to discover and respond to a threat

A detailed ESET MDR vs Sophos MDR comparison covering tiers, response speed, coverage, threat intelligence, pricing, and breach warranties to help you choose...

5.3AI score
Exploits0
EUVD
EUVD
added 2026/06/13 5:36 p.m.16 views

EUVD-2026-36653

Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerability CWE-287 in the system configuration module. The /php/ajax-login.php endpoint returns userid=1 administrator in response to any HTTP POST request that supplie...

9.8CVSS5.7AI score0.00548EPSS
Exploits0References4
OSV
OSV
added 2026/06/05 8:33 p.m.8 views

GHSA-H4MP-G9C6-XWPH Shopper: Missing authorization on Product admin Livewire sub-form components

Impact Sub-form Livewire components used in the product editor Edit, Inventory, Seo, Shipping, Files had no authorization on their store method. Any authenticated panel user, regardless of role, could mutate any product's pricing, stock, SEO metadata, shipping dimensions, and attached media witho...

6.5CVSS5.6AI score0.00221EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/05 8:33 p.m.12 views

EUVD-2026-33408

Shopper: Missing authorization on Product admin Livewire sub-form components...

6.5CVSS5.4AI score0.00221EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.10 views

CVE-2026-37592

Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL in the file /storage/admin/maintenance/managepricing.php...

2.7CVSS5.6AI score0.00193EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.13 views

CVE-2026-1852

The Product Pricing Table by WooBeWoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the updateLabel and remove functions. This makes it possible for unauthenticated attackers to...

6.1CVSS5.5AI score0.00126EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.12 views

CVE-2026-9241

The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 1.4.6. This is due to the getvalue function in classes/fixed/fixeduserrole.php trusting the attacker-controlled...

4.3CVSS5.4AI score0.00213EPSS
Exploits0References1
Rows per page
Query Builder