Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

20 matches found

EUVD
EUVDadded 2026/05/27 5:31 a.m.5 views

EUVD-2026-32060

The auto making JSON-LD plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the amJLcertification function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS5.7AI score0.00013EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/05/27 5:31 a.m.5 views

CVE-2026-8938

The auto making JSON-LD plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the amJLcertification function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS5.7AI score0.00013EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/05/27 5:31 a.m.3 views

CVE-2026-8938 auto making JSON-LD <= 4.5.3 - Cross-Site Request Forgery to Plugin Certification Settings via Nonce Validation Bypass

The auto making JSON-LD plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the amJLcertification function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS5.7AI score0.00013EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/05/27 12:0 a.m.6 views

PT-2026-43534

The auto making JSON-LD plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the amJL certification function. This makes it possible for unauthenticated attackers to update the plugin'...

4.3CVSS5.7AI score0.00013EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2022-33761

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.00488EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/05/23 3:44 a.m.4 views

CVE-2023-3076

The MStore API WordPress plugin before 3.9.9 does not prevent visitors from creating user accounts with the role of their choice via their wholesale REST API endpoint. This is only exploitable if the site owner paid to access the plugin's pro features...

9.8CVSS6.6AI score0.30393EPSS
Exploits2References1
OSV
OSVadded 2023/07/10 4:15 p.m.1 views

CVE-2023-3077

The MStore API WordPress plugin before 3.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, an...

9.8CVSS7.2AI score
Exploits0References1
NVD
NVDadded 2023/07/10 4:15 p.m.11 views

CVE-2023-3076

The MStore API WordPress plugin before 3.9.9 does not prevent visitors from creating user accounts with the role of their choice via their wholesale REST API endpoint. This is only exploitable if the site owner paid to access the plugin's pro features...

9.8CVSS9.4AI score0.30393EPSS
Exploits2References1
OSV
OSVadded 2023/07/10 4:15 p.m.1 views

CVE-2023-3076

The MStore API WordPress plugin before 3.9.9 does not prevent visitors from creating user accounts with the role of their choice via their wholesale REST API endpoint. This is only exploitable if the site owner paid to access the plugin's pro features...

9.8CVSS7.2AI score0.30393EPSS
Exploits2References1
Prion
Prionadded 2023/07/10 4:15 p.m.17 views

Code injection

The MStore API WordPress plugin before 3.9.9 does not prevent visitors from creating user accounts with the role of their choice via their wholesale REST API endpoint. This is only exploitable if the site owner paid to access the plugin's pro features...

7.5CVSS9.4AI score0.30393EPSS
Exploits2References1Affected Software1
Cvelist
Cvelistadded 2023/07/10 12:40 p.m.14 views

CVE-2023-3076 MStore API < 3.9.9 - Unauthenticated Privilege Escalation

The MStore API WordPress plugin before 3.9.9 does not prevent visitors from creating user accounts with the role of their choice via their wholesale REST API endpoint. This is only exploitable if the site owner paid to access the plugin's pro features...

9.6AI score0.30393EPSS
Exploits2References1
WPVulnDB
WPVulnDBadded 2023/06/19 12:0 a.m.16 views

MStore API < 3.9.9 - Unauthenticated Privilege Escalation

The plugin does not prevent visitors from creating user accounts with the role of their choice via their wholesale REST API endpoint. This is only exploitable if the site owner paid to access the plugin's pro features. PoC 1 Simulate the site has a valid Pro API key by running the following in WP...

9.8CVSS8.8AI score0.30393EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDBadded 2023/06/19 12:0 a.m.22 views

MStore API < 3.9.8 - Unauthenticated Blind SQLi

The plugin does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, and uses the woocommerce-appointment...

9.8CVSS9.8AI score0.68111EPSS
Exploits2Affected Software1
OSV
OSVadded 2022/05/06 6:15 p.m.1 views

CVE-2022-29423

Pro Features Lock Bypass vulnerability in Countdown & Clock plugin = 2.3.2 at WordPress...

9.8CVSS5.8AI score
Exploits0References2
NVD
NVDadded 2022/05/06 6:15 p.m.12 views

CVE-2022-29423

Pro Features Lock Bypass vulnerability in Countdown & Clock plugin = 2.3.2 at WordPress...

9.8CVSS0.00488EPSS
Exploits0References2
Cvelist
Cvelistadded 2022/05/06 5:40 p.m.11 views

CVE-2022-29423 WordPress Countdown & Clock plugin <= 2.3.2 - Pro Features Lock Bypass vulnerability

Pro Features Lock Bypass vulnerability in Countdown & Clock plugin = 2.3.2 at WordPress...

3.8CVSS9.6AI score0.00488EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2022/05/06 5:40 p.m.5 views

CVE-2022-29423 WordPress Countdown & Clock plugin <= 2.3.2 - Pro Features Lock Bypass vulnerability

Pro Features Lock Bypass vulnerability in Countdown & Clock plugin = 2.3.2 at WordPress...

3.8CVSS5.6AI score0.00488EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2022/05/06 12:0 a.m.2 views

PT-2022-19596 · WordPress · Countdown & Clock

Name of the Vulnerable Software and Affected Versions: Countdown & Clock plugin versions prior to 2.3.3 Description: A Pro Features Lock Bypass issue affects the Countdown & Clock plugin at WordPress. The issue allows bypassing of pro features locks. Recommendations: For versions prior to 2.3.3,...

9.8CVSS9.4AI score0.00488EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2022/04/28 12:59 p.m.1 views

CVE-2022-29423

Pro Features Lock Bypass vulnerability in Countdown & Clock plugin = 2.3.2 at WordPress...

9.8CVSS8.6AI score0.00488EPSS
Exploits0References3Affected Software1
exploitpack
exploitpackadded 2019/09/04 12:0 a.m.36 views

WordPress Plugin Download Manager 2.9.93 - Cross-Site Scripting

WordPress Plugin Download Manager 2.9.93 - Cross-Site Scripting Exploit Title: WordPress Download Manager Cross-site Scripting Discovery Date: 2019-04-13 Exploit Author: ThuraMoeMyint Author Link: https://twitter.com/mgthuramoemyint Vendor Homepage: https://www.wpdownloadmanager.com Software Link...

4.3CVSS6.1AI score0.04462EPSS
Exploits6
Rows per page
Query Builder