Lucene search
K

20007 matches found

Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-57426 WordPress Modula - PRO plugin <= 2.10.8 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Modula - PRO = 2.10.8 versions...

7.1CVSS0.00191EPSS
Exploits0References1
CVE
CVE
added 6 days ago11 views

CVE-2026-57426

The provided data identifies an Unauthenticated Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Modula – PRO , versions ≤ 2.10.8. Affected component is the Modula – PRO plugin for WordPress. The entry does not specify the root cause, affected files/functions, or the exact payload...

7.1CVSS5.8AI score0.00191EPSS
Exploits0References1
NVD
NVD
added 6 days ago6 views

CVE-2026-9145

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Arbitrary File Copy via the createentryel function in versions up to, and including, 1.5.1. The function reads rawvalue from Elementor Pro's FormRecord object for upload-type fields and passes it...

6.5CVSS0.00372EPSS
Exploits0References5
NVD
NVD
added 6 days ago9 views

CVE-2026-8441

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'notinstring' parameter of the wprploadmorerevs AJAX action in versions up to, and including, 12.7.2. The parameter is read via $POST'notinstring' and passed through sanitizetextfield — which strips HTML and...

7.5CVSS0.00374EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-41274

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'notinstring' parameter of the wprploadmorerevs AJAX action in versions up to, and including, 12.7.2. The parameter is read via $POST'notinstring' and passed through sanitizetextfield — which strips HTML and...

7.5CVSS6AI score0.00374EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-41273

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Arbitrary File Copy via the createentryel function in versions up to, and including, 1.5.1. The function reads rawvalue from Elementor Pro's FormRecord object for upload-type fields and passes it...

6.5CVSS6AI score0.00372EPSS
Exploits0References5
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-9145 Database for Contact Form 7, WPforms, Elementor forms <= 1.5.1 - Unauthenticated Arbitrary File Copy/Upload via Elementor Pro Form Upload Field 'raw_value'

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Arbitrary File Copy via the createentryel function in versions up to, and including, 1.5.1. The function reads rawvalue from Elementor Pro's FormRecord object for upload-type fields and passes it...

6.5CVSS0.00372EPSS
Exploits0References5
CVE
CVE
added 6 days ago18 views

CVE-2026-9145

The CVE-2026-9145 entry describes an Arbitrary File Copy vulnerability in the Database for Contact Form 7, WPforms, and Elementor forms plugin for WordPress (≤ 1.5.1). The flaw is in the Contact Form Entries handler, which uses the raw_value from Elementor Pro’s Form_Record for upload-type fields...

6.5CVSS6AI score0.00372EPSS
Exploits0References5
Patchstack
Patchstack
added 6 days ago5 views

WordPress SportsPress Pro plugin <= 2.7.29 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by w41bu1 in WordPress Plugin SportsPress Pro versions = 2.7.29...

7.5CVSS5.8AI score0.00278EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago7 views

WordPress WP Review Slider Pro plugin <= 12.7.2 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by h0xilo in WordPress Plugin WP Review Slider Pro versions = 12.7.2...

7.5CVSS5.8AI score0.00374EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 6 days ago39 views

CVE-2026-10077 YOOtheme Pro < 5.0.35 - Author+ Stored XSS via UIkit Data Attributes

The yootheme WordPress theme before 5.0.35 does not prevent its bundled front-end framework from treating certain HTML attributes, which are permitted by wpksespost, as markup, allowing users with the Author role to perform Stored Cross-Site Scripting attacks that execute in the browser of any us...

0.00235EPSS
Exploits0References1
CVE
CVE
added 6 days ago17 views

CVE-2026-10077

The affected product is the YOOtheme WordPress theme (prior to 5.0.35). The issue arises in the bundled front-end framework that can treat certain HTML attributes, allowed by wp_kses_post(), as markup, enabling Stored XSS when a user with the Author role views a post. The root cause is improper h...

6.8CVSS5.8AI score0.00235EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-55037

Name of the Vulnerable Software and Affected Versions SportsPress Pro versions 2.7.29 and earlier Description A Local File Inclusion LFI issue exists where users with Contributor privileges can read local files on the server. Local File Inclusion is a vulnerability that allows an attacker to indu...

7.5CVSS5.9AI score0.00278EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-54951

Name of the Vulnerable Software and Affected Versions Database for Contact Form 7, WPforms, Elementor forms versions prior to 1.5.2 Description An arbitrary file copy issue exists in the create entry el function. The function retrieves the raw value from the Elementor Pro Form Record object for...

6.5CVSS6AI score0.00372EPSS
Exploits0References7
NVD
NVD
added 2026/07/01 8:16 a.m.7 views

CVE-2026-12224

The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via updatecapabilities REST Endpoint in all versions up to, and including, 5.0.4. This is due to the updatecapabilities REST handler accepting arbitrary capability strings from the request body and passing them directly to...

8.8CVSS0.00246EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 6:51 a.m.7 views

EUVD-2026-40928

The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via updatecapabilities REST Endpoint in all versions up to, and including, 5.0.4. This is due to the updatecapabilities REST handler accepting arbitrary capability strings from the request body and passing them directly to...

8.8CVSS5.7AI score0.00246EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 6:51 a.m.35 views

CVE-2026-12224 Dokan Pro <= 5.0.4 - Authenticated (Vendor+) Privilege Escalation via update_capabilities REST Endpoint

The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via updatecapabilities REST Endpoint in all versions up to, and including, 5.0.4. This is due to the updatecapabilities REST handler accepting arbitrary capability strings from the request body and passing them directly to...

8.8CVSS0.00246EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 6:51 a.m.17 views

CVE-2026-12224

The CVE-2026-12224 entry concerns the Dokan Pro plugin for WordPress. The vulnerability arises in the update_capabilities REST endpoint, which accepts arbitrary capability strings from the request body and passes them to WP_User::add_cap() without allowlist validation, with only the caller’s doka...

8.8CVSS5.7AI score0.00246EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 2:30 p.m.12 views

CVE-2026-48192

CVE-2026-48192 affects Mendix Studio Pro across multiple versions (10.x and 11.x) with a flaw where built project files are not properly validated/sanitized during the build pipeline. An attacker could trick a user into opening and running a specially crafted malicious project locally, potentiall...

6.8CVSS6.1AI score0.00193EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/30 9:17 a.m.7 views

WordPress EventON (Pro) - WordPress Virtual Event Calendar Plugin plugin <= 5.0.11 - WordPress Virtual Event Calendar Plugin <= 5.0.11 - Unauthenticated Blind SQL Injection vulnerability

WordPress EventON Pro - WordPress Virtual Event Calendar Plugin plugin = 5.0.11 - WordPress Virtual Event Calendar Plugin = 5.0.11 - Unauthenticated Blind SQL Injection vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin EventON versions = 5.0.11...

9.8CVSS5.8AI score0.00438EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder