Lucene search
K

19502 matches found

Nuclei
Nuclei
added 10 hours ago78 views

DomainMOD 4.13.0 - Cross-Site Scripting

DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...

5.4CVSS6.1AI score0.01331EPSS
Exploits1References2
Nuclei
Nuclei
added 10 hours ago185 views

Sharp Multifunction Printers - Directory Listing

It was observed that Sharp printers are vulnerable to an arbitrary directory listing without authentication. Any attacker can list any directory located in the printer and recover any file. id: CVE-2024-33605 info: name: Sharp Multifunction Printers - Directory Listing author: gy741 severity: hig...

7.5CVSS7.1AI score0.06226EPSS
Exploits1References3
Nuclei
Nuclei
added 10 hours ago22 views

WordPress Product Slider Pro for WooCommerce < 3.5.4 - Supply Chain Backdoor RCE

Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4. id: CVE-2026-49777 info: name: WordPress Product Slider Pro f...

10CVSS6.1AI score0.01656EPSS
Exploits3References3
Nuclei
Nuclei
added 10 hours ago15 views

Oracle iPlanet Web Server 7.0.x - Image Injection

Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter to an admingui URI. This issue exists because of an incomplete fix for CVE-2012-0516. id: CVE-2020-9314 info: name: Oracle iPlanet Web Server 7.0.x - Image Injection author:...

7.5CVSS6.6AI score0.81814EPSS
Exploits0References3
Nuclei
Nuclei
added 10 hours ago20 views

WCAPF WooCommerce Ajax Product Filter - SQL Injection

WCAPF WooCommerce Ajax Product Filter = 4.2.3 contains a time-based SQL injection caused by insufficient escaping of the 'post-author' parameter, letting unauthenticated attackers extract sensitive database information remotely. id: CVE-2026-3396 info: name: WCAPF WooCommerce Ajax Product Filter ...

7.5CVSS6.1AI score0.01473EPSS
Exploits0References2
Nuclei
Nuclei
added 10 hours ago13 views

MyStyle Custom Product Designer <= 3.21.1 - SQL Injection

The MyStyle Custom Product Designer plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.21.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated...

9.3CVSS6.1AI score0.01308EPSS
Exploits0References1
Nuclei
Nuclei
added 10 hours ago34 views

Custom Product Tabs for WooCommerce < 1.7.8 - Unauthenticated Toggle Content Setting Update

YIKES Inc. Custom Product Tabs for WooCommerce plugin \u003C= 1.7.7 contains a broken access control caused by improper permission checks in &yikes-the-content-toggle option update, letting attackers modify content without authorization. id: CVE-2022-28666 info: name: Custom Product Tabs for...

5.3CVSS6.2AI score0.01226EPSS
Exploits1References1
Nuclei
Nuclei
added 10 hours ago19 views

WordPress Product Addons & Fields for WooCommerce < 32.0.7 - Cross-Site Scripting

The Product Addons & Fields for WooCommerce WordPress plugin before version 32.0.7 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape some URL parameters in the admin panel, which could allow attackers to execute arbitrary JavaScript code in ...

6.1CVSS7AI score0.00952EPSS
Exploits2References2
Nuclei
Nuclei
added 10 hours ago67 views

Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection

SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request. id: CVE-2018-6605 info: name: Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection author: DhiyaneshDk severity...

9.8CVSS7AI score0.58324EPSS
Exploits5References3
Nuclei
Nuclei
added 10 hours ago205 views

WordPress eCommerce Product Catalog <3.0.39 - Cross-Site Scripting

WordPress eCommerce Product Catalog plugin before 3.0.39 contains a cross-site scripting vulnerability. The plugin does not escape the ic-settings-search parameter before outputting it back in the page in an attribute. This can allow an attacker to steal cookie-based authentication credentials an...

6.1CVSS6.4AI score0.01555EPSS
Exploits1References4
NVD
NVD
added yesterday5 views

CVE-2026-57805

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Tonda tonda allows PHP Local File Inclusion.This issue affects Tonda: from n/a through = 2.5...

7.5CVSS0.00496EPSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-57422

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VillaTheme Bopo – WooCommerce Product Bundle Builder bopo-woo-product-bundle-builder allows Reflected XSS.This issue affects Bopo – WooCommerce Product Bundle Builder: from n/a through = 1.2.0...

7.1CVSS0.00251EPSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-57409

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows DOM-Based XSS.This issue affects Active Products Tables for WooCommerce: from n/a through = 1.1.0...

7.1CVSS0.00251EPSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-57377

Missing Authorization vulnerability in WPXPO WowAddons product-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WowAddons: from n/a through = 1.6.8...

6.5CVSS0.00332EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday21 views

CVE-2026-57422 WordPress Bopo – WooCommerce Product Bundle Builder plugin <= 1.2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VillaTheme Bopo – WooCommerce Product Bundle Builder bopo-woo-product-bundle-builder allows Reflected XSS.This issue affects Bopo – WooCommerce Product Bundle Builder: from n/a through = 1.2.0...

7.1CVSS0.00251EPSS
Exploits0References1
CVE
CVE
added yesterday10 views

CVE-2026-57422

CVE-2026-57422 concerns a Reflected Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Bopo – WooCommerce Product Bundle Builder (bopo-woo-product-bundle-builder). The issue arises from improper input neutralization during web page generation, allowing an attacker to inject script v...

7.1CVSS6.1AI score0.00251EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday19 views

CVE-2026-57390 WordPress Extra Product Options Builder for WooCommerce plugin <= 1.2.167 - Broken Access Control vulnerability

Missing Authorization vulnerability in EDGARROJAS Extra Product Options Builder for WooCommerce additional-product-fields-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Extra Product Options Builder for WooCommerce: from n/a through =...

6.5CVSS0.00332EPSS
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-57390

The CVE concerns the WordPress plugin “Extra Product Options Builder for WooCommerce” (also listed as additional-product-fields-for-woocommerce). A Missing Authorization/Broken Access Control vulnerability affects the plugin in versions up to and including 1.2.167, enabling exploitation due to in...

6.5CVSS6.1AI score0.00332EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday22 views

CVE-2026-57377 WordPress WowAddons plugin <= 1.6.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPXPO WowAddons product-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WowAddons: from n/a through = 1.6.8...

6.5CVSS0.00332EPSS
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-57377

CVE-2026-57377 describes a missing authorization vulnerability in the WordPress WowAddons plugin (product-addons) affecting versions up to 1.6.8. The underlying issue is broken access control, i.e., incorrectly configured access control security levels, which can allow unauthorized actions. The v...

6.5CVSS6.1AI score0.00332EPSS
Exploits0References1
Rows per page
Query Builder