Lucene search
+L

2845 matches found

nuclei
nuclei
added 9 hours ago25 views

Rating by BestWebSoft < 0.2 - Cross-Site Scripting

The rating-bws plugin before 0.2 for WordPress has multiple XSS issues. id: CVE-2017-18530 info: name: Rating by BestWebSoft 0.2 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The rating-bws plugin before 0.2 for WordPress has multiple XSS issues. impact: |...

6.1CVSS6.4AI score0.01384EPSS
Exploits1References4
nvd
nvd
added 3 days ago4 views

CVE-2026-57771

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Milan Petrovic GD Rating System gd-rating-system allows Blind SQL Injection.This issue affects GD Rating System: from n/a through = 3.7...

8.5CVSS0.00253EPSS
Exploits0References1
cvelist
cvelist
added 3 days ago29 views

CVE-2026-57771 WordPress GD Rating System plugin <= 3.7 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Milan Petrovic GD Rating System gd-rating-system allows Blind SQL Injection.This issue affects GD Rating System: from n/a through = 3.7...

8.5CVSS0.00253EPSS
Exploits0References1
cve
cve
added 3 days ago16 views

CVE-2026-57771

CVE-2026-57771 concerns the WordPress plugin for Milan Petrovic’s GD Rating System. Connected sources confirm the vulnerability as a SQL Injection flaw in the GD Rating System plugin, affecting versions up to 3.7 (&lt;=3.7). The root cause is improper neutralization of inputs used in SQL commands...

8.5CVSS6.1AI score0.00253EPSS
Exploits0References1
patchstack
patchstack
added 2026/07/02 12:6 p.m.6 views

WordPress GD Rating System plugin <= 3.7 - SQL Injection vulnerability

SQL Injection vulnerability discovered by VanTastic in WordPress Plugin GD Rating System versions = 3.7...

8.5CVSS6AI score0.00253EPSS
Exploits0Affected Software1
nvd
nvd
added 2026/06/30 6:16 a.m.12 views

CVE-2026-12560

The Editorial Rating – Product Review & Rating System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'Link URL' Field in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS0.0024EPSS
Exploits0References9
attackerkb
attackerkb
added 2026/06/30 4:30 a.m.7 views

CVE-2026-12560

The Editorial Rating – Product Review & Rating System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'Link URL' Field in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS5.9AI score0.0024EPSS
Exploits0References10
euvd
euvd
added 2026/06/30 4:30 a.m.9 views

EUVD-2026-40251

The Editorial Rating – Product Review & Rating System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'Link URL' Field in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS5.9AI score0.0024EPSS
Exploits0References9
cve
cve
added 2026/06/30 4:30 a.m.19 views

CVE-2026-12560

The Editorial Rating – Product Review & Rating System plugin for WordPress (versions up to 4.0.5) is vulnerable to Stored Cross-Site Scripting via the Link URL field due to insufficient input sanitization and output escaping. Authenticated attackers with administrator-level access can store a pay...

4.4CVSS5.9AI score0.0024EPSS
Exploits0References9
opensuse
opensuse
added 2026/06/30 12:0 a.m.5 views

Security update for distribution (important)

openSUSE security update: security update for distribution ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21084-1 Rating: important References: bsc1265429 bsc1265788 bsc1266049 bsc1266629 Cross-References: CVE-2026-33814 CVE-2026-39821 CVE-2026-398...

9.1CVSS6.5AI score0.00781EPSS
Exploits1References4
patchstack
patchstack
added 2026/06/29 4:17 p.m.6 views

WordPress Editorial Rating – Product Review & Rating System plugin <= 4.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Supoj Polsawas sp0x5ec in WordPress Plugin Editorial Rating – Product Review & Rating System versions = 4.0.5...

4.4CVSS5.8AI score0.0024EPSS
Exploits0References1Affected Software1
rocky
rocky
added 2026/06/25 12:3 p.m.9 views

kernel security, bug fix, and enhancement update

An update is available for kernel. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

9.8CVSS6.8AI score0.00459EPSS
Exploits11
cve
cve
added 2026/06/24 5:33 a.m.13 views

CVE-2026-9619

CVE-2026-9619 affects the Reviews and Rating – Docplanner WordPress plugin, vulnerable in all versions up to 1.1.4 due to insufficient authorization checks for an action (sync_reviews AJAX). This allows authenticated users with subscriber-level access and above to trigger outbound scraping, write...

4.3CVSS5.7AI score0.00307EPSS
Exploits0References6
cvelist
cvelist
added 2026/06/24 5:33 a.m.37 views

CVE-2026-9619 Reviews and Rating <= 1.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via sync_reviews AJAX Action

The Reviews and Rating – Docplanner plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS0.00307EPSS
Exploits0References6
patchstack
patchstack
added 2026/06/23 4:40 p.m.5 views

WordPress Reviews and Rating – Docplanner plugin <= 1.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Modification vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin Reviews and Rating – Docplanner versions = 1.1.4...

4.3CVSS5.8AI score0.00307EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2026/06/15 9:16 p.m.10 views

CVE-2026-42639

Unauthenticated SQL Injection in GD Rating System = 3.6.2 versions...

9.3CVSS0.00283EPSS
Exploits0References1
cve
cve
added 2026/06/15 8:18 p.m.13 views

CVE-2026-42639

CVE-2026-42639 concerns the WordPress plugin GD Rating System (versions

9.3CVSS5.7AI score0.00283EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/15 8:18 p.m.31 views

CVE-2026-42639 WordPress GD Rating System plugin <= 3.6.2 - SQL Injection vulnerability

Unauthenticated SQL Injection in GD Rating System = 3.6.2 versions...

9.3CVSS0.00283EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 8:18 p.m.8 views

CVE-2026-42639 WordPress GD Rating System plugin <= 3.6.2 - SQL Injection vulnerability

Unauthenticated SQL Injection in GD Rating System = 3.6.2 versions...

9.3CVSS5.7AI score0.00283EPSS
Exploits0References1
euvd
euvd
added 2026/06/15 8:18 p.m.9 views

EUVD-2026-36815

Unauthenticated SQL Injection in GD Rating System = 3.6.2 versions...

9.3CVSS5.7AI score0.00283EPSS
Exploits0References1
Rows per page
Query Builder