Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Cvelist
Cvelistadded 2025/11/01 6:40 a.m.8 views

CVE-2025-11499 Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent <= 1.1.32 - Unauthenticated Arbitrary File Upload

The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the setfeaturedimagefromexternalurl function in all versions up to, and including, 1.1.32. This makes it possible f...

9.8CVSS0.0057EPSS
Exploits0References3
Cvelist
Cvelistadded 2024/10/26 1:58 a.m.18 views

CVE-2024-9626 Editorial Assistant by Sovrn <= 1.3.3 - Missing Authorization to Authenticated (Subscriber+) Attachment Upload and Set Post Featured Image

The Editorial Assistant by Sovrn plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxzemantasetfeaturedimage' function in versions up to, and including, 1.3.3. This makes it possible for authenticated attackers, with subscriber-lev...

4.3CVSS0.00133EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2024/10/26 1:58 a.m.8 views

CVE-2024-9626 Editorial Assistant by Sovrn <= 1.3.3 - Missing Authorization to Authenticated (Subscriber+) Attachment Upload and Set Post Featured Image

The Editorial Assistant by Sovrn plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxzemantasetfeaturedimage' function in versions up to, and including, 1.3.3. This makes it possible for authenticated attackers, with subscriber-lev...

4.3CVSS6.5AI score0.00133EPSS
Exploits0References2
OSV
OSVadded 2024/07/09 6:15 a.m.3 views

CVE-2024-5441

The Modern Events Calendar plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the setfeaturedimage function in all versions up to, and including, 7.11.0. This makes it possible for authenticated attackers, with subscriber access and above, to uploa...

8.8CVSS6.5AI score0.19691EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEVadded 2024/07/08 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-5441

The Modern Events Calendar plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the setfeaturedimage function in all versions up to, and including, 7.11.0. This makes it possible for authenticated attackers, with subscriber access and above, to...

8.8CVSS5.9AI score0.19691EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2023/06/09 12:0 a.m.4 views

PT-2023-21275 · WordPress · Draw Attention

Name of the Vulnerable Software and Affected Versions: Draw Attention plugin for WordPress versions up to, and including, 2.0.11 Description: The issue allows authenticated attackers with subscriber-level permissions and above to modify data by changing the featured image of arbitrary posts using...

4.3CVSS5.4AI score0.00132EPSS
Exploits0References6
Rows per page
Query Builder