Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

232 matches found

NVD
NVDadded 2 days ago5 views

CVE-2026-12137

The SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 4.3.6 due to insufficient input sanitization and output escaping. Thi...

6.1CVSS0.00211EPSS
Exploits0References4
EUVD
EUVDadded 2 days ago5 views

EUVD-2026-37861

The SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 4.3.6 due to insufficient input sanitization and output escaping. Thi...

6.1CVSS5.5AI score0.00211EPSS
Exploits0References4
CVE
CVEadded 2 days ago10 views

CVE-2026-12137

The CVE concerns the WordPress plugin SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager. It is vulnerable to a Reflected Cross-Site Scripting (XSS) via the tab parameter in all versions up to and including 4.3.6, caused by insufficient input sanitization...

6.1CVSS5.5AI score0.00211EPSS
Exploits0References4
Cvelist
Cvelistadded 2 days ago21 views

CVE-2026-12137 SysBasics Customize My Account for WooCommerce <= 4.3.6 - Reflected Cross-Site Scripting via 'tab' Parameter

The SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 4.3.6 due to insufficient input sanitization and output escaping. Thi...

6.1CVSS0.00211EPSS
Exploits0References4
NVD
NVDadded 2 days ago7 views

CVE-2026-11360

The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 'sortdirection' parameter in all versions up to, and including, 4.0.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS0.00369EPSS
Exploits0References14
EUVD
EUVDadded 2 days ago7 views

EUVD-2026-37844

The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 'sortdirection' parameter in all versions up to, and including, 4.0.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS5.8AI score0.00369EPSS
Exploits0References14
Cvelist
Cvelistadded 2 days ago20 views

CVE-2026-11360 Advanced Order Export For WooCommerce <= 4.0.10 - Authenticated (Shop Manager+) SQL Injection via 'sort_direction' Parameter

The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 'sortdirection' parameter in all versions up to, and including, 4.0.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS0.00369EPSS
Exploits0References14
CVE
CVEadded 2 days ago11 views

CVE-2026-11360

The CVE-2026-11360 entry concerns the WordPress plugin Advanced Order Export For WooCommerce (WooCommerce), affected up to version 4.0.10. The vulnerability is a generic SQL Injection via the sort_direction parameter caused by insufficient escaping and inadequate SQL query preparation. Exploitati...

4.9CVSS5.9AI score0.00369EPSS
Exploits0References14
Patchstack
Patchstackadded 3 days ago5 views

WordPress Advanced Order Export For WooCommerce plugin <= 4.0.10 - Authenticated (Shop Manager+) SQL Injection vulnerability

Authenticated Shop Manager+ SQL Injection vulnerability discovered by Yaswanth Reddy Sunkara in WordPress Plugin Advanced Order Export For WooCommerce versions = 4.0.10...

4.9CVSS5.9AI score0.00369EPSS
Exploits0References1Affected Software1
EUVD
EUVDadded 5 days ago4 views

EUVD-2026-36946

Shop manager PHP Object Injection in Advanced Product Fields Product Addons for WooCommerce = 1.6.19 versions...

7.2CVSS5.3AI score0.00446EPSS
Exploits0References2
EUVD
EUVDadded 5 days ago4 views

EUVD-2026-36945

Shop manager PHP Object Injection in YayMail = 4.3.3 versions...

7.2CVSS5.3AI score0.00359EPSS
Exploits0References2
EUVD
EUVDadded 5 days ago7 views

EUVD-2026-36924

Shop manager PHP Object Injection in CTX Feed = 6.6.26 versions...

7.2CVSS5.3AI score0.00446EPSS
Exploits0References2
NVD
NVDadded 5 days ago4 views

CVE-2026-39498

Shop manager PHP Object Injection in YayMail = 4.3.3 versions...

7.2CVSS0.00359EPSS
Exploits0References1
NVD
NVDadded 5 days ago4 views

CVE-2026-39499

Shop manager PHP Object Injection in Advanced Product Fields Product Addons for WooCommerce = 1.6.19 versions...

7.2CVSS0.00446EPSS
Exploits0References1
NVD
NVDadded 5 days ago4 views

CVE-2026-39470

Shop manager Privilege Escalation in WooCommerce Cart Abandonment Recovery 2.1.0 versions...

7.2CVSS0.00382EPSS
Exploits0References1
NVD
NVDadded 5 days ago4 views

CVE-2026-39434

Shop manager PHP Object Injection in CTX Feed = 6.6.26 versions...

7.2CVSS0.00446EPSS
Exploits0References1
Cvelist
Cvelistadded 5 days ago22 views

CVE-2026-39498 WordPress YayMail plugin <= 4.3.3 - PHP Object Injection vulnerability

Shop manager PHP Object Injection in YayMail = 4.3.3 versions...

7.2CVSS0.00359EPSS
Exploits0References1
CVE
CVEadded 5 days ago5 views

CVE-2026-39470

CVE-2026-39470 affects the WordPress plugin WooCommerce Cart Abandonment Recovery, specifically versions earlier than 2.1.0. The issue is a Privilege Escalation that allows a shop manager to gain higher privileges. The reported impact is Confidentiality, Integrity, and Availability at high severi...

7.2CVSS5.2AI score0.00382EPSS
Exploits0References1
Cvelist
Cvelistadded 5 days ago23 views

CVE-2026-39434 WordPress CTX Feed plugin <= 6.6.26 - PHP Object Injection vulnerability

Shop manager PHP Object Injection in CTX Feed = 6.6.26 versions...

7.2CVSS0.00446EPSS
Exploits0References1
CVE
CVEadded 5 days ago12 views

CVE-2026-39434

CVE-2026-39434 affects WordPress CTX Feed plugin (WebAppick CTX Feed) versions

7.2CVSS5.3AI score0.00446EPSS
Exploits0References1
Rows per page
Query Builder