Lucene search
K

13757 matches found

Nuclei
Nuclei
added 12 hours ago49 views

Social Buttons Pack by BestWebSof < 1.1.1 - Cross-Site Scripting

The social-buttons-pack plugin before 1.1.1 for WordPress has multiple XSS issues. id: CVE-2017-18500 info: name: Social Buttons Pack by BestWebSof 1.1.1 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The social-buttons-pack plugin before 1.1.1 for WordPress has...

6.1CVSS6.4AI score0.0141EPSS
Exploits1References4
Nuclei
Nuclei
added 12 hours ago66 views

Social Login by BestWebSoft < 0.2 - Cross-Site Scripting

The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues. id: CVE-2017-18501 info: name: Social Login by BestWebSoft 0.2 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues...

6.1CVSS6.4AI score0.0141EPSS
Exploits1References4
Nuclei
Nuclei
added 12 hours ago10 views

Social Auto Poster <= 5.3.14 - Stored Cross-Site Scripting

Social Auto Poster plugin for WordPress versions up to 5.3.14 contains a stored cross-site scripting caused by insufficient sanitization and escaping of 'mapTypes' parameter in the 'wpwautopostermapwordpressposttype' AJAX function, letting unauthenticated attackers inject and execute arbitrary...

7.2CVSS6.2AI score0.00829EPSS
Exploits0References3
Nuclei
Nuclei
added 12 hours ago18 views

Sassy Social Share <= 3.3.3 - Cross-Site Scripting

The Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'urls' parameter called via the 'heateorssssharingcount' AJAX action in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS6.2AI score0.1544EPSS
Exploits1References3
Nuclei
Nuclei
added 12 hours ago32 views

WordPress Widgets for Social Photo Feed <= 1.8 - Information Disclosure

Widgets for Social Photo Feed WordPress plugin = 1.8 contains a broken access control caused by missing capability checks on specific REST API endpoints, letting unauthenticated attackers access and modify plugin settings remotely. id: CVE-2025-14726 info: name: WordPress Widgets for Social Photo...

6.5CVSS6.1AI score0.0083EPSS
Exploits0References3
Nuclei
Nuclei
added 12 hours ago55 views

WordPress Easy Social Icons Plugin < 3.0.9 - Cross-Site Scripting

The Easy Social Icons plugin = 3.0.8 for WordPress echoes out the raw value of $SERVER'PHPSELF' in its main file. On certain configurations including Apache+modPHP this makes it possible to use it to perform a reflected cross-site scripting attack by injecting malicious code in the request path...

6.1CVSS6.4AI score0.0236EPSS
Exploits2References5
Nuclei
Nuclei
added 12 hours ago84 views

Pie Register < 3.7.1.6 - Unauthenticated Arbitrary Login

The Registration Forms User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or username...

8.1CVSS6.9AI score0.08377EPSS
Exploits3References3
Cvelist
Cvelist
added 14 hours ago12 views

CVE-2026-11563 Word Count and Social Shares <= 1.0 - Subscriber+ Arbitrary File Deletion via Path Traversal

The Word Count and Social Shares WordPress plugin through 1.0 does not validate a user-supplied file path before deletion, nor does it have proper authorization or CSRF checks, allowing any authenticated user, such as a Subscriber, to delete arbitrary files on the server, which can lead to a full...

Exploits0References1
Circl
Circl
added yesterday4 views

CVE-2026-58408

creationtimestamp| type| source ---|---|--- 2026-07-13 21:48:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqkoajc22s2k...

6.5CVSS6.1AI score
Exploits0References1
Circl
Circl
added yesterday5 views

CVE-2026-55771

creationtimestamp| type| source ---|---|--- 2026-07-13 21:01:04+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mqkllprtr22c 2026-07-13 22:25:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqkqcx5wqd2e...

8.8CVSS6.1AI score
Exploits0References2
Circl
Circl
added yesterday5 views

CVE-2026-57812

creationtimestamp| type| source ---|---|--- 2026-07-13 19:44:59+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqkhdomdzp2a 2026-07-14 02:30:32+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mql5yuredv2f...

6.5CVSS6.1AI score0.00332EPSS
Exploits0References2
Circl
Circl
added yesterday5 views

CVE-2026-59523

creationtimestamp| type| source ---|---|--- 2026-07-13 11:57:06+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqjn72rpzm2d 2026-07-13 12:45:58+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqjpwgtxo52e 2026-07-14 01:51:23+00:00| seen|...

6.5CVSS6.1AI score0.00266EPSS
Exploits0References3
Circl
Circl
added yesterday4 views

CVE-2026-57719

creationtimestamp| type| source ---|---|--- 2026-07-13 11:20:06+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqjl4ur7zb2b 2026-07-13 11:23:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqjlchorxn24 2026-07-13 11:29:15+00:00| seen|...

10CVSS6.1AI score0.00522EPSS
Exploits0References4
Circl
Circl
added yesterday5 views

CVE-2026-13014

creationtimestamp| type| source ---|---|--- 2026-07-13 11:08:04+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqjkhfcdhy2v 2026-07-13 18:49:30+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqkeahv4nr2e...

9.2CVSS6.1AI score0.00704EPSS
Exploits0References2
Circl
Circl
added yesterday4 views

CVE-2026-57382

creationtimestamp| type| source ---|---|--- 2026-07-13 10:59:54+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqjjyrrtyy2x...

7.1CVSS6.1AI score0.00251EPSS
Exploits0References1
Circl
Circl
added yesterday5 views

CVE-2026-57714

creationtimestamp| type| source ---|---|--- 2026-07-13 10:56:05+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqjjrvbgcs2g 2026-07-13 11:11:34+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqjknmwz7j2a 2026-07-13 11:20:04+00:00| seen|...

9.3CVSS6.1AI score0.004EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday112 views

Miniorange Social Login and Register <= 7.6.3 - Authentication Bypass

The WordPress Social Login and Register Discord, Google, Twitter, LinkedIn plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes...

9.8CVSS7.1AI score0.46242EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday45 views

2 Click Socialmedia Buttons < 0.34 - Cross-Site Scripting

A cross-site scripting vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter. id: CVE-2012-4273 info: name: 2 Click Socialmedia Buttons 0.34 - Cross-Site Scripti...

4.3CVSS6.2AI score0.0578EPSS
Exploits1References5
Circl
Circl
added yesterday6 views

CVE-2026-15525

creationtimestamp| type| source ---|---|--- 2026-07-13 03:27:16+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqiqpff55b2f 2026-07-13 03:50:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqirzi2wsg27 2026-07-13 21:03:53+00:00| seen|...

6.5CVSS6.6AI score0.00214EPSS
Exploits0References3
Circl
Circl
added yesterday6 views

CVE-2026-15520

creationtimestamp| type| source ---|---|--- 2026-07-13 02:27:47+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqinf24bau2a 2026-07-13 03:54:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqisa6y6cx2q...

5.3CVSS6.2AI score0.00136EPSS
Exploits0References2
Rows per page
Query Builder