Lucene search
K

3771 matches found

CVE
CVE
added 1 hour ago3 views

CVE-2026-9235

The DHL eCommerce Benelux for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check and missing nonce verification on the createlabel and deletelabel functions in versions up to, and including, 2.2.3. These functions are wir...

4.3CVSS
Exploits0References5
CVE
CVE
added 1 hour ago3 views

CVE-2026-14372

The Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteFiles function in all versions up to, and including, 3.1.1 This makes it possible for...

7.1CVSS
Exploits0References13
CVE
CVE
added 1 hour ago3 views

CVE-2026-4298

The DSGVO All in one for WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 4.9. This is due to the dsgvoresetpolicyservicefunc function lacking both capability checks and nonce verification while processing user-supplied parameters to reset plugin...

4.3CVSS
Exploits0References6
CVE
CVE
added 1 hour ago4 views

CVE-2026-9240

The Colissimo Officiel : Méthodes de livraison pour WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateShippingMethod function registered to the wpajaxlpcorderaffect AJAX action in versions up to, and including, 2.9.0...

4.3CVSS
Exploits0References5
CVE
CVE
added 3 hours ago5 views

CVE-2026-11359

The CVE-2026-11359 entry relates to the Memberships and User Profiles for WooCommerce – ProfileGrid WooCommerce Integration plugin for WordPress. Affected versions up to 3.4 are vulnerable due to missing capability checks and nonce validation in the pg_install_profilegrid() AJAX handler (wp_ajax_...

4.3CVSS5.9AI score
Exploits0References5
CVE
CVE
added 4 hours ago8 views

CVE-2026-8996

The CVE-2026-8996 entry describes a Sensitive Information Exposure in the WordPress plugin “Backup and Staging by WP Time Capsule” up to version 1.22.26. The flaw is exposed via download_recent_decrypted_file_wptc, enabling authenticated users with subscriber-level access (or higher) to obtain th...

6.5CVSS5.8AI score
Exploits0References8
ATTACKERKB
ATTACKERKB
added 6 hours ago3 views

CVE-2026-5523

The Divi Form Builder plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 5.1.8. This is due to the updateuser function accepting a user ID parameter from form submissions without verifying that the authenticated user has permission to edit that specific...

8.8CVSS5.9AI score
Exploits0References3
Nuclei
Nuclei
added yesterday16 views

WordPress CBX Bookmark & Favorite Plugin <= 2.0.4 - SQL Injection

CBX Bookmark & Favorite WordPress plugin = 2.0.4 contains a SQL injection caused by insufficient escaping of the 'orderby' parameter, letting authenticated attackers with Subscriber-level access extract sensitive database information id: CVE-2025-13652 info: name: WordPress CBX Bookmark & Favorit...

6.5CVSS6AI score0.01077EPSS
Exploits0References3
NVD
NVD
added 2 days ago8 views

CVE-2026-10834

The WP Travel Engine WordPress plugin before 6.8.1 does not properly validate the source of a user-supplied profile image path before moving the file, allowing authenticated users with subscriber-level access and above to relocate arbitrary files within the WordPress uploads directory into their...

0.0014EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-42010

The WP Travel Engine WordPress plugin before 6.8.1 does not properly validate the source of a user-supplied profile image path before moving the file, allowing authenticated users with subscriber-level access and above to relocate arbitrary files within the WordPress uploads directory into their...

6AI score0.0014EPSS
Exploits0References1
NVD
NVD
added 3 days ago8 views

CVE-2024-6228

The Notifications for Forms & WordPress Actions WordPress plugin before 2.6 does not validate a user-supplied value before using it to build a server-side file inclusion path, allowing authenticated users with subscriber-level access and above to include and execute arbitrary local PHP files on t...

7.5CVSS0.00318EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago35 views

CVE-2026-11766 Ultimate Member < 2.12.0 - Subscriber+ Stored XSS via Custom Textarea Profile Fields

The Ultimate Member WordPress plugin before 2.12.0 does not properly sanitise and escape the value of custom textarea profile fields before outputting it on user profiles, allowing authenticated users with Subscriber-level access and above to store JavaScript that executes when any user, includin...

0.00247EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago34 views

CVE-2024-6228 WANotifier < 2.6 - Subscriber+ LFI

The Notifications for Forms & WordPress Actions WordPress plugin before 2.6 does not validate a user-supplied value before using it to build a server-side file inclusion path, allowing authenticated users with subscriber-level access and above to include and execute arbitrary local PHP files on t...

0.00318EPSS
Exploits0References1
CVE
CVE
added 3 days ago8 views

CVE-2024-6228

The CVE-2024-6228 vulnerability affects the Notifications for Forms & WordPress Actions WordPress plugin (before version 2.6). It occurs because the plugin does not validate a user-supplied value when building a server-side file inclusion path, enabling authenticated users with subscriber-level a...

7.5CVSS6.2AI score0.00318EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago4 views

EUVD-2024-55649

The Notifications for Forms & WordPress Actions WordPress plugin before 2.6 does not validate a user-supplied value before using it to build a server-side file inclusion path, allowing authenticated users with subscriber-level access and above to include and execute arbitrary local PHP files on t...

7.5CVSS6.2AI score0.00318EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago3 views

CVE-2024-6228

The Notifications for Forms & WordPress Actions WordPress plugin before 2.6 does not validate a user-supplied value before using it to build a server-side file inclusion path, allowing authenticated users with subscriber-level access and above to include and execute arbitrary local PHP files on t...

7.5CVSS6.2AI score0.00318EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-11766

The Ultimate Member WordPress plugin before 2.12.0 does not properly sanitise and escape the value of custom textarea profile fields before outputting it on user profiles, allowing authenticated users with Subscriber-level access and above to store JavaScript that executes when any user, includin...

8CVSS6AI score0.00247EPSS
Exploits0References1
NVD
NVD
added 6 days ago6 views

CVE-2026-8489

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'aboutme' parameter in all versions up to, and including, 2.11.4 due to insufficient input sanitization and...

6.4CVSS0.00241EPSS
Exploits0References11
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-9626 JSON API User <= 4.1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'content' Parameter

The JSON API User plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'content' parameter of the postcomment API endpoint in versions up to, and including, 4.1.0 This is due to insufficient input sanitization in the postcomment function, which passes the attacker-controlled...

6.4CVSS0.00228EPSS
Exploits0References6
CVE
CVE
added 6 days ago20 views

CVE-2026-8489

The CVE-2026-8489 case involves the WordPress plugin Ultimate Member (User Profile, Registration, Login, etc.). Affected: all versions up to 2.11.4. Vulnerability: Stored Cross-Site Scripting via the about_me field in user profiles, caused by insufficient input sanitization and output escaping. I...

6.4CVSS5.9AI score0.00241EPSS
Exploits0References11
Rows per page
Query Builder