Lucene search
K

23 matches found

ATTACKERKB
ATTACKERKB
added 5 days ago50 views

CVE-2026-57031

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine PFE of Juniper Networks Junos OS on MX Series allows adjacent subscribers to bypass configured firewall filters. On MX Series devices with MPC10/11, LC4800/9600, and MX304 with subscribers...

5.3CVSS6AI score0.00238EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/29 1:36 p.m.33 views

CVE-2026-57335 WordPress Ads by WPQuads plugin <= 3.0.3 - Broken Access Control vulnerability

Subscriber Broken Access Control in Ads by WPQuads = 3.0.3 versions...

6.5CVSS0.00229EPSS
Exploits0References1
CVE
CVE
added 2026/06/29 1:36 p.m.13 views

CVE-2026-57328

CVE-2026-57328 is a Subscriber XSS vulnerability in the WordPress Business Directory plugin, affecting versions

6.5CVSS5.8AI score0.00211EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:53 p.m.9 views

CVE-2026-57646

CVE-2026-57646 affects the WordPress Majestic Support plugin (versions

5.4CVSS5.8AI score0.00181EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.12 views

CVE-2026-56064

CVE-2026-56064 describes a Subscriber SQL Injection in the WordPress Tourfic plugin versions ≤ 2.22.5. The connected sources confirm the vulnerability type and affected product; no concrete exploit path, mitigation, or fixed version is provided in the supplied documents. CVSSv3.1 metrics show a b...

8.5CVSS5.8AI score0.00278EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.51 views

CVE-2026-56032 WordPress Buddyboss Platform plugin <= 3.0.4 - PHP Object Injection vulnerability

Subscriber PHP Object Injection in Buddyboss Platform = 3.0.4 versions...

9.8CVSS0.00525EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 1:12 p.m.29 views

CVE-2026-56005 WordPress WP Activity Log plugin <= 5.6.3.1 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting XSS in WP Activity Log = 5.6.3.1 versions...

7.1CVSS0.0023EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:51 a.m.32 views

CVE-2026-45436 WordPress WPBakery Page Builder plugin <= 8.7.2 - Broken Access Control vulnerability

Subscriber Broken Access Control in WPBakery Page Builder = 8.7.2 versions...

6.5CVSS0.00304EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:50 a.m.15 views

CVE-2025-60223

CVE-2025-60223 affects the WordPress plugin WPBot Pro Wordpress Chatbot (versions

7.7CVSS5.2AI score0.0045EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/16 9:31 a.m.11 views

EUVD-2026-37061

The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 12.6.8. This is due to missing authorization checks on the wpfbhidereview and wprpsavereviewadmin AJAX handlers combined with insufficient path validation in the wpfbhidereviewaj...

8.1CVSS6.4AI score0.00501EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/15 8:19 p.m.8 views

CVE-2026-48964 WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.6 - SQL Injection vulnerability

Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System = 3.3.6 versions...

8.5CVSS5.7AI score0.00332EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:18 p.m.16 views

CVE-2026-40794

The CVE concerns WordPress plugin myCred ≤ 3.0.3 with a Broken Access Control vulnerability. Affected software: WordPress plugin myCred (versions up to 3.0.3). The provided sources identify the issue but do not disclose the exact root cause, affected functions/files, or concrete impact details be...

6.5CVSS5.1AI score0.00279EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:18 p.m.14 views

CVE-2026-40788

CVE-2026-40788 affects WordPress ChatBot plugin versions

7.1CVSS5.1AI score0.00307EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:18 p.m.30 views

CVE-2026-40788 WordPress ChatBot plugin <= 7.9.7 - Broken Access Control vulnerability

Subscriber Broken Access Control in ChatBot = 7.9.7 versions...

7.1CVSS0.00307EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/27 8:55 p.m.23 views

CVE-2026-33904 Ella Core has a Denial of Service via SCTP connection cleanup deadlock

Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, a deadlock in the AMF's SCTP notification handler causes the entire AMF control plane to hang until the process is restarted. An attacker with access to the N2 interface can cause Ella Core to hang, resulting in a denia...

6.5CVSS0.00165EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/18 12:22 p.m.5 views

CVE-2025-13110 HUSKY – Products Filter Professional for WooCommerce <= 1.3.7.3 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'woof_add_subscr'

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.7.3 via the "woofaddsubscr" function due to missing validation on a user controlled key. This makes it possible for authenticat...

4.3CVSS5.4AI score0.003EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 5:34 a.m.4 views

CVE-2023-0336

The OoohBoi Steroids for Elementor WordPress plugin before 2.1.5 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber to delete attachment...

6.5CVSS7AI score0.01003EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:31 a.m.5 views

CVE-2023-1169

The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the 'fileuploadercallback' function in versions up to, and including, 2.1.4. This makes it possible for subscriber-level attackers to upload image attachments to the...

4.3CVSS7.1AI score0.00573EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/10/14 12:31 a.m.7 views

WordPress Order Attachments for WooCommerce plugin 2.0 - 2.4.1 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary File Upload vulnerability

WordPress Order Attachments for WooCommerce plugin 2.0 - 2.4.1 - Missing Authorization to Authenticated Subscriber+ Limited Arbitrary File Upload vulnerability discovered by luckynoob in WordPress Plugin Order Attachments for WooCommerce versions 2.0 - 2.4.1...

4.3CVSS7AI score0.00852EPSS
Exploits1References1Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2023/01/18 12:0 a.m.6 views

VulnCheck KEV: CVE-2021-24164

In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wpajaxnfoauth, and retrieve the connection url needed to establish a connection. They could also retrieve the clientid for an already established OAuth...

4.3CVSS5.8AI score0.00889EPSS
Exploits2References1
Rows per page
Query Builder