Lucene search
K

8034 matches found

Cvelist
Cvelist
added 1 hour ago1 views

CVE-2026-11616 Events Calendar for GeoDirectory <= 2.3.28 - Authenticated (Subscriber+) Privilege Escalation

The Events Calendar for GeoDirectory plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 2.3.28. This is due to the ajaxayiaction handler only applying striptagsescsql — with no allow-list — to the attacker-controlled $POST'type' and $POST'postid' values...

8.8CVSS
Exploits0References4
EUVD
EUVD
added 2 hours ago2 views

EUVD-2026-35310

The WP GDPR Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ninjagdprajaxactions' AJAX action in versions up to, and including, 1.0.0. This is due to missing capability and nonce checks on the handleAjaxCalls function, combined with insufficient input...

6.4CVSS5.7AI score
Exploits0References6
NVD
NVD
added 3 hours ago6 views

CVE-2026-8977

The WP GDPR Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ninjagdprajaxactions' AJAX action in versions up to, and including, 1.0.0. This is due to missing capability and nonce checks on the handleAjaxCalls function, combined with insufficient input...

6.4CVSS
Exploits0References5
Positive Technologies
Positive Technologies
added 8 hours ago3 views

PT-2026-47683

The WP GDPR Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ninja gdpr ajax actions' AJAX action in versions up to, and including, 1.0.0. This is due to missing capability and nonce checks on the handleAjaxCalls function, combined with insufficient input...

6.4CVSS5.7AI score
Exploits0References6
OSV
OSV
added yesterday3 views

JLSEC-2026-608

SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription's publication-side credentials. The attack takes effect at the next REFRESH PUBLICATION. Within major versions 16, 17, and 18...

8.8CVSS6AI score0.00024EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday11 views

WordPress CBX Bookmark & Favorite Plugin <= 2.0.4 - SQL Injection

CBX Bookmark & Favorite WordPress plugin = 2.0.4 contains a SQL injection caused by insufficient escaping of the 'orderby' parameter, letting authenticated attackers with Subscriber-level access extract sensitive database information id: CVE-2025-13652 info: name: WordPress CBX Bookmark & Favorit...

6.5CVSS5.6AI score0.03032EPSS
Exploits0References3
Amazon
Amazon
added yesterday4 views

Important: postgresql18

Issue Overview: Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions...

8.8CVSS6.7AI score0.0008EPSS
Exploits0
Amazon
Amazon
added yesterday4 views

Important: postgresql17

Issue Overview: Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions...

8.8CVSS6.6AI score0.0008EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2 days ago8 views

CVE-2026-8611

The Klamra Paycal for Aspaclaria plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.4 via the 'invoiceid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS5.6AI score0.00031EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2 days ago7 views

CVE-2026-7523

The Alba Board plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access...

4.3CVSS5.5AI score0.00039EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2 days ago6 views

CVE-2026-10038

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insecure Direct Object Reference / Authorization Bypass leading to Arbitrary Attachment Deletion in versions up to, and including, 1.8.11.1 via the profile avatar...

4.3CVSS5.6AI score0.0004EPSS
Exploits0References1
CVE
CVE
added 3 days ago15 views

CVE-2026-8611

The Klamra Paycal for Aspaclaria WordPress plugin is vulnerable to Insecure Direct Object Reference through the invoice_id parameter in versions up to 1.1.4, caused by missing validation on a user-controlled key. Authenticated users with subscriber-level access and higher can enumerate post IDs t...

4.3CVSS5.6AI score0.00031EPSS
Exploits0References8
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-34923

The Alba Board plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access...

4.3CVSS5.5AI score0.00039EPSS
Exploits0References9
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-34927

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insecure Direct Object Reference / Authorization Bypass leading to Arbitrary Attachment Deletion in versions up to, and including, 1.8.11.1 via the profile avatar...

4.3CVSS5.6AI score0.0004EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 3 days ago11 views

PT-2026-47141

The Klamra Paycal for Aspaclaria plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.4 via the 'invoice id' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS5.6AI score0.00031EPSS
Exploits0References9
CVE
CVE
added 4 days ago12 views

CVE-2026-10038

The Charitable – Donation Plugin for WordPress (Charitable) up to version 1.8.11.1 is affected by an Insecure Direct Object Reference/Authorization Bypass that enables Arbitrary Attachment Deletion via the profile avatar update flow. The issue stems from save_avatar() calling wp_delete_attachment...

4.3CVSS5.6AI score0.0004EPSS
Exploits0References12
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-7523

The Alba Board plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access...

4.3CVSS5.5AI score0.00039EPSS
Exploits0References9
Cvelist
Cvelist
added 4 days ago29 views

CVE-2026-7523 Alba Board <= 2.1.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure via 'card_id' Parameter

The Alba Board plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access...

4.3CVSS0.00039EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 4 days ago5 views

CVE-2026-7523 Alba Board <= 2.1.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure via 'card_id' Parameter

The Alba Board plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access...

4.3CVSS5.5AI score0.00039EPSS
Exploits0References8
CVE
CVE
added 4 days ago15 views

CVE-2026-7523

The CVE-2026-7523 entry concerns the Alba Board WordPress plugin (

4.3CVSS5.5AI score0.00039EPSS
Exploits0References8
Rows per page
Query Builder