Lucene search
K

8466 matches found

NVD
NVD
added 1 hour ago4 views

CVE-2026-57332

Subscriber Broken Access Control in Wallet System for WooCommerce = 2.7.6 versions...

7.1CVSS
Exploits0References1
NVD
NVD
added 1 hour ago4 views

CVE-2026-57330

Subscriber Cross Site Scripting XSS in MasterStudy LMS = 3.7.27 versions...

6.5CVSS
Exploits0References1
NVD
NVD
added 1 hour ago4 views

CVE-2026-57328

Subscriber Cross Site Scripting XSS in Business Directory = 6.4.22 versions...

6.5CVSS
Exploits0References1
NVD
NVD
added 1 hour ago3 views

CVE-2026-57327

Subscriber Broken Access Control in MainWP = 6.1.1 versions...

6.3CVSS
Exploits0References1
CVE
CVE
added 3 hours ago4 views

CVE-2026-57335

CVE-2026-57335 concerns the WordPress plugin WPQuads Ads (WPQuads)

6.5CVSS5.8AI score
Exploits0References1
CVE
CVE
added 3 hours ago4 views

CVE-2026-57332

The CVE affects the WordPress Wallet System for WooCommerce plugin, specifically versions

7.1CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added 3 hours ago4 views

CVE-2026-57330 WordPress MasterStudy LMS plugin <= 3.7.27 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting XSS in MasterStudy LMS = 3.7.27 versions...

6.5CVSS
Exploits0References1
Cvelist
Cvelist
added 3 hours ago4 views

CVE-2026-57327 WordPress MainWP plugin <= 6.1.1 - Broken Access Control vulnerability

Subscriber Broken Access Control in MainWP = 6.1.1 versions...

6.3CVSS
Exploits0References1
CVE
CVE
added 3 hours ago3 views

CVE-2026-57328

CVE-2026-57328 is a Subscriber XSS vulnerability in the WordPress Business Directory plugin, affecting versions

6.5CVSS5.8AI score
Exploits0References1
CVE
CVE
added 3 hours ago5 views

CVE-2026-57327

The connected documents identify CVE-2026-57327 as a vulnerability in the WordPress MainWP plugin up to version 6.1.1 describing a Subscriber/Broken Access Control issue. The underlying root cause is described as broken access control, but the documents do not provide concrete technical details s...

6.3CVSS5.8AI score
Exploits0References1
NVD
NVD
added 9 hours ago5 views

CVE-2026-9676

The F4 Post Tree WordPress plugin before 2.0.5 does not perform capability checks or CSRF/nonce verification on one of its AJAX actions, allowing authenticated users with Subscriber-level access and above to modify the parent and menu order of arbitrary posts...

4.3CVSS
Exploits0References1
EUVD
EUVD
added 10 hours ago4 views

EUVD-2026-40040

The F4 Post Tree WordPress plugin before 2.0.5 does not perform capability checks or CSRF/nonce verification on one of its AJAX actions, allowing authenticated users with Subscriber-level access and above to modify the parent and menu order of arbitrary posts...

4.3CVSS5.9AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 10 hours ago3 views

CVE-2026-9676

The F4 Post Tree WordPress plugin before 2.0.5 does not perform capability checks or CSRF/nonce verification on one of its AJAX actions, allowing authenticated users with Subscriber-level access and above to modify the parent and menu order of arbitrary posts...

5.9AI score
Exploits0References1
CVE
CVE
added 10 hours ago7 views

CVE-2026-9676

The vulnerability CVE-2026-9676 affects the F4 Post Tree WordPress plugin prior to 2.0.5. The issue arises because the plugin does not perform capability checks or CSRF/nonce verification on one of its AJAX actions, allowing authenticated users with Subscriber-level access and above to modify the...

4.3CVSS5.9AI score
Exploits0References1
Nuclei
Nuclei
added 10 hours ago13 views

WordPress CBX Bookmark & Favorite Plugin <= 2.0.4 - SQL Injection

CBX Bookmark & Favorite WordPress plugin = 2.0.4 contains a SQL injection caused by insufficient escaping of the 'orderby' parameter, letting authenticated attackers with Subscriber-level access extract sensitive database information id: CVE-2025-13652 info: name: WordPress CBX Bookmark & Favorit...

6.5CVSS5.8AI score0.01077EPSS
Exploits0References3
EUVD
EUVD
added yesterday8 views

EUVD-2026-39968

The Frontend File Manager Plugin plugin for WordPress is vulnerable to Authenticated Arbitrary File Deletion in versions up to and including 23.6. This is due to a case-sensitive bypass of the wpfmdirpath parameter sanitization in the wpfmfilemetaupdate AJAX handler, where supplying WPFMDIRPATH i...

8.1CVSS5.8AI score0.00417EPSS
Exploits0References4
NVD
NVD
added yesterday11 views

CVE-2026-8095

The Frontend File Manager Plugin plugin for WordPress is vulnerable to Authenticated Arbitrary File Deletion in versions up to and including 23.6. This is due to a case-sensitive bypass of the wpfmdirpath parameter sanitization in the wpfmfilemetaupdate AJAX handler, where supplying WPFMDIRPATH i...

8.1CVSS0.00417EPSS
Exploits0References3
NVD
NVD
added 2 days ago9 views

CVE-2026-12471

The Spexo theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the activateplugin function in all versions up to, and including, 2.0.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate a limited set o...

4.3CVSS0.00196EPSS
Exploits0References4
NVD
NVD
added 2 days ago6 views

CVE-2026-3462

The Frisbii Pay plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'uploadcsv' and 'processbatch' functions in all versions up to, and including, 1.8.9. This makes it possible for authenticated attackers, with Subscriber-level access an...

6.5CVSS0.00276EPSS
Exploits1References5
NVD
NVD
added 2 days ago7 views

CVE-2026-11364

The Product Specifications for WooCommerce plugin for WordPress is vulnerable to unauthorized modification, creation, and deletion of data in versions up to and including 0.8.9. This is due to a missing capability check and missing nonce verification in the invoke methods of the...

4.3CVSS0.00213EPSS
Exploits0References8
Rows per page
Query Builder