Lucene search
+L

8781 matches found

Nuclei
Nuclei
added 18 hours ago18 views

WordPress CBX Bookmark & Favorite Plugin <= 2.0.4 - SQL Injection

CBX Bookmark & Favorite WordPress plugin = 2.0.4 contains a SQL injection caused by insufficient escaping of the 'orderby' parameter, letting authenticated attackers with Subscriber-level access extract sensitive database information id: CVE-2025-13652 info: name: WordPress CBX Bookmark & Favorit...

6.5CVSS5.6AI score0.01077EPSS
Exploits0References3
NVD
NVD
added 2 days ago11 views

CVE-2026-15349

The ERP: Complete HR, Accounting & CRM Suite Built for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.17.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00272EPSS
Exploits0References10
NVD
NVD
added 2 days ago11 views

CVE-2026-15161

The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.6. This is due to the savefilter AJAX handler storing the raw $POST'filter' array into a WordPress option via updateoption without any capability check, nonce...

6.4CVSS0.00156EPSS
Exploits0References2
NVD
NVD
added 2 days ago12 views

CVE-2026-15159

The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.6 via the 'spreadsheetexportformid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, wit...

4.3CVSS0.00178EPSS
Exploits0References2
NVD
NVD
added 2 days ago9 views

CVE-2026-15160

The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.6 via the 'spreadsheetexporttmpname' parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to write .xls/.xlsx files ...

4.3CVSS0.00459EPSS
Exploits0References4
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-45136

The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.6. This is due to the savefilter AJAX handler storing the raw $POST'filter' array into a WordPress option via updateoption without any capability check, nonce...

6.4CVSS6.2AI score0.00156EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-15161 Ninja Forms - Excel Export <= 3.3.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'filter' Parameter

The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.6. This is due to the savefilter AJAX handler storing the raw $POST'filter' array into a WordPress option via updateoption without any capability check, nonce...

6.4CVSS0.00156EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2 days ago9 views

CVE-2026-15161

The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.6. This is due to the savefilter AJAX handler storing the raw $POST'filter' array into a WordPress option via updateoption without any capability check, nonce...

6.4CVSS6.2AI score0.00156EPSS
Exploits0References3
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-15349 ERP: Complete HR, Accounting & CRM Suite Built for WooCommerce <= 1.17.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Company Location Creation via wp_ajax_erp-company-location AJAX Handler

The ERP: Complete HR, Accounting & CRM Suite Built for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.17.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00272EPSS
Exploits0References10
Cvelist
Cvelist
added 2 days ago38 views

CVE-2026-14503 pCloud WP Backup <= 2.0.3 - Missing Authorization on the 'start_backup' AJAX Method to Authenticated (Subscriber+) Arbitrary File Read

The pCloud WP Backup plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.3 via the wp2pclajaxprocessrequestinner. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract force generation of a...

6.5CVSS0.00287EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2 days ago7 views

CVE-2026-15349

The ERP: Complete HR, Accounting & CRM Suite Built for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.17.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS6.2AI score0.00272EPSS
Exploits0References11
CVE
CVE
added 2 days ago15 views

CVE-2026-15349

CVE-2026-15349 affects the ERP: Complete HR, Accounting & CRM Suite Built for WooCommerce (WordPress). The vulnerability is an authorization bypass in the wp_ajax_erp-company-location AJAX handler, allowing authenticated users with subscriber-level access and higher to create arbitrary company lo...

4.3CVSS6.2AI score0.00272EPSS
Exploits0References10
CVE
CVE
added 2 days ago15 views

CVE-2026-15159

Affected software: Ninja Forms - Excel Export plugin for WordPress. Vulnerability type: Insecure Direct Object Reference via the spreadsheet_export_form_id parameter. Root cause: missing validation on a user controlled key. Versions affected: all versions up to and including 3.3.6. Impact: authen...

4.3CVSS6AI score0.00178EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-45127

The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.6 via the 'spreadsheetexporttmpname' parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to write .xls/.xlsx files ...

4.3CVSS6.2AI score0.00459EPSS
Exploits0References4
Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-15159 Ninja Forms - Excel Export <= 3.3.6 - Insecure Direct Object Reference to Authenticated (Subscriber+) Sensitive Data Disclosure via 'spreadsheet_export_form_id' Parameter

The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.6 via the 'spreadsheetexportformid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, wit...

4.3CVSS0.00178EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago37 views

CVE-2026-15160 Ninja Forms - Excel Export <= 3.3.6 - Missing Authorization to Authenticated (Subscriber+) XLS Write via Path Traversal

The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.6 via the 'spreadsheetexporttmpname' parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to write .xls/.xlsx files ...

4.3CVSS0.00459EPSS
Exploits0References4
CVE
CVE
added 2 days ago14 views

CVE-2026-15160

Summary of CVE-2026-15160 : The Ninja Forms - Excel Export plugin for WordPress is vulnerable to a directory traversal flaw in all versions up to and including 3.3.6, exploitable via the spreadsheet_export_tmp_name parameter. This vulnerability allows an authenticated user with subscriber-level a...

4.3CVSS6.2AI score0.00459EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2 days ago8 views

CVE-2026-15160

The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.6 via the 'spreadsheetexporttmpname' parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to write .xls/.xlsx files ...

4.3CVSS6.2AI score0.00459EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2 days ago7 views

CVE-2026-15159

The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.6 via the 'spreadsheetexportformid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, wit...

4.3CVSS6AI score0.00178EPSS
Exploits0References3
NVD
NVD
added 3 days ago8 views

CVE-2026-15407

The Themify Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 7.7.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level...

4.3CVSS0.00288EPSS
Exploits0References10
Rows per page
Query Builder