Lucene search
K

2320 matches found

Nuclei
Nuclei
added yesterday64 views

Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via Hash

Email Subscribers by Icegram Express = 5.7.20 contains an unauthenticated SQL injection vulnerability via the hash parameter. id: CVE-2024-4295 info: name: Email Subscribers by Icegram Express = 5.7.20 - Unauthenticated SQL Injection via Hash author: iamnoooob,rootxharsh,pdresearch severity:...

9.8CVSS7.1AI score0.10161EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday23 views

Subscriber by BestWebSoft < 1.3.5 - Cross-Site Scripting

The subscriber plugin before 1.3.5 for WordPress has multiple XSS issues. id: CVE-2017-18502 info: name: Subscriber by BestWebSoft 1.3.5 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The subscriber plugin before 1.3.5 for WordPress has multiple XSS issues. impact: |...

6.1CVSS6.4AI score0.01652EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday247 views

Wordpress Email Subscribers by Icegram Express - SQL Injection

The Email Subscribers by Icegram Express - Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the 'IGESSubscribersQuery' class in all versions up to, and including, 5.7.14 due to insufficient escaping ...

9.8CVSS7.1AI score0.80596EPSS
Exploits4References2
Nuclei
Nuclei
added yesterday37 views

Email Subscribers & Newsletters <= 5.3.1 - Authenticated SQL Injection

The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the order and orderby parameters to the ajaxfetchreportlist action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protecti...

8.8CVSS7AI score0.04184EPSS
Exploits3References2
NVD
NVD
added 3 days ago6 views

CVE-2026-8678

The MyParcel plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.25.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access a...

4.3CVSS0.00232EPSS
Exploits0References8
EUVD
EUVD
added 3 days ago8 views

EUVD-2026-43129

The WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.0.1 via the 'MappedFields' parameter. This is due to missing capability checks on the AJAX handlers for installaddon,...

8.8CVSS6.3AI score0.00606EPSS
Exploits0References6
Cvelist
Cvelist
added 3 days ago35 views

CVE-2026-7544 Mux Video Uploader <= 1.1.4 - Authenticated (Subscriber+) Information Exposure

The Mux Video Uploader plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the muxvideoenqueuesettingsscript. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive data...

4.3CVSS0.00237EPSS
Exploits0References6
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-43128

The Mux Video Uploader plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the muxvideoenqueuesettingsscript. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive data...

4.3CVSS6.1AI score0.00237EPSS
Exploits0References6
CVE
CVE
added 3 days ago12 views

CVE-2026-7544

Summary (CVE-2026-7544) : The Mux Video Uploader WordPress plugin (≤ v1.1.4) is vulnerable to Sensitive Information Exposure via muxvideo_enqueue_settings_script. Authenticated users with subscriber-level access or higher can extract sensitive data, including Mux API credentials. The CVE notes th...

4.3CVSS6.1AI score0.00237EPSS
Exploits0References6
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43119

The MyParcel plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.25.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access a...

4.3CVSS6.2AI score0.00232EPSS
Exploits0References8
NVD
NVD
added 3 days ago6 views

CVE-2026-11426

The UnderConstructionPage PRO plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.76. This is due to the plugin accepting arbitrary local file paths in the templatethumbnail parameter and copying their contents into a publicly accessible uploads file...

6.5CVSS0.00308EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago9 views

EUVD-2026-43117

The UnderConstructionPage PRO plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.76. This is due to the plugin accepting arbitrary local file paths in the templatethumbnail parameter and copying their contents into a publicly accessible uploads file...

6.5CVSS6.2AI score0.00308EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-11426 UnderConstructionPage PRO <= 5.76 - Authenticated (Subscriber+) Arbitrary File Read via template_thumbnail Parameter

The UnderConstructionPage PRO plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.76. This is due to the plugin accepting arbitrary local file paths in the templatethumbnail parameter and copying their contents into a publicly accessible uploads file...

6.5CVSS0.00308EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42828

The All-in-One Video Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.8.5 via the 'vdl' parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locatio...

6.4CVSS6.2AI score0.00246EPSS
Exploits0References12
NVD
NVD
added 4 days ago6 views

CVE-2026-5069

The Fluent Forms plugin for WordPress is vulnerable to incorrect authorization via the 'subscriptionid' parameter in versions up to, and including, 6.2.1. This is due to insufficient ownership authorization checks in the payment cancellation AJAX flow. This makes it possible for authenticated...

5.4CVSS0.00176EPSS
Exploits0References2
CVE
CVE
added 5 days ago59 views

CVE-2026-57031

Summary of CVE-2026-57031 (Junos OS MX Series): A vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on MX Series devices allows adjacent subscribers configured on static interfaces to bypass ingress firewall filters, disabling both protocol-level and upstream bandwi...

5.3CVSS6AI score0.00238EPSS
Exploits0References1
Patchstack
Patchstack
added 5 days ago5 views

WordPress Invoice123 plugin <= 1.7.0 - Missing Authorization to Authenticated (Subscriber+) Setting Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Setting Modification vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin Invoice123 versions = 1.7.0...

4.3CVSS6.1AI score0.00288EPSS
Exploits0References1Affected Software1
NVD
NVD
added 5 days ago6 views

CVE-2026-13492

The UsersWP plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 1.2.65. This is due to insufficient validation of file-field values in the UsersWPValidation::validatefields function which falls through to sanitizetextfield for fields of type 'file',...

8.8CVSS0.00525EPSS
Exploits0References8
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-9237 Employee, Leave and Recruitment Management System <= 1.2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Job Deletion via crewhrm_singleJobAction AJAX Action

The Employee, Leave and Recruitment Management System – Crew HRM plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00227EPSS
Exploits0References7
NVD
NVD
added 5 days ago9 views

CVE-2026-8996

The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.22.26 via the downloadrecentdecryptedfilewptc. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

6.5CVSS0.0027EPSS
Exploits0References8
Rows per page
Query Builder