Lucene search
K

2288 matches found

CVE
CVE
added 6 hours ago6 views

CVE-2026-12110

CVE-2026-12110 relates to the WordPress plugin Taskbuilder – Project Management & Task Management Tool With Kanban Board. All versions up to 5.0.8 are affected by a generic SQL Injection in the task_search parameter caused by insufficient escaping and lack of proper query preparation. This allows...

6.5CVSS5.8AI score
Exploits0References11
Patchstack
Patchstack
added yesterday4 views

WordPress Motors – Car Dealership & Classified Listings Plugin plugin <= 1.4.111 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Post Meta Modification vulnerability discovered by Michael Perla vizen5 - clixhouse in WordPress Plugin Motors versions = 1.4.111...

4.3CVSS5.8AI score
Exploits0References1Affected Software1
EUVD
EUVD
added yesterday6 views

EUVD-2026-40260

The Export User Data plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unserialize function in all versions up to, and including, 2.2.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to delet...

8CVSS6.5AI score0.00341EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday55 views

Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via Hash

Email Subscribers by Icegram Express = 5.7.20 contains an unauthenticated SQL injection vulnerability via the hash parameter. id: CVE-2024-4295 info: name: Email Subscribers by Icegram Express = 5.7.20 - Unauthenticated SQL Injection via Hash author: iamnoooob,rootxharsh,pdresearch severity:...

9.8CVSS7.3AI score0.10161EPSS
Exploits1References4
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-57332 WordPress Wallet System for WooCommerce plugin <= 2.7.6 - Broken Access Control vulnerability

Subscriber Broken Access Control in Wallet System for WooCommerce = 2.7.6 versions...

7.1CVSS0.00256EPSS
Exploits0References1
CVE
CVE
added 2 days ago9 views

CVE-2026-57329

CVE-2026-57329 describes a Subscriber Cross Site Scripting (XSS) vulnerability in the WooCommerce Designer Pro plugin up to version 1.9.34. CVSS v3.1 base score 6.5 (attackVector: NETWORK, attackComplexity: LOW, privilegesRequired: LOW, userInteraction: REQUIRED, scope: CHANGED, confidentiality/i...

6.5CVSS5.8AI score0.00211EPSS
Exploits0References1
Nuclei
Nuclei
added 2 days ago23 views

Subscriber by BestWebSoft < 1.3.5 - Cross-Site Scripting

The subscriber plugin before 1.3.5 for WordPress has multiple XSS issues. id: CVE-2017-18502 info: name: Subscriber by BestWebSoft 1.3.5 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The subscriber plugin before 1.3.5 for WordPress has multiple XSS issues. impact: |...

6.1CVSS6.4AI score0.01652EPSS
Exploits1References4
Nuclei
Nuclei
added 3 days ago21 views

Email Subscribers & Newsletters <= 5.3.1 - Authenticated SQL Injection

The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the order and orderby parameters to the ajaxfetchreportlist action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protecti...

8.8CVSS7.4AI score0.04184EPSS
Exploits3References2
NVD
NVD
added 5 days ago6 views

CVE-2026-57645

newsletterssubscribers Broken Access Control in Newsletters = 4.13 versions...

8.1CVSS0.00189EPSS
Exploits0References1
CVE
CVE
added 5 days ago11 views

CVE-2026-57645

CVE-2026-57645 affects the WordPress Newsletters plugin (versions

8.1CVSS5.8AI score0.00189EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-39760

newsletterssubscribers Broken Access Control in Newsletters = 4.13 versions...

8.1CVSS5.8AI score0.00189EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-57645

newsletterssubscribers Broken Access Control in Newsletters = 4.13 versions...

8.1CVSS5.8AI score0.00189EPSS
Exploits0References2
CVE
CVE
added 5 days ago14 views

CVE-2026-54826

CVE-2026-54826 affects the WordPress SupportCandy plugin up to version 3.4.6, with an Insecure Direct Object References (IDOR) vulnerability. Root cause: insecure direct object references allowing unauthorized access to objects. Impact: CVSS 3.1 base score 7.6 (High)—confidentiality impact High, ...

7.6CVSS5.8AI score0.00288EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-12079 Dokan Pro <= 5.0.4 - Authenticated (Subscriber+) SQL Injection via 'orderby' Parameter

The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ’orderby’ parameter in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

6.5CVSS0.00224EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 6 days ago12 views

PT-2026-52192

Name of the Vulnerable Software and Affected Versions Dokan Pro versions prior to 5.0.5 Description The Dokan Pro plugin for WordPress contains a time-based SQL Injection flaw. This occurs because the software does not sufficiently escape user-supplied input or properly prepare the SQL query...

6.5CVSS5.8AI score0.00224EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.31 views

CVE-2026-4297 Welcome Software Publishing <= 0.0.31 - Authenticated (Subscriber+) Arbitrary Options Update to Privilege Escalation via 'nc.setOption' XML-RPC Method

The Welcome Software Publishing plugin for WordPress is vulnerable to Arbitrary Options Update in all versions up to and including 0.0.31. This is due to a missing capability check in the ncsetOption function, which is exposed via the nc.setOption XML-RPC method. The function authenticates the us...

8.8CVSS0.00463EPSS
Exploits0References9
Patchstack
Patchstack
added 2026/06/23 4:40 p.m.4 views

WordPress Reviews and Rating – Docplanner plugin <= 1.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Modification vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin Reviews and Rating – Docplanner versions = 1.1.4...

4.3CVSS5.8AI score0.00307EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/23 12:32 p.m.34 views

CVE-2026-4610 ProfileGrid <= 5.9.9.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Message Content

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pmauthormessage' parameter in the pmsendmessagetoauthor function in all versions up to, and including, 5.9.9.2 due to insufficient input sanitization and output...

6.4CVSS0.00201EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/23 6:0 a.m.40 views

CVE-2026-8163 Infility Global < 2.15.19 - Subscriber+ SQL Injection via order Parameter

The Infility Global WordPress plugin before 2.15.19 does not properly sanitize and escape some parameters before using them in SQL statements, leading to a SQL Injection vulnerability exploitable by authenticated users with Subscriber-level access and above...

0.00239EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:31 a.m.6 views

CVE-2026-9013

The Bogo plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.1 via the bogorestcreateposttranslation. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract the raw title, content, excerpt,...

4.3CVSS5.8AI score0.00254EPSS
Exploits0References10
Rows per page
Query Builder