Lucene search
K

2296 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/18 6:0 a.m.10 views

CVE-2026-1631

The Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4's license key due to a missing capability check on the...

5.4CVSS5.8AI score0.00231EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.9 views

WordPress plugin Feeds for YouTube 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5.4CVSS5.8AI score0.00231EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/17 2:27 a.m.48 views

CVE-2026-8719 AI Engine 3.4.9 - Authenticated (Subscriber+) Privilege Escalation via Missing Authorization in MCP OAuth Bearer Token

The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin for WordPress is vulnerable to Privilege Escalation in version 3.4.9. This is due to missing WordPress capability enforcement in the MCP OAuth bearer-token authorization path, where any valid OAuth token causes MCP access to be...

8.8CVSS0.00359EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/16 12:30 p.m.9 views

CVE-2025-4202 Multicollab: Content Team Collaboration and Editorial Workflow <= 5.2 - Missing Authorization to Authenticated (Subscriber+) Collaboration Comment

The Multicollab: Content Team Collaboration and Editorial Workflow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cfaddcomment' function in all versions up to, and including, 5.2. This makes it possible for authenticated attackers...

4.3CVSS5.9AI score0.00237EPSS
Exploits0References3
NVD
NVD
added 2026/05/15 9:16 a.m.37 views

CVE-2026-6415

The Advanced Custom Fields: Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.0.2. This is due to insufficient input validation of JSON field values and unsafe client-side HTML construction in the updatepreview JavaScript function. Th...

6.4CVSS0.00274EPSS
Exploits0References6
CVE
CVE
added 2026/05/15 8:27 a.m.13 views

CVE-2026-7563

The CVE-2026-7563 entry concerns the WordPress plugin Classified Listing – AI-Powered Classified ads & Business Directory (versions up to and including 5.3.10). The vulnerability arises from missing authorization verification, enabling authenticated users with subscriber-level access or higher to...

4.3CVSS5.9AI score0.00265EPSS
Exploits0References14
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.10 views

WordPress plugin Advanced Custom Fields: Font Awesome 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.8AI score0.00274EPSS
Exploits0References1
CVE
CVE
added 2026/05/14 6:44 a.m.21 views

CVE-2026-3892

The Motors – Car Dealership & Classified Listings Plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to 1.4.107 due to insufficient file path validation in the become-dealer logo upload flow. An authenticated user with subscriber+ access can set an arbitrary filesyst...

8.1CVSS5.9AI score0.00256EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/14 6:44 a.m.68 views

CVE-2026-6225 Taskbuilder – Project Management & Task Management Tool With Kanban Board <= 5.0.6 - Authenticated (Subscriber+) Time-Based Blind SQL Injection via 'project_search' Parameter

The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'projectsearch' parameter in all versions up to, and including, 5.0.6 due to insufficient escaping on the user supplied parameter and lack of...

6.5CVSS0.00224EPSS
Exploits0References2
CVE
CVE
added 2026/05/14 5:30 a.m.15 views

CVE-2026-3829

The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan plugin for WordPress is affected by CVE-2026-3829 due to missing capability checks in wple_basic_get_requests across all versions up to 7.8.5.10. This allows authenticated users with subscriber-level ac...

5.4CVSS5.8AI score0.00202EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/13 8:23 p.m.12 views

CVE-2026-43876

WWBN AVideo is an open source video platform. In versions up to and including 29.0, objects/notifySubscribers.json.php takes the raw message POST parameter and passes it into sendSiteEmail, which substitutes it directly into an HTML email template via strreplace on the message placeholder and...

6.4CVSS5.9AI score0.00156EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 2:17 p.m.9 views

CVE-2026-4607

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.8.4. This is due to the plugin not properly verifying that a user is authorized to perform an action via the pmsetgrouporder, pmsetgroupitem...

4.3CVSS0.00234EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/13 4:26 a.m.6 views

CVE-2025-9987

The Broadstreet plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.53.1 via the getsponsoredmeta AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protect...

5.3CVSS5.8AI score0.0027EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/13 4:26 a.m.40 views

CVE-2025-9987 Broadstreet <= 1.53.1 - Authenticated (Subscriber+) Information Disclosure

The Broadstreet plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.53.1 via the getsponsoredmeta AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protect...

5.3CVSS0.0027EPSS
Exploits0References2
CVE
CVE
added 2026/05/13 4:26 a.m.14 views

CVE-2025-9987

The Broadstreet WordPress plugin (versions

5.3CVSS5.8AI score0.0027EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/13 4:26 a.m.7 views

EUVD-2025-209819

The Broadstreet plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the createadvertiser AJAX action in all versions up to, and including, 1.53.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create...

4.3CVSS5.8AI score0.00158EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/12 3:43 p.m.10 views

WordPress Broadstreet plugin <= 1.53.1 - Missing Authorization to Authenticated (Subscriber+) Advertiser Creation vulnerability

Missing Authorization to Authenticated Subscriber+ Advertiser Creation vulnerability discovered by greenhats - Student in WordPress Plugin Broadstreet Ads versions = 1.53.1...

4.3CVSS5.8AI score0.00158EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/12 7:48 a.m.16 views

CVE-2026-5028

The Eight Day Week Print Workflow WordPress plugin (vulnerable up to 1.2.6) is affected by a time-based blind SQL injection via the title parameter in the pp-get-articles AJAX action. Root cause: insufficient escaping and inadequate SQL query preparation. Impact: authenticated attackers with Subs...

6.5CVSS5.9AI score0.00241EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/05/12 12:0 a.m.9 views

WordPress ProfileGrid – User Profiles, Groups and Communities plugin <= 5.9.8.4 - Missing Authorization to Authenticated (Subscriber+) Group Settings Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Group Settings Modification vulnerability discovered by Chawabhon Netisingha JNX03 in WordPress Plugin ProfileGrid versions = 5.9.8.4...

4.3CVSS5.8AI score0.00234EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.8 views

WordPress plugin Eight Day Week Print Workflow SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

6.5CVSS5.9AI score0.00241EPSS
Exploits0References1
Rows per page
Query Builder