Lucene search
K

250 matches found

Nuclei
Nuclei
added yesterday25 views

WordPress AI Engine Plugin - Token Exposure

Unauthenticated sensitive information exposure in AI Engine WordPress plugin = 3.1.3 exposes bearer tokens via REST API endpoints when No-Auth URL is enabled. id: CVE-2025-11749 info: name: WordPress AI Engine Plugin - Token Exposure author: 4m3rr0r severity: critical description: | Unauthenticat...

9.8CVSS7AI score0.75063EPSS
Exploits5References2
Nuclei
Nuclei
added yesterday13 views

OpenProject < 12.5.4 - Project Identifiers Exposure

OpenProject versions before 12.5.6 generate a publicly accessible robots.txt file revealing project identifiers, even if the instance is set to 'Login required', letting attackers gather project info, exploit requires no authentication. id: CVE-2023-33960 info: name: OpenProject 12.5.4 - Project...

7.5CVSS6.9AI score0.01268EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday44 views

WP Directory Kit < 1.5.0 - Unauthenticated Email Exposure

WP Directory Kit plugin for WordPress = 1.4.9 contains a sensitive information exposure caused by improper access control in wdkpublicaction AJAX handler, letting unauthenticated attackers extract email addresses of users with Directory Kit-specific roles. id: CVE-2025-13920 info: name: WP...

5.3CVSS6.1AI score0.00669EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday6 views

Gogs < 0.14.3 - Unauthenticated Organization Teams Disclosure

Gogs before version 0.14.3 contains an unauthenticated information disclosure vulnerability. The GET /api/v1/orgs/:orgname/teams endpoint returns all teams for any organization without requiring authentication. The route group lacks the reqToken middleware, exposing team IDs, names, descriptions,...

6.9CVSS6.1AI score0.01553EPSS
Exploits0References2
NVD
NVD
added 3 days ago7 views

CVE-2026-61454

The Grav Admin2 plugin getgrav/grav-plugin-admin2 before 2.0.4 embeds a global JavaScript variable window.GRAVCONFIG in the Admin2 SPA bootstrap page at /grav/admin and its subroutes. This object is returned in every unauthenticated response and discloses the server URL, API prefix, admin base...

8.7CVSS0.00239EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-10865 Cost Calculator Builder <= 4.0.11 - Unauthenticated Sensitive Information Exposure of Payment Gateway Secret Keys

The Cost Calculator Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.11 via the template body. This makes it possible for unauthenticated attackers to extract the plaintext Stripe secret key, Razorpay secret key, and PayPal...

5.3CVSS0.0037EPSS
Exploits0References10
CVE
CVE
added 3 days ago15 views

CVE-2026-12426

The CVE-2026-12426 affects the WordPress plugin Members – Membership & User Role Editor, up to version 3.2.22. The vulnerability enables unauthenticated attackers to perform sensitive information exposure via the REST API pagination side channel, using the members_filter_protected_posts_for_rest ...

5.3CVSS6.1AI score0.00273EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 3 days ago7 views

PT-2026-57442

Name of the Vulnerable Software and Affected Versions Grav Admin2 plugin versions prior to 2.0.4 Description The plugin embeds a global JavaScript variable window. GRAV CONFIG in the Admin2 SPA bootstrap page at the '/grav/admin' endpoint and its subroutes. This object is returned in every...

8.7CVSS6.1AI score0.00239EPSS
Exploits0References7
EUVD
EUVD
added 4 days ago9 views

EUVD-2026-42881

Capgo before 12.128.2 contains an information disclosure vulnerability in the getorgsv7userid RPC function that remains publicly invokable despite intended private access controls. Unauthenticated attackers can supply arbitrary user UUIDs to retrieve foreign users' organization membership, roles,...

8.7CVSS6.2AI score0.00313EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-11571 Everest Forms < 3.5.0 - Unauthenticated Sensitive Information Exposure via Residual CSV Artifacts

The Everest Forms WordPress plugin before 3.5.0 does not reliably delete temporary CSV files generated during email-notification processing and leaves them publicly accessible in the uploads directory, allowing unauthenticated attackers to retrieve other users' form submission records via...

0.00256EPSS
Exploits0References1
NVD
NVD
added 2026/07/02 12:17 p.m.8 views

CVE-2026-57753

Unauthenticated Sensitive Data Exposure in Kit formerly ConvertKit for WooCommerce = 2.1.5 versions...

5.3CVSS0.00206EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/02 11:15 a.m.7 views

EUVD-2026-41309

Unauthenticated Sensitive Data Exposure in Kit formerly ConvertKit for WooCommerce = 2.1.5 versions...

5.3CVSS5.8AI score0.00206EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.10 views

PT-2026-55041

Name of the Vulnerable Software and Affected Versions Kit formerly ConvertKit for WooCommerce versions prior to 2.1.6 Description An unauthenticated sensitive data exposure issue exists in the plugin, allowing unauthorized users to access confidential information without providing credentials...

5.3CVSS5.9AI score0.00206EPSS
Exploits0References5
NVD
NVD
added 2026/06/26 3:16 p.m.10 views

CVE-2026-57664

Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder = 1.1.6 versions...

4.3CVSS0.00176EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2026-56060

Unauthenticated Sensitive Data Exposure in Print Invoice & Delivery Notes for WooCommerce = 7.1.1 versions...

7.5CVSS0.00303EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2026-54824

Unauthenticated Sensitive Data Exposure in Ads by WPQuads = 3.0.3 versions...

7.5CVSS0.00294EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.7 views

CVE-2026-54834

Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone = 2.3.2 versions...

7.5CVSS0.00294EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:53 p.m.7 views

EUVD-2026-39669

Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder = 1.1.6 versions...

4.3CVSS5.8AI score0.00176EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:53 p.m.15 views

CVE-2026-57664

The CVE-2026-57664 entry concerns a vulnerability in the WordPress plugin Bopo – WooCommerce Product Bundle Builder, specifically versions

4.3CVSS5.8AI score0.00176EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 2:53 p.m.9 views

CVE-2026-57664

Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder = 1.1.6 versions...

4.3CVSS5.8AI score0.00176EPSS
Exploits0References2
Rows per page
Query Builder