Lucene search
K

794 matches found

Nuclei
Nuclei
added 6 hours ago38 views

WordPress Easy Digital Downloads <= 3.2.12 - SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Easy Digital Downloads allows SQL Injection.This issue affects Easy Digital Downloads: from n/a through 3.2.12. id: CVE-2024-5057 info: name: WordPress Easy Digital Downloads = 3.2.12 - SQL Injecti...

9.8CVSS6AI score0.02588EPSS
Exploits0References3
Nuclei
Nuclei
added 6 hours ago17 views

tagDiv Composer < 4.2 - Stored Cross-Site Scripting

tagDiv Composer plugin versions before 4.2 for WordPress are vulnerable to unauthenticated stored XSS via the /wp-json/tdw/savecss endpoint. An attacker can inject malicious JavaScript code through the compiledcss parameter, which gets stored and executed when the CSS is loaded. id: CVE-2023-3169...

6.1CVSS7AI score0.01595EPSS
Exploits2References2
Nuclei
Nuclei
added 6 hours ago32 views

Spam protection, AntiSpam, FireWall by CleanTalk < 5.153.4 - Unauthenticated Blind SQL Injection

It was possible to exploit an Unauthenticated Time-Based Blind SQL Injection vulnerability in the Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin before 5.153.4. The updatelog function in lib/Cleantalk/ApbctWP/Firewall/SFW.php included a vulnerable query that could be injected v...

7.5CVSS7.1AI score0.04691EPSS
Exploits1References2
Patchstack
Patchstack
added 2 days ago4 views

WordPress CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x plugin <= 2.2.14 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by sterva - Teletronics in WordPress Plugin CURCY versions = 2.2.14...

5.4CVSS6AI score0.00255EPSS
Exploits0References1Affected Software1
Nuclei
Nuclei
added 5 days ago60 views

LiteSpeed Cache <= 5.7 - Unauthenticated Stored XSS

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache- from n/a through 5.7. id: CVE-2023-40000 info: name: LiteSpeed Cache = 5.7 - Unauthenticated Stored XSS...

8.3CVSS7AI score0.54872EPSS
Exploits5References3
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-41303

Unauthenticated Cross Site Request Forgery CSRF in Booked = 3.0.0 versions...

6.5CVSS5.8AI score0.00124EPSS
Exploits0References1
CVE
CVE
added 6 days ago19 views

CVE-2026-57671

Technical details are not publicly available in the provided documents. Monitor for updates.

7.1CVSS5.8AI score0.00191EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-57359 WordPress ReviewX plugin <= 2.3.10 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in ReviewX = 2.3.10 versions...

7.1CVSS0.00191EPSS
Exploits0References1
CVE
CVE
added 6 days ago12 views

CVE-2026-27426

CVE-2026-27426 affects the WordPress Automotive Car Dealership Business theme

7.1CVSS5.8AI score0.00191EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-54974

Name of the Vulnerable Software and Affected Versions NativeChurch versions prior to 4.8.8.3 Description An unauthenticated Cross Site Scripting XSS issue exists, allowing attackers to execute malicious scripts without authentication. Recommendations Update NativeChurch to a version newer than...

7.1CVSS6AI score0.0018EPSS
Exploits0References3
Patchstack
Patchstack
added 6 days ago4 views

WordPress MotoPress Appointment Booking plugin <= 2.4.4 - Unauthenticated Insecure Direct Object Reference to 'payment_details.booking_id' Parameter vulnerability

Unauthenticated Insecure Direct Object Reference to 'paymentdetails.bookingid' Parameter vulnerability discovered by g0wthr in WordPress Plugin MotoPress Appointment Booking versions = 2.4.4...

5.3CVSS5.9AI score0.00342EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/30 9:52 a.m.9 views

WordPress Ajax Load More - Filters plugin <= 3.4.1 - Filters <= 3.4.1 - Unauthenticated Stored Cross-Site Scripting vulnerability

WordPress Ajax Load More - Filters plugin = 3.4.1 - Filters = 3.4.1 - Unauthenticated Stored Cross-Site Scripting vulnerability discovered by jonathan dunn in WordPress Plugin Ajax Load More - Filters versions = 3.4.1...

7.2CVSS5.8AI score0.00261EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/29 1:36 p.m.5 views

EUVD-2026-40107

Unauthenticated Cross Site Scripting XSS in Jobify = 4.3.2 versions...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.8 views

CVE-2026-57630

Unauthenticated Insecure Direct Object References IDOR in Blocksy Companion Pro = 2.1.46 versions...

5.3CVSS0.00228EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.7 views

CVE-2026-56031

Unauthenticated PHP Object Injection in Uncanny Automator = 7.3.1.2 versions...

8.1CVSS0.00317EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:53 p.m.13 views

CVE-2026-57641

CVE-2026-57641 pertains to an unauthenticated Cross Site Request Forgery (CSRF) vulnerability in the WordPress Real Estate 7 theme, affecting versions ≤ 3.5.9. Public records confirm the affected software and the vulnerability class, but the provided documents do not specify the exact attack vect...

6.5CVSS5.8AI score0.00127EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:53 p.m.34 views

CVE-2026-57635 WordPress FunnelKit Payment Gateway for Stripe WooCommerce plugin <= 1.14.0.3 - Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF in FunnelKit Payment Gateway for Stripe WooCommerce = 1.14.0.3 versions...

6.5CVSS0.00123EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.5 views

EUVD-2026-39705

Unauthenticated Cross Site Scripting XSS in Blog2Social = 8.9.2 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.32 views

CVE-2026-56035 WordPress BitFire Security plugin <= 5.0.3 - Multiple Vulnerabilities vulnerability

Unauthenticated Multiple Vulnerabilities in BitFire Security = 5.0.3 versions...

8.6CVSS0.00275EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.34 views

CVE-2025-66123 WordPress BookPro plugin <= 1.1.0 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in BookPro = 1.1.0 versions...

5.3CVSS0.00228EPSS
Exploits0References1
Rows per page
Query Builder