Lucene search
K

790 matches found

EUVD
EUVD
added yesterday3 views

EUVD-2026-41303

Unauthenticated Cross Site Request Forgery CSRF in Booked = 3.0.0 versions...

6.5CVSS5.8AI score
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-57671

Technical details are not publicly available in the provided documents. Monitor for updates.

7.1CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added yesterday5 views

CVE-2026-57359 WordPress ReviewX plugin <= 2.3.10 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in ReviewX = 2.3.10 versions...

7.1CVSS
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-27426

CVE-2026-27426 affects the WordPress Automotive Car Dealership Business theme

7.1CVSS5.8AI score
Exploits0References1
Nuclei
Nuclei
added yesterday15 views

Spam protection, AntiSpam, FireWall by CleanTalk < 5.153.4 - Unauthenticated Blind SQL Injection

It was possible to exploit an Unauthenticated Time-Based Blind SQL Injection vulnerability in the Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin before 5.153.4. The updatelog function in lib/Cleantalk/ApbctWP/Firewall/SFW.php included a vulnerable query that could be injected v...

7.5CVSS7.1AI score0.04691EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday11 views

WordPress Easy Digital Downloads <= 3.2.12 - SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Easy Digital Downloads allows SQL Injection.This issue affects Easy Digital Downloads: from n/a through 3.2.12. id: CVE-2024-5057 info: name: WordPress Easy Digital Downloads = 3.2.12 - SQL Injecti...

9.8CVSS5.8AI score0.02588EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday16 views

tagDiv Composer < 4.2 - Stored Cross-Site Scripting

tagDiv Composer plugin versions before 4.2 for WordPress are vulnerable to unauthenticated stored XSS via the /wp-json/tdw/savecss endpoint. An attacker can inject malicious JavaScript code through the compiledcss parameter, which gets stored and executed when the CSS is loaded. id: CVE-2023-3169...

6.1CVSS7AI score0.01595EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday21 views

LiteSpeed Cache <= 5.7 - Unauthenticated Stored XSS

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache- from n/a through 5.7. id: CVE-2023-40000 info: name: LiteSpeed Cache = 5.7 - Unauthenticated Stored XSS...

8.3CVSS7.1AI score0.54872EPSS
Exploits5References3
Patchstack
Patchstack
added 3 days ago9 views

WordPress Ajax Load More - Filters plugin <= 3.4.1 - Filters <= 3.4.1 - Unauthenticated Stored Cross-Site Scripting vulnerability

WordPress Ajax Load More - Filters plugin = 3.4.1 - Filters = 3.4.1 - Unauthenticated Stored Cross-Site Scripting vulnerability discovered by jonathan dunn in WordPress Plugin Ajax Load More - Filters versions = 3.4.1...

7.2CVSS5.8AI score0.00261EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-40107

Unauthenticated Cross Site Scripting XSS in Jobify = 4.3.2 versions...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References1
NVD
NVD
added last week7 views

CVE-2026-57630

Unauthenticated Insecure Direct Object References IDOR in Blocksy Companion Pro = 2.1.46 versions...

5.3CVSS0.00228EPSS
Exploits0References1
NVD
NVD
added last week7 views

CVE-2026-56031

Unauthenticated PHP Object Injection in Uncanny Automator = 7.3.1.2 versions...

8.1CVSS0.00317EPSS
Exploits0References1
CVE
CVE
added last week11 views

CVE-2026-57641

CVE-2026-57641 pertains to an unauthenticated Cross Site Request Forgery (CSRF) vulnerability in the WordPress Real Estate 7 theme, affecting versions ≤ 3.5.9. Public records confirm the affected software and the vulnerability class, but the provided documents do not specify the exact attack vect...

6.5CVSS5.8AI score0.00127EPSS
Exploits0References1
Cvelist
Cvelist
added last week33 views

CVE-2026-57635 WordPress FunnelKit Payment Gateway for Stripe WooCommerce plugin <= 1.14.0.3 - Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF in FunnelKit Payment Gateway for Stripe WooCommerce = 1.14.0.3 versions...

6.5CVSS0.00123EPSS
Exploits0References1
EUVD
EUVD
added last week4 views

EUVD-2026-39705

Unauthenticated Cross Site Scripting XSS in Blog2Social = 8.9.2 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added last week31 views

CVE-2026-56035 WordPress BitFire Security plugin <= 5.0.3 - Multiple Vulnerabilities vulnerability

Unauthenticated Multiple Vulnerabilities in BitFire Security = 5.0.3 versions...

8.6CVSS0.00275EPSS
Exploits0References1
Cvelist
Cvelist
added last week31 views

CVE-2025-66123 WordPress BookPro plugin <= 1.1.0 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in BookPro = 1.1.0 versions...

5.3CVSS0.00228EPSS
Exploits0References1
NVD
NVD
added last week9 views

CVE-2026-57878

An unauthenticated stack-based buffer overflow vulnerability exists in thttpd in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing web request parameters in a specific request path. A remote attacker may exploit this...

9.8CVSS0.00531EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 1:12 p.m.12 views

CVE-2026-56013

The CVE describes an unauthenticated Insecure Direct Object References (IDOR) in the WordPress License Manager for WooCommerce plugin, affected versions up to 3.0.15. The vulnerability stems from insecure direct object references that could allow unauthenticated access to license data. Connected ...

6.5CVSS5.8AI score0.00235EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 1:12 p.m.29 views

CVE-2026-54845 WordPress MDTF plugin <= 1.3.8 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in MDTF = 1.3.8 versions...

8.1CVSS0.00274EPSS
Exploits0References1
Rows per page
Query Builder