Lucene search
+L

2380 matches found

Cvelist
Cvelist
added 2026/06/06 4:28 a.m.40 views

CVE-2026-9016 Debug Log Manager <= 2.5.0 - Unauthenticated Improper Output Neutralization for Logs via log_js_errors AJAX Action

The Debug Log Manager – Conveniently Monitor and Inspect Errors plugin for WordPress is vulnerable to Improper Output Neutralization for Logs in all versions up to, and including, 2.5.0. This is due to the logjserrors AJAX handler being registered for unauthenticated users via...

5.3CVSS0.00261EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/06 2:28 a.m.46 views

CVE-2026-9280 Ad Inserter <= 2.8.15 - Reflected Cross-Site Scripting via URL Parameters in iframe Mode

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL Parameters in iframe Mode in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS0.00225EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/06 12:0 a.m.19 views

PT-2026-47122

Name of the Vulnerable Software and Affected Versions All-In-One Security AIOS – Security and Firewall plugin for WordPress versions prior to 5.4.8 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization in the get rest route function and missing output escaping in t...

7.2CVSS5.7AI score0.00338EPSS
Exploits0References15
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.12 views

WordPress plugin Frontend User Notes 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

4.3CVSS5.3AI score0.00132EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/05 10:28 p.m.10 views

CVE-2026-7523

The Alba Board plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access...

4.3CVSS5.5AI score0.00272EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.10 views

CVE-2026-7437

The AzonPost plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the editposhidden parameter in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

6.1CVSS5.7AI score0.00204EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.13 views

CVE-2026-3355

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘crsearch’ parameter in all versions up to, and including, 5.101.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS5.7AI score0.00328EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.14 views

CVE-2026-9104

The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to...

6.4CVSS5.7AI score0.0022EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.9 views

CVE-2025-13618

The Mentoring plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.8. This is due to the plugin not properly restricting the roles that users can register with in the mentoringprocessregistration function. This makes it possible for unauthenticated...

9.8CVSS5.4AI score0.00336EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.9 views

CVE-2026-8418

The Games Catalog plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the gccrud function which handles the delete action action=delete via a GET request without any wpverifynonce /...

4.3CVSS5.5AI score0.00163EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.10 views

CVE-2026-7284

The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to privilege escalation via user registration in all versions up to, and including, 1.4.4. This is due to the 'easyelhandleregister' function not restricting what user roles a user can register with...

9.8CVSS5.4AI score0.00494EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.11 views

CVE-2026-6555

The ProSolution WP Client plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 2.0.0. This is due to an array validation mismatch where only the first file in the upload array undergoes extension and MIME type validation, while all files are processed and...

9.8CVSS6.3AI score0.00978EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.10 views

CVE-2026-4365

The LearnPress plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the deletequestionanswer function in all versions up to, and including, 4.3.2.8. The plugin exposes a wprest nonce in public frontend HTML lpData to unauthenticated visitors, and...

9.1CVSS5.5AI score0.00867EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 7:31 a.m.18 views

CVE-2026-48907

A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution...

10CVSS5.6AI score0.80425EPSS
Exploits19References2Affected Software1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.16 views

joomlacontenteditor.net Joomla Content Editor (JCE) extension for Joomla 权限许可和访问控制问题漏洞

JCE Joomla Component is an editor component used within the Joomla content management system. The JCE Joomla Component has a security vulnerability related to access control. This vulnerability stems from allowing unauthenticated users to create new editor profiles, ultimately leading to the uplo...

10CVSS7.7AI score0.80425EPSS
Exploits19References3
EUVD
EUVD
added 2026/06/04 1:22 p.m.11 views

EUVD-2019-20163

WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the path parameter. Attackers can send GET requests to the edit.php endpoint with export=exportcsv and a malicious path paramet...

9.8CVSS5.9AI score0.0046EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/04 4:8 a.m.11 views

EUVD-2026-34205

The aicmd utility executes with full root permissions. It pipes socket inputs directly to popen, paving the way for unauthenticated users to execute arbitrary root commands...

9.8CVSS6.1AI score0.00317EPSS
Exploits0References1
CVE
CVE
added 2026/06/04 4:8 a.m.30 views

CVE-2026-49188

CVE-2026-49188 affects a component where the ai_cmd utility runs with root privileges and pipes socket inputs directly to popen(), enabling unauthenticated users to execute arbitrary root commands. The available sources explicitly state elevated root command execution via ai_cmd sockets, with CVS...

9.8CVSS6.1AI score0.00317EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/04 4:8 a.m.9 views

CVE-2026-49188 Elevated Root Command Execution via ai_cmd Sockets

The aicmd utility executes with full root permissions. It pipes socket inputs directly to popen, paving the way for unauthenticated users to execute arbitrary root commands...

8.7CVSS6.1AI score0.00317EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.33 views

PT-2026-46908

Name of the Vulnerable Software and Affected Versions Widget Factory Joomla Content Editor JCE versions 1.0.0 through 2.9.99.4 Description Improper access control in the JCE editor extension for Joomla allows unauthenticated users to create new editor profiles. This flaw enables the upload and...

10CVSS9.1AI score0.80425EPSS
Exploits19References111
Rows per page
Query Builder