Lucene search
K

120 matches found

EUVD
EUVD
added 2 days ago5 views

EUVD-2026-42537

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.3.7. This is due to the plugin not properly verifying that a user is authorized to perform an...

5.3CVSS5.9AI score0.00323EPSS
Exploits0References10
NVD
NVD
added 2026/06/26 3:16 p.m.9 views

CVE-2026-57667

Sales Representative SQL Injection in Groundhogg = 4.5 versions...

8.5CVSS0.00211EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:53 p.m.5 views

EUVD-2026-39763

Contributor Broken Access Control in Nelio Content = 4.3.4 versions...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.23 views

PT-2026-52431

Name of the Vulnerable Software and Affected Versions Post Snippets versions prior to 4.0.20 Description Remote attackers with contributor-level permissions can execute arbitrary code on the server. Recommendations Update Post Snippets to version 4.0.20 or later...

8.5CVSS6.2AI score0.00351EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 1:20 p.m.15 views

CVE-2026-22330

Unauthenticated Local File Inclusion in Right Way = 4.0 versions...

8.1CVSS0.00363EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 10:16 a.m.19 views

CVE-2026-3018

The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpmlsubscriberid’ parameter in all versions up to, and including, 4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

7.5CVSS0.01382EPSS
Exploits0References3
NVD
NVD
added 2026/06/07 3:16 a.m.17 views

CVE-2026-11448

A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. The affected element is the function realpath of the file /rpc of the component Minidlna Service. This manipulation of the argument kube. set causes command injection. The attack is possible to be carried out remotely. Upgrading to...

5.8CVSS0.01582EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/02 10:40 a.m.11 views

CVE-2026-42669

Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EventPrime: from n/a through 4.3.2.0...

7.5CVSS5.8AI score0.00202EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/26 7:51 a.m.11 views

WordPress SeaFood Company theme <= 1.4 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme SeaFood Company versions = 1.4...

5.8AI score0.00525EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/05/13 4:26 a.m.45 views

CVE-2026-6962 Cost of Goods: Product Cost & Profit Calculator for WooCommerce <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Cost of Goods: Product Cost & Profit Calculator for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'algwccogproductcost' and 'algwccogproductprofit' shortcodes in all versions up to, and including, 4.1.0 due to insufficient input sanitization an...

6.4CVSS0.00193EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/11 1:45 a.m.9 views

CVE-2026-8262 Devs Palace ERP Online chart-save cross site scripting

A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /accounts/chart-save. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor was...

4.8CVSS4.1AI score0.00202EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/10 11:45 p.m.70 views

CVE-2026-8254 Devs Palace ERP Online sales_save cross site scripting

A security flaw has been discovered in Devs Palace ERP Online up to 4.0.0. Affected by this issue is some unknown functionality of the file /inventory/salessave. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the...

4.8CVSS0.00253EPSS
Exploits0References4
OSV
OSV
added 2026/05/01 12:30 p.m.6 views

GHSA-MQ9Q-25HM-G4GP AstrBot Makes Use of Hard-coded Password

A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.16.0. This issue affects some unknown processing of the file astrbot/dashboard/routes/auth.py of the component Dashboard. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The...

7.3CVSS6.6AI score0.00288EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/04/15 10:3 p.m.9 views

WordPress ProfilePress plugin <= 4.16.12 - Missing Authorization to Authenticated (Subscriber+) Inactive Membership Plan Subscription vulnerability

Missing Authorization to Authenticated Subscriber+ Inactive Membership Plan Subscription vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin ProfilePress versions = 4.16.12...

4.3CVSS5.8AI score0.00316EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/08 8:30 a.m.1 views

CVE-2026-39671 WordPress Extra Fees Plugin for WooCommerce plugin <= 4.3.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Dotstore Extra Fees Plugin for WooCommerce woo-conditional-product-fees-for-checkout allows Cross Site Request Forgery.This issue affects Extra Fees Plugin for WooCommerce: from n/a through = 4.3.3...

5.8AI score0.00102EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 5:5 p.m.4 views

CVE-2026-25002

Authentication Bypass Using an Alternate Path or Channel vulnerability in ThimPress LearnPress – Sepay Payment learnpress-sepay-payment allows Authentication Abuse.This issue affects LearnPress – Sepay Payment: from n/a through = 4.0.0...

7.5CVSS5.2AI score0.00271EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 5:2 p.m.4 views

CVE-2026-24362

Missing Authorization vulnerability in bdthemes Ultimate Post Kit ultimate-post-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Post Kit: from n/a through = 4.0.21...

6.4CVSS5.8AI score0.00245EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/25 4:14 p.m.4 views

CVE-2026-32488

Incorrect Privilege Assignment vulnerability in wpeverest User Registration user-registration allows Privilege Escalation.This issue affects User Registration: from n/a through = 4.4.9...

5.8AI score0.00345EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.5 views

PT-2026-27880

Name of the Vulnerable Software and Affected Versions LearnPress – Sepay Payment versions n/a through 4.0.0 Description An authentication bypass issue exists in ThimPress LearnPress – Sepay Payment learnpress-sepay-payment, allowing for authentication abuse through the use of an alternate path or...

7.5CVSS5.9AI score0.00271EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/17 1:24 a.m.4 views

CVE-2026-2579

The WowStore – Store Builder & Product Blocks for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the ‘search’ parameter in all versions up to, and including, 4.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing S...

7.5CVSS5.9AI score0.00304EPSS
Exploits0References5
Rows per page
Query Builder