Lucene search
K

137 matches found

Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-57747 WordPress Booked plugin <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF in Booked = 3.0.0 versions...

6.5CVSS0.00124EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-57746 WordPress Booked plugin <= 3.0.0 - Broken Access Control vulnerability

Subscriber Broken Access Control in Booked = 3.0.0 versions...

7.1CVSS0.00235EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/29 9:43 a.m.5 views

WordPress Ads by WPQuads plugin <= 3.0.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Ads by WPQuads versions = 3.0.3...

6.5CVSS5.8AI score0.00229EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/26 2:53 p.m.5 views

CVE-2026-57636

Contributor SQL Injection in wpForo Forum = 3.0.9 versions...

8.5CVSS5.8AI score0.00211EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 9:16 p.m.9 views

CVE-2026-40794

Subscriber Broken Access Control in myCred = 3.0.3 versions...

6.5CVSS0.00279EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/26 11:45 a.m.12 views

EUVD-2026-31813

A security flaw has been discovered in Squirrel up to 3.2. Impacted is the function ReadObject of the file squirrel/sqobject.cpp of the component Cnut File Handler. Performing a manipulation results in heap-based buffer overflow. The attack is only possible with local access. The exploit has been...

5.3CVSS6AI score0.0017EPSS
Exploits1References5
Patchstack
Patchstack
added 2026/05/15 10:34 a.m.15 views

WordPress Smartcat Translator for WPML plugin <= 3.1.77 - Missing Authorization to Unauthenticated Plugin Settings Update vulnerability

Missing Authorization to Unauthenticated Plugin Settings Update vulnerability discovered by Alexis Lafontaine in WordPress Plugin Smartcat Translator for WPML versions = 3.1.77...

6.5CVSS5.8AI score0.00262EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/14 4:19 p.m.11 views

NPM: FlowiseAI: Vector Store No Permission Checks

NPM: FlowiseAI: Vector Store No Permission Checks vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...

5.8AI score0.00327EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/05/12 11:16 a.m.18 views

CVE-2026-42741

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman Ninja Forms Views Display & Edit Ninja Forms Submissions on your site frontend views-for-ninja-forms allows Blind SQL Injection.This issue affects Ninja Forms Views Display & Edit Ninja Forms...

8.5CVSS0.00223EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/11 3:31 a.m.8 views

EUVD-2026-29017

A vulnerability was determined in Squirrel up to 3.2. This affects the function SQFunctionProto::Load of the file squirrel/sqobject.cpp. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. T...

5.9CVSS5.9AI score0.00154EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/05/07 5:13 a.m.10 views

NPM: vm2 NodeVM `nesting: true` bypasses `require: false` allowing sandbox escape and arbitrary OS command execution

NPM: vm2 NodeVM nesting: true bypasses require: false allowing sandbox escape and arbitrary OS command execution vulnerability discovered by ? in WordPress Npm vm2 versions = 3.11.0...

9.1CVSS6.2AI score0.009EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/04/16 11:21 a.m.25 views

CVE-2026-3489

The CVE-2026-3489 entry concerns the DirectoryPress WordPress plugin (Business Directory and Classified Ad Listing) with vulnerable versions up to 3.6.26. The issue is an SQL Injection via the 'packages' parameter caused by insufficient escaping of user input and inadequate SQL query preparation,...

7.5CVSS5.9AI score0.00387EPSS
Exploits0References2
CVE
CVE
added 2026/04/08 8:30 a.m.12 views

CVE-2026-39665

The CVE describes a DOM-Based XSS vulnerability in the WordPress plugin SEO Friendly Images (seo-image) by Vladimir Prelovac, affecting versions from n/a up to 3.0.5. Root cause: Improper neutralization of input during web page generation. Impact stated across sources as cross-site scripting acce...

6.5CVSS5.9AI score0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/06 6:45 a.m.28 views

CVE-2026-5632 assafelovic gpt-researcher HTTP REST API Endpoint missing authentication

A vulnerability was found in assafelovic gpt-researcher up to 3.4.3. This impacts an unknown function of the component HTTP REST API Endpoint. Performing a manipulation results in missing authentication. It is possible to initiate the attack remotely. The exploit has been made public and could be...

7.5CVSS0.00414EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/27 11:55 a.m.2 views

CVE-2026-25100 Stored XSS via SVG File Upload in Bludit

Bludit is vulnerable to Stored Cross-Site Scripting XSS in its image upload functionality. An authenticated attacker with content upload privileges such as Author, Editor, or Administrator can upload an SVG file containing a malicious payload, which is executed when a victim visits the URL of the...

4.8CVSS5.8AI score0.0019EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/25 6:31 p.m.4 views

EUVD-2026-15851

Missing Authorization vulnerability in wp-configurator WP Configurator Pro wp-configurator-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Configurator Pro: from n/a through = 3.7.9...

5.8AI score0.00219EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/25 6:31 p.m.5 views

EUVD-2026-15695

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in eyecix Addon Jobsearch Chat addon-jobsearch-chat allows SQL Injection.This issue affects Addon Jobsearch Chat: from n/a through = 3.0...

5.9AI score0.00283EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.1 views

CVE-2026-25376 WordPress Addon Jobsearch Chat plugin <= 3.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in eyecix Addon Jobsearch Chat addon-jobsearch-chat allows Reflected XSS.This issue affects Addon Jobsearch Chat: from n/a through = 3.0...

7.1CVSS5.8AI score0.00175EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:14 p.m.10 views

CVE-2026-25376

CVE-2026-25376 —Concrete details across multiple sources show a Reflected Cross-Site Scripting (XSS) flaw in the WordPress addon/plugin named “Addon Jobsearch Chat” by eyecix, affecting versions through 3.0. The root cause is improper input handling during web page generation , allowing malicious...

7.1CVSS5.8AI score0.00175EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/13 9:31 p.m.6 views

EUVD-2026-11916

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Blind SQL Injection.This issue affects Media LIbrary Assistant: from n/a through = 3.32...

8.5CVSS5.8AI score0.00228EPSS
Exploits0References2
Rows per page
Query Builder