Lucene search
K

23 matches found

EUVD
EUVD
added 2026/06/28 12:30 a.m.9 views

EUVD-2026-39968

The Frontend File Manager Plugin plugin for WordPress is vulnerable to Authenticated Arbitrary File Deletion in versions up to and including 23.6. This is due to a case-sensitive bypass of the wpfmdirpath parameter sanitization in the wpfmfilemetaupdate AJAX handler, where supplying WPFMDIRPATH i...

8.1CVSS5.8AI score0.00417EPSS
Exploits0References4
CVE
CVE
added 2026/06/27 11:28 p.m.25 views

CVE-2026-8095

CVE-2026-8095 — The Frontend File Manager Plugin for WordPress (up to version 23.6) is vulnerable to Authenticated Arbitrary File Deletion. A case-sensitive bypass of the wpfm_dir_path parameter sanitization in the wpfm_file_meta_update AJAX handler allows an attacker to overwrite the stored file...

8.1CVSS5.8AI score0.00417EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.11 views

CVE-2026-9019

The Easy Image Collage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'gridpropertiesborderColor' and 'gridimagesNattachmenturl' Parameters in all versions up to, and including, 1.13.6 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.6AI score0.00195EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 7:50 a.m.15 views

EUVD-2026-35995

The MW WP Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'memo' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above,...

4.4CVSS5.7AI score0.00201EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/10 7:50 a.m.39 views

CVE-2026-8853 MW WP Form <= 5.1.3 - Authenticated (Editor+) Stored Cross-Site Scripting via 'memo' Parameter

The MW WP Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'memo' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above,...

4.4CVSS0.00201EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.19 views

PT-2026-48394

The Easy Image Collage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'gridpropertiesborderColor' and 'gridimagesNattachment url' Parameters in all versions up to, and including, 1.13.6 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.6AI score0.00195EPSS
Exploits0References7
CVE
CVE
added 2026/05/02 8:27 a.m.16 views

CVE-2026-4024

Technical details about CVE-2026-4024 are not provided in the connected documents. Public specifics (affected versions, impact, fixes) require additional sources; monitor for updates.

5.3CVSS5.8AI score0.00501EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/02 8:27 a.m.36 views

CVE-2026-4024 Royal Addons for Elementor <= 1.7.1056 - Missing Authorization to Unauthenticated Form Action Meta Modification

The Royal Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wprupdateformactionmeta AJAX action in all versions up to, and including, 1.7.1056. The handler is registered on both wpajax and wpajaxnopriv hooks, maki...

5.3CVSS0.00501EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/04/10 1:22 a.m.4 views

CVE-2026-5806

A security vulnerability has been detected in code-projects Easy Blog Site 1.0. This affects an unknown function of the file /posts/update.php. The manipulation of the argument postTitle leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly a...

5.1CVSS4.2AI score0.0024EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/06 5:54 a.m.9 views

CVE-2025-12181

The ContentStudio plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the cstuupdatepost function in all versions up to, and including, 1.3.7. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrar...

8.8CVSS6.6AI score0.0053EPSS
Exploits0References1
CVE
CVE
added 2025/12/06 5:49 a.m.11 views

CVE-2025-13629

CVE-2025-13629 relates to the WP Landing Page WordPress plugin (versions up to 0.9.3). The vulnerability is a CSRF flaw caused by missing nonce validation in the wplp_api_update_text function, allowing unauthenticated attackers to forge requests that update arbitrary post meta if a site administr...

4.3CVSS5AI score0.00129EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/05 5:31 a.m.2 views

CVE-2025-12181 ContentStudio <= 1.3.7 - Authenticated (Author+) Arbitrary File Upload

The ContentStudio plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the cstuupdatepost function in all versions up to, and including, 1.3.7. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrar...

8.8CVSS6.5AI score0.0053EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/05 5:31 a.m.5 views

EUVD-2025-201376

The ContentStudio plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the cstuupdatepost function in all versions up to, and including, 1.3.7. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrar...

8.8CVSS6.8AI score0.0053EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.11 views

PT-2025-49206

Name of the Vulnerable Software and Affected Versions ContentStudio plugin for WordPress versions through 1.3.7 Description The ContentStudio plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation within the cstu update post function. This allows...

8.8CVSS7.3AI score0.0053EPSS
Exploits0References7
NVD
NVD
added 2025/11/25 8:15 a.m.18 views

CVE-2025-13380

The AI Engine for WordPress: ChatGPT, GPT Content Generator plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1. This is due to insufficient validation of user-supplied file paths in the 'lqdaiupdatepost' AJAX endpoint and the use of filegetconten...

6.5CVSS0.00461EPSS
Exploits1References6
Cvelist
Cvelist
added 2025/11/25 7:28 a.m.21 views

CVE-2025-13380 AI Engine for WordPress: ChatGPT, GPT Content Generator <= 1.0.1 - Authenticated (Contributor+) Arbitrary File Read

The AI Engine for WordPress: ChatGPT, GPT Content Generator plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1. This is due to insufficient validation of user-supplied file paths in the 'lqdaiupdatepost' AJAX endpoint and the use of filegetconten...

6.5CVSS0.00461EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/11/19 9:9 a.m.14 views

CVE-2025-12937

The ACF Flexible Layouts Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'acfflmupdatetemplatewithpastedlayout' function in all versions up to, and including, 1.1.6. This makes it possible for unauthenticated attackers to...

6.5CVSS5.3AI score0.00181EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/08 12:0 a.m.6 views

WordPress plugin FooGallery 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

4.3CVSS8.7AI score0.00297EPSS
Exploits0References5
CVE
CVE
added 2024/10/12 5:39 a.m.50 views

CVE-2024-9824

The ImagePress – Image Gallery WordPress plugin is affected up to version 1.2.2 by a Broken Access Control issue: missing capability checks on ip_delete_post and ip_update_post_title allow authenticated users with Subscriber+ rights to delete arbitrary posts and change post titles. Public details...

4.3CVSS4.8AI score0.00322EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/10/12 12:0 a.m.6 views

PT-2024-39868 · WordPress · The Imagepress – Image Gallery

Name of the Vulnerable Software and Affected Versions: The ImagePress – Image Gallery plugin for WordPress versions prior to 1.2.3 Description: The issue allows authenticated attackers with Subscriber-level access and above to modify data without authorization. This is due to a missing capability...

4.3CVSS6.9AI score0.00322EPSS
Exploits0References6
Rows per page
Query Builder