Lucene search
K

377 matches found

NVD
NVD
added 6 days ago5 views

CVE-2026-57322

Unauthenticated Cross Site Scripting XSS in weMail = 2.1.2 versions...

7.1CVSS0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-57322 WordPress weMail plugin <= 2.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in weMail = 2.1.2 versions...

7.1CVSS0.0018EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 6 days ago12 views

PT-2026-52696

Name of the Vulnerable Software and Affected Versions Apache Kerby versions prior to 2.1.2 Description Sending a deeply nested ASN1 Abstract Syntax Notation One, a standard interface for describing data structures structure to a client or service can trigger a StackOverFlow Exception, resulting i...

6.5CVSS5.8AI score0.00294EPSS
Exploits0References6
CVE
CVE
added 2026/06/16 8:57 p.m.15 views

CVE-2026-39539

Summary: CVE-2026-39539 concerns unauthenticated PHP Object Injection in the WordPress plugin/theme “Alloggio - Hotel Booking” versions ≤ 2.1.2. The affected component is the Alloggio Hotel Booking theme; the underlying issue is described as a PHP Object Injection vulnerability. The CVSS base sco...

8.1CVSS5.3AI score0.00308EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.8 views

CVE-2022-41656

Missing Authorization vulnerability in Bizswoop Account Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Account Manager for WooCommerce: from n/a through 2.1.2...

4.3CVSS5.4AI score0.00218EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.9 views

CVE-2026-3599

The Riaxe Product Customizer plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter keys within 'productdata' of the /wp-json/InkXEProductDesignerLite/add-item-to-cart REST API endpoint in all versions up to, and including, 2.1.2. This is due to insufficient escaping on t...

7.5CVSS5.7AI score0.00489EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 3:30 p.m.43 views

CVE-2022-41656 WordPress Account Manager for WooCommerce plugin <= 2.1.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Bizswoop Account Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Account Manager for WooCommerce: from n/a through 2.1.2...

4.3CVSS0.00218EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.7 views

WordPress plugin Account Manager for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

4.3CVSS5.8AI score0.00218EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/15 6:30 p.m.16 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the SQL code generation process. An attacker can execute arbitrary code on TaskManagers by submitting specially crafted SQL queries that exploit improper escaping of user-controlled strings in generated Java...

8.6CVSS6.3AI score0.00381EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/15 3:27 p.m.46 views

CVE-2026-35194 Apache Flink: Remote code execution via SQL injection in code generation

Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...

0.00381EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.17 views

PT-2026-40895

Name of the Vulnerable Software and Affected Versions CC Child Pages versions prior to 2.1.2 Description The CC Child Pages plugin for WordPress contains a Stored Cross-Site Scripting issue caused by insufficient input sanitization and output escaping. Authenticated attackers with Contributor-lev...

6.4CVSS6AI score0.00156EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/11 4:11 p.m.8 views

CVE-2026-42603

OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Prior to 2.1.2, .github/workflows/pre-commit-fix.yaml uses pullrequesttarget privileged trigger but checks out and executes code directly from the attacker's fork, enabling...

8.8CVSS5.9AI score0.0025EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/09 4:15 a.m.11 views

CVE-2026-42560 auth: Patreon provider assigns the same local user ID to every authenticated Patreon account, enabling cross‑user impersonation

auth provides authentication via oauth2, direct and email. From versions 1.18.0 to before 1.25.2 and 2.0.0 to before 2.1.2, the Patreon OAuth provider maps every authenticated Patreon account to the same local user.ID, instead of deriving a unique ID from the Patreon account returned by Patreon. ...

9.1CVSS5.7AI score0.00417EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/09 4:15 a.m.7 views

CVE-2026-42560

auth provides authentication via oauth2, direct and email. From versions 1.18.0 to before 1.25.2 and 2.0.0 to before 2.1.2, the Patreon OAuth provider maps every authenticated Patreon account to the same local user.ID, instead of deriving a unique ID from the Patreon account returned by Patreon. ...

9.1CVSS5.7AI score0.00417EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.9 views

CVE-2026-6449

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 2.1.2. This is due to a logical short-circuit flaw in authorization logic that causes token validation to be entirely skipped when a booking...

5.3CVSS5.8AI score0.00458EPSS
Exploits0References1
NVD
NVD
added 2026/05/02 8:16 a.m.4 views

CVE-2026-6449

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 2.1.2. This is due to a logical short-circuit flaw in authorization logic that causes token validation to be entirely skipped when a booking...

5.3CVSS0.00458EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/05/02 7:46 a.m.7 views

CVE-2026-6449 Booking for Appointments and Events Calendar – Amelia <= 2.1.2 - Unauthenticated Authorization Bypass via Remote Approval Endpoint

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 2.1.2. This is due to a logical short-circuit flaw in authorization logic that causes token validation to be entirely skipped when a booking...

5.3CVSS5.8AI score0.00458EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.10 views

WordPress plugin Booking for Appointments and Events Calendar – Amelia 授权问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5.3CVSS5.8AI score0.00458EPSS
Exploits0References1
CVE
CVE
added 2026/04/16 5:29 a.m.12 views

CVE-2026-3595

CVE-2026-3595 affects the Riaxe Product Customizer plugin for WordPress. All versions up to and including 2.1.2 are vulnerable due to an unauthenticated authorization bypass: the plugin registers a REST API route POST /wp-json/InkXEProductDesignerLite/customer/delete_customer without a permission...

5.3CVSS5.7AI score0.00441EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/04/16 12:34 a.m.6 views

WordPress Riaxe Product Customizer plugin <= 2.1.2 - Unauthenticated Arbitrary User Deletion via 'user_id' Parameter vulnerability

Unauthenticated Arbitrary User Deletion via 'userid' Parameter vulnerability discovered by Kai Aizen in WordPress Plugin Riaxe Product Customizer versions = 2.1.2...

5.3CVSS5.8AI score0.00441EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder