Lucene search
K

127 matches found

Patchstack
Patchstack
added 2 days ago9 views

WordPress Export User Data plugin <= 2.2.6 - Authenticated (Subscriber+) PHP Object Injection to Arbitrary File Deletion vulnerability

Authenticated Subscriber+ PHP Object Injection to Arbitrary File Deletion vulnerability discovered by Webbernaut in WordPress Plugin Export User Data versions = 2.2.6...

8CVSS5.8AI score0.00341EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-40260

The Export User Data plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unserialize function in all versions up to, and including, 2.2.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to delet...

8CVSS6.5AI score0.00341EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-39989

A weakness has been identified in 78 xiaozhi-esp32 up to 2.2.6. Affected by this issue is the function ParseMessage of the file main/mcpserver.cc of the component MCP Response Handler. This manipulation causes improper synchronization. Remote exploitation of the attack is possible. The attack's...

3.1CVSS5.1AI score0.00228EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/15 6:36 p.m.12 views

EUVD-2021-34817

Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious extension packages through the block manager. Attackers can upload a crafted ZIP file containing PHP code in the packageinfo.inc file and...

8.8CVSS6.6AI score0.0071EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.12 views

WordPress plugin Testimonial Slider and Showcase 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.8AI score0.00197EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 6:31 a.m.4 views

EUVD-2026-20044

The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeatreceived function in the LiveUpdate class. This makes it possible for authenticated attackers, with...

5.3CVSS5.8AI score0.00545EPSS
Exploits0References7
NVD
NVD
added 2026/04/08 5:16 a.m.8 views

CVE-2026-4299

The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeatreceived function in the LiveUpdate class. This makes it possible for authenticated attackers, with...

5.3CVSS0.00545EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/08 3:36 a.m.2 views

CVE-2026-4299 MainWP Child Reports <= 2.2.6 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure via Heartbeat API

The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeatreceived function in the LiveUpdate class. This makes it possible for authenticated attackers, with...

5.3CVSS5.7AI score0.00545EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/03/26 5:4 p.m.6 views

CVE-2026-25344

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme Review Schema review-schema allows Retrieve Embedded Sensitive Data.This issue affects Review Schema: from n/a through = 2.2.6...

6.5CVSS5.8AI score0.0027EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/25 6:31 p.m.4 views

EUVD-2026-15657

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme Review Schema review-schema allows Retrieve Embedded Sensitive Data.This issue affects Review Schema: from n/a through = 2.2.6...

5.8AI score0.0027EPSS
Exploits0References2
NVD
NVD
added 2026/03/25 5:16 p.m.4 views

CVE-2026-25344

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme Review Schema review-schema allows Retrieve Embedded Sensitive Data.This issue affects Review Schema: from n/a through = 2.2.6...

6.5CVSS0.0027EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/05 6:30 a.m.5 views

EUVD-2026-9651

Incorrect Privilege Assignment vulnerability in Josh Kohlbach Wholesale Suite woocommerce-wholesale-prices allows Privilege Escalation.This issue affects Wholesale Suite: from n/a through = 2.2.6...

5.9AI score0.00241EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/05 5:54 a.m.2 views

CVE-2026-27541 WordPress Wholesale Suite plugin <= 2.2.6 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Josh Kohlbach Wholesale Suite woocommerce-wholesale-prices allows Privilege Escalation.This issue affects Wholesale Suite: from n/a through = 2.2.6...

5.8AI score0.00241EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.5 views

PT-2026-23272

Incorrect Privilege Assignment vulnerability in Josh Kohlbach Wholesale Suite woocommerce-wholesale-prices allows Privilege Escalation.This issue affects Wholesale Suite: from n/a through = 2.2.6...

5.9AI score0.00241EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/16 7:9 p.m.6 views

CVE-2021-47834 Schlix CMS 2.2.6-6 - 'title' Persistent Cross-Site Scripting (Authenticated)

Schlix CMS 2.2.6-6 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into category titles. Attackers can create a new contact category with a script payload that will execute when the page is viewed by other users...

6.4CVSS5.8AI score0.00248EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.7 views

Schlix CMS cross-site scripting vulnerability

Schlix CMS is a set of open-source content management systems developed by Schlix company, based on PHP and MySQL. The Schlix CMS 2.2.6-6 version has a cross-site scripting vulnerability. This vulnerability stems from the storage-based cross-site scripting in category titles, which may lead to th...

6.4CVSS5.8AI score0.00248EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.4 views

MiracleLinux 8 : cups-2.2.6-63.el8_10 (AXSA:2025-10849:06)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10849:06 advisory. cups: Authentication Bypass in CUPS Authorization Handling CVE-2025-58060 Tenable has extracted the preceding description block directly from the MiracleLin...

8CVSS7.9AI score0.00964EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 9:32 a.m.12 views

CVE-2023-25474

Cross-Site Request Forgery CSRF vulnerability in Csaba Kissi About Me 3000 widget plugin = 2.2.6 versions...

8.8CVSS7AI score0.00256EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.10 views

WordPress WP Job Portal plugin <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Job Deletion vulnerability

Insecure Direct Object Reference to Authenticated Employer+ Arbitrary Job Deletion vulnerability discovered by thevietronin - GalaxyOne in WordPress Plugin WP Job Portal versions = 2.2.6...

4.3CVSS5.4AI score0.00342EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/12/09 6:30 p.m.5 views

EUVD-2025-202096

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in rhewlif Donation Thermometer donation-thermometer allows Stored XSS.This issue affects Donation Thermometer: from n/a through = 2.2.6...

5.5AI score0.00161EPSS
Exploits0References2
Rows per page
Query Builder