Lucene search
+L

933 matches found

cve
cve
added 3 days ago10 views

CVE-2026-57815

CVE-2026-57815 documents a path traversal vulnerability in the WordPress plugin Forminator (WPMU DEV Your All-in-One WordPress Platform Forminator) affecting version range up to and including 1.55.0.2. The issue is described as Improper Limitation of a Pathname to a Restricted Directory, enabling...

7.5CVSS6.1AI score0.00335EPSS
Exploits0References1
cvelist
cvelist
added 3 days ago29 views

CVE-2026-61968 WordPress myCred plugin <= 3.1.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects myCred: from n/a through = 3.1.2...

5.4CVSS0.0017EPSS
Exploits0References1
cvelist
cvelist
added 3 days ago27 views

CVE-2026-57365 WordPress reCAPTCHA (v2 & v3) for Asgaros Forum plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hitesh Chandwani reCAPTCHA v2 & v3 for Asgaros Forum recaptcha-for-asgaros-forum allows DOM-Based XSS.This issue affects reCAPTCHA v2 & v3 for Asgaros Forum: from n/a through = 1.1.0...

6.5CVSS0.00161EPSS
Exploits0References1
cvelist
cvelist
added 5 days ago29 views

CVE-2026-2354 Swiss Toolkit For WP <= 1.4.6 - Authenticated (Author+) Arbitrary File Upload via upload_extension_files()

The Swiss Toolkit For WP plugin for WordPress is vulnerable to arbitrary file upload due to a flawed file type validation bypass in the uploadextensionfiles function in all versions up to, and including, 1.4.6. The uploadextensionfiles function hooks into WordPress's wpcheckfiletypeandext filter...

8.8CVSS0.00553EPSS
Exploits0References5
cvelist
cvelist
added 6 days ago38 views

CVE-2026-12918 Mail Mint <= 1.24.1 - Authenticated (Administrator+) SQL Injection via 'recipients' Parameter

The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to generic SQL Injection via the 'recipients' parameter in all versions up to, and including, 1.24.1 due to insufficient escaping on the user supplied parameter and lack of...

4.9CVSS0.00319EPSS
Exploits0References6
cve
cve
added 6 days ago5 views

CVE-2026-6802

The CVE-2026-6802 entry concerns the WordPress plugin Easy Upload Files During Checkout, affected up to version 3.0.1. The vulnerability stems from missing authorization checks in the ufdc_custom_init() function, which processes the eufdc-delete parameter without nonce verification, capability ch...

5.3CVSS6.2AI score0.00243EPSS
Exploits0References8
patchstack
patchstack
added 2026/07/09 1:58 p.m.5 views

WordPress AIWU plugin <= 1.5.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by VanTastic in WordPress Plugin AIWU versions = 1.5.4...

9.3CVSS6.1AI score0.0025EPSS
Exploits0Affected Software1
cve
cve
added 2026/07/09 9:31 a.m.11 views

CVE-2026-14372

The Bit Form WordPress plugin (Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder) is affected up to version 3.1.1 due to insufficient file path validation in deleteFiles, enabling authenticated users with subscriber+ to delete arbitrary server files (poten...

7.1CVSS6.7AI score0.00691EPSS
Exploits0References13
cve
cve
added 2026/07/08 4:30 a.m.15 views

CVE-2026-14482

The CVE-2026-14482 entry covers the WordPress plugin “多说社会化评论框” (

8.8CVSS6AI score0.00318EPSS
Exploits0References4
osv
osv
added 2026/07/04 8:15 p.m.4 views

CVE-2026-14651 connorskees grass visitor denial of service

A vulnerability has been found in connorskees grass up to 0.13.4. The impacted element is the function grasscompiler::selector::extend/grasscompiler::evaluate::visitor. The manipulation leads to denial of service. The attack must be carried out locally. The exploit has been disclosed to the publi...

4.8CVSS5AI score0.00115EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/07/04 12:0 a.m.12 views

PT-2026-55731

Name of the Vulnerable Software and Affected Versions connorskees grass versions prior to 0.13.5 Description A local manipulation of the grass compiler::selector::extend/grass compiler::evaluate::visitor function can lead to a denial of service. This occurs because the @extend algorithm is...

4.8CVSS5.9AI score0.00115EPSS
Exploits0References10
attackerkb
attackerkb
added 2026/07/03 7:53 a.m.8 views

CVE-2026-11778

The The CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.2.14. This is due to the software allowing users to execute an action that does not properly validate a value...

5.4CVSS6.3AI score0.00255EPSS
Exploits0References5
nvd
nvd
added 2026/07/03 6:16 a.m.6 views

CVE-2026-8892

The CM Business Directory – Optimise and showcase local business plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Business Address Meta Fields in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00212EPSS
Exploits0References7
cvelist
cvelist
added 2026/07/02 11:15 a.m.36 views

CVE-2026-57747 WordPress Booked plugin <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF in Booked = 3.0.0 versions...

6.5CVSS0.00124EPSS
Exploits0References1
cve
cve
added 2026/07/02 11:15 a.m.15 views

CVE-2026-57682

The CVE-2026-57682 entry affects the WordPress plugin “Simple Link Directory” version ≤ 15.0.5, with an unauthenticated Cross Site Scripting (XSS) vulnerability. The connected records confirm the vulnerability type (XSS) and affected version, but do not provide concrete root-cause details, exploi...

7.1CVSS5.8AI score0.00191EPSS
Exploits0References1
cvelist
cvelist
added 2026/07/02 11:15 a.m.35 views

CVE-2026-42382 WordPress Audrey theme <= 1.5 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Audrey = 1.5 versions...

8.1CVSS0.00303EPSS
Exploits0References1
cvelist
cvelist
added 2026/07/02 8:33 a.m.37 views

CVE-2026-10104 Product Video Gallery for Woocommerce <= 1.5.1.8 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via custom_thumbnail Parameter

The Product Video Gallery for Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via customthumbnail Parameter in all versions up to, and including, 1.5.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS0.00263EPSS
Exploits1References8
ptsecurity
ptsecurity
added 2026/07/02 12:0 a.m.14 views

PT-2026-54975

Name of the Vulnerable Software and Affected Versions Pearl - Corporate Business versions prior to 3.4.11 Description An unauthenticated Local File Inclusion LFI issue exists, which allows an attacker to read files from the local file system without requiring authentication. Recommendations Updat...

8.1CVSS5.9AI score0.00282EPSS
Exploits0References4
cve
cve
added 2026/06/29 1:36 p.m.18 views

CVE-2026-57332

The CVE affects the WordPress Wallet System for WooCommerce plugin, specifically versions

7.1CVSS5.8AI score0.00256EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/29 12:0 a.m.11 views

PT-2026-53292

Name of the Vulnerable Software and Affected Versions Paid Videochat Turnkey Site versions 7.4.8 and earlier Description An issue exists that allows a performer to perform arbitrary file deletion within the system. Recommendations At the moment, there is no information about a newer version that...

9.9CVSS5.9AI score0.00344EPSS
Exploits0References4
Rows per page
Query Builder