Lucene search
K

14 matches found

Nuclei
Nuclei
added 10 hours ago17 views

MStore API <= 3.9.1 - Authentication Bypass

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.1. This is due to insufficient verification on the user being supplied during the cart sync from mobile REST API request through the plugin. This makes it possible for unauthenticated...

9.8CVSS7.2AI score0.03805EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/06/26 12:30 p.m.5 views

WordPress WP Post Author plugin <= 3.9.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by hhhai in WordPress Plugin WP Post Author versions = 3.9.1...

8.5CVSS5.8AI score0.00211EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/17 1:20 p.m.7 views

CVE-2026-24611

Unauthenticated Broken Access Control in MetForm Pro = 3.9.1 versions...

9.1CVSS0.00437EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.9 views

JeecgBoot 访问控制错误漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.1 and earlier contain an access control vulnerability. This vulnerability stems from improper handling of the LoginController.selectDepart function in the sys/...

7.5CVSS7.1AI score0.00291EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.8 views

JeecgBoot 注入漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.1 and earlier contained an injection vulnerability. This vulnerability stemmed from the parameter keyword in the SqlInjectionUtil function of the component.loadDi...

6.5CVSS6.7AI score0.00204EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.10 views

WordPress plugin Image Source Control Lite – Show Image Credits and Captions 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.9AI score0.00155EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.7 views

WordPress plugin Smartsupp – live chat, AI shopping assistant and chatbots 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.7AI score0.00266EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/09/27 8:44 a.m.9 views

CVE-2025-60040

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fkrauthan wp-mpdf wp-mpdf allows Stored XSS.This issue affects wp-mpdf: from n/a through = 3.9.1...

6.5CVSS5.9AI score0.00196EPSS
Exploits0References1
CVE
CVE
added 2025/09/26 8:31 a.m.16 views

CVE-2025-60040

CVE-2025-60040 is a Stored XSS in the WordPress plugin wp-mpdf. Affected software: wp-mpdf up to version 3.9.1 (authentication required). The issue arises from improper input neutralization during web page generation, enabling stored malicious script execution in the context of vulnerable sites. ...

6.5CVSS5.9AI score0.00196EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/09/20 12:0 a.m.5 views

PT-2024-31909 · Unknown · Gdidees Cms

Name of the Vulnerable Software and Affected Versions: GDidees CMS versions 3.9.1 and earlier Description: A file upload vulnerability exists in the software. This issue allows for malicious file uploads, potentially leading to security breaches. Recommendations: For versions 3.9.1 and earlier,...

9.8CVSS7.3AI score0.00456EPSS
Exploits0References7
Patchstack
Patchstack
added 2024/05/23 10:19 a.m.2 views

WordPress WP Ultimate Post Grid plugin <= 3.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Krzysztof Zając in WordPress Plugin WP Ultimate Post Grid versions = 3.9.1...

6.4CVSS5.7AI score0.00342EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/06/03 12:0 a.m.11 views

WordPress plugin Event Registration Calendar By vcita 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

6.5CVSS7.4AI score0.00419EPSS
Exploits2References5
OSV
OSV
added 2022/10/18 3:15 p.m.2 views

CVE-2022-33874

An improper neutralization of special elements used in an OS Command 'OS Command Injection' vulnerabilities CWE-78 in SSH login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the...

9.8CVSS6AI score
Exploits0References1
vulnersOsv
vulnersOsv
added 2022/05/13 1:7 a.m.7 views

org.cloudfoundry.identity:cloudfoundry-identity-api (>=3.7.0 <=3.9.1), org.cloudfoundry.identity:cloudfoundry-identity-app (>=3.7.0 <=3.9.1) +1 more potentially affected by CVE-2017-8032 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=3.7.0 <=3.9.1)

org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.7.0, =3.7.0, =3.7.0, =3.7.0, =3.9.1 Source cves: CVE-2017-8032 Source advisory: OSV:GHSA-9FRW-WMVQ-5RRC...

6.6CVSS6.6AI score0.00879EPSS
Exploits0
Rows per page
Query Builder