Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Cvelist
Cvelistadded 2026/05/27 1:26 a.m.28 views

CVE-2026-6565 Style Kits – Advanced Theme Styles for Elementor <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Kit Title

The Style Kits – Advanced Theme Styles for Elementor, Elementor Kits & Elementor Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '/wp-json/agwp/v1/tokens/save' endpoint kit title parameter in versions up to, and including, 2.5.0 due to insufficient input...

6.4CVSS0.00032EPSS
Exploits0References2
EUVD
EUVDadded 2026/03/21 6:30 a.m.0 views

EUVD-2026-14012

The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 5.5.10. This is due to the verifyrole function in AuthTrails.php explicitly whitelisting the wcfmvendor role alongside subscriber and...

6.5CVSS5.8AI score0.00087EPSS
Exploits0References4
The Hacker News
The Hacker Newsadded 2026/01/16 5:59 p.m.5 views

GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection

The JavaScript aka JScript malware loader called GootLoader has been observed using a malformed ZIP archive that's designed to sidestep detection efforts by concatenating anywhere from 500 to 1,000 archives. "The actor creates a malformed archive as an anti-analysis technique," Expel security...

6.8AI score
Exploits0
Positive Technologies
Positive Technologiesadded 2026/01/14 12:0 a.m.3 views

PT-2026-2832

The LottieFiles – Lottie block for Gutenberg plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.0 via the /wp-json/lottiefiles/v1/settings/ REST API endpoint. This makes it possible for unauthenticated attackers to retrieve the site...

5.3CVSS6AI score0.00063EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2025/09/30 4:27 a.m.2 views

CVE-2025-7038 LatePoint <= 5.1.94 - Unauthenticated Authentication Bypass via load_step Function

The LatePoint plugin for WordPress is vulnerable to Authentication Bypass due to insufficient identity verification within the stepsloadstep route of the latepointroutecall AJAX endpoint in all versions up to, and including, 5.1.94. The endpoint reads the client-supplied customer email and relate...

8.2CVSS5.5AI score0.00443EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2025/05/22 11:35 p.m.2 views

CVE-2022-2034

The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers...

5.3CVSS6.8AI score0.33749EPSS
Exploits2References1
Positive Technologies
Positive Technologiesadded 2021/08/19 12:0 a.m.3 views

PT-2021-21730

Name of the Vulnerable Software and Affected Versions WP Cerber versions prior to 8.9.3 Description The issue allows bypass of /wp-json access control via a trailing ? character. Recommendations For versions prior to 8.9.3, update to version 8.9.3 or later to resolve the issue. As a temporary...

5.3CVSS6.8AI score0.05679EPSS
Exploits1References6
Rows per page
Query Builder