Lucene search
K

320 matches found

NVD
NVD
added yesterday5 views

CVE-2026-57815

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows Path Traversal.This issue affects Forminator: from n/a through = 1.55.0.2...

7.5CVSS0.00503EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday5 views

CVE-2026-57406 WordPress FundEngine plugin <= 1.7.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Roxnor FundEngine wp-fundraising-donation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FundEngine: from n/a through = 1.7.6...

6.5CVSS0.00332EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday11 views

Giga Messenger WordPress - Cross-Site Scripting

Giga Messenger WordPress plugin = 2.3.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

6.1CVSS7AI score0.00567EPSS
Exploits1References2
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43148

The SureCart plugin for WordPress is vulnerable to privilege escalation via account takeover in versions up to, and including, 4.2.3. This is due to the plugin not properly validating a user's identity prior to updating their details like email during customer profile synchronization from webhook...

8.1CVSS6.1AI score0.00302EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43121

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.5.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

6.5CVSS6.1AI score0.00249EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/01 5:42 p.m.37 views

CVE-2026-57737 WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.16 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Averta LTD Shortcodes and extra features for Phlox theme allows DOM-Based XSS. This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.17.16...

6.5CVSS0.00139EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/01 4:56 p.m.6 views

CVE-2026-57721

Missing Authorization vulnerability in WP Reloaded ApplyOnline allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ApplyOnline: from n/a through 2.6.7.6...

5.3CVSS5.8AI score0.00184EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/27 6:50 a.m.37 views

CVE-2026-12399 Gutenverse <= 3.8.0 - Authenticated (Editor+) Stored Cross-Site Scripting via 'fonts[].font.font.value' Parameter

The Gutenverse – WordPress Blocks, Page Builder & Site Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.4CVSS0.00246EPSS
Exploits0References12
CVE
CVE
added 2026/06/17 9:50 a.m.11 views

CVE-2025-58952

CVE-2025-58952 : Unauthenticated Local File Inclusion in WordPress Neuronet theme prior to 1.14.0. Affected: Neuronet

8.1CVSS5.2AI score0.00338EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/16 11:34 p.m.5 views

NPM: n8n: SecurityScorecard Node Leaks API Token to User-Controlled Host

NPM: n8n: SecurityScorecard Node Leaks API Token to User-Controlled Host vulnerability discovered by ? in WordPress Npm n8n versions 1.123.55...

7.7CVSS5.8AI score0.00353EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.12 views

CVE-2026-5742

The UsersWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.2.60. This is due to insufficient input sanitization of user-supplied URL fields and improper output escaping when rendering user profile data in badge widgets. This makes it possible f...

6.4CVSS5.6AI score0.00234EPSS
Exploits0References1
CVE
CVE
added 2026/06/02 9:47 a.m.17 views

CVE-2025-53345

CVE-2025-53345: A Missing Authorization flaw in ThimPress Thim Core (WordPress plugin) allows arbitrary code execution when a malicious vulnerable plugin is installed, affecting Thim Core up to version 2.3.3. CVSS v3.1 metrics indicate Network attack vector, Low attack complexity, Privileges Requ...

8.8CVSS6.2AI score0.00302EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/02 7:48 a.m.10 views

CVE-2026-9599 Tectite Forms <= 1.3 - Cross-Site Request Forgery to Settings Update

The Tectite Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the admininit function. This makes it possible for unauthenticated attackers to modify the plugin's settings,...

4.3CVSS5.7AI score0.00128EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.6 views

WordPress plugin Spin 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.1CVSS5.3AI score0.00337EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.8 views

WordPress plugin Racquet 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.1CVSS5.4AI score0.00327EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 6:46 a.m.10 views

CVE-2026-2030

The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lvcacarousel and lvcapostscarousel shortcode attributes in all versions up to, and including, 3.9.4 due to insufficient input sanitization and output escaping. Specifically,...

6.4CVSS6AI score0.00235EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/27 5:31 a.m.11 views

CVE-2026-8703 Endless Scroll <= 1.0.0 - [Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')]

The Endless Scroll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access a...

6.4CVSS6AI score0.00187EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/27 4:28 a.m.11 views

EUVD-2025-209950

The Yoast SEO plugin for WordPress is vulnerable to Insecure Direct Object References in all versions up to, and including, 26.5. This is due to insufficient authorization checks in the Meta Search REST API endpoint that fail to verify post ownership. This makes it possible for authenticated...

4.3CVSS5.7AI score0.00288EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.7 views

WordPress plugin KiviCare 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

8.2CVSS5.8AI score0.00255EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

WordPress plugin GenerateBlocks 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

6.5CVSS5.8AI score0.00298EPSS
Exploits0References1
Rows per page
Query Builder