Lucene search
K

3369 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:18 a.m.37 views

CVE-2025-1326

The Homey theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the homeyreservationdel function in all versions up to, and including, 2.4.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete...

4.3CVSS6.6AI score0.002EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:18 a.m.7 views

CVE-2025-1672

The Notibar – Notification Bar for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.5CVSS5.6AI score0.00285EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:15 a.m.8 views

CVE-2024-2324

The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg file upload in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers t...

5.4CVSS5.9AI score0.0032EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:14 a.m.10 views

CVE-2024-2137

The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple pricing widgets e.g. Pricing Single, Pricing Icon, Pricing Tab in all versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. Thi...

6.4CVSS6.1AI score0.0032EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:14 a.m.20 views

CVE-2024-2456

The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 6.12.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00353EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:14 a.m.7 views

CVE-2024-2618

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the size attribute in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.8AI score0.00322EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:14 a.m.30 views

CVE-2024-2340

The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with ...

5.3CVSS6.7AI score0.27997EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:14 a.m.7 views

CVE-2024-2974

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 5.9.13 via the loadmore function. This can allow unauthenticated attackers to extract sensitiv...

5.3CVSS6.8AI score0.00496EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:14 a.m.9 views

CVE-2024-2183

The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.5AI score0.00423EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:13 a.m.7 views

CVE-2024-2750

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of the Button widget in all versions up to, and including, 2.6.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.9AI score0.0032EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:13 a.m.7 views

CVE-2024-2844

The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajaxcancelappointment function in all versions up to, and including, 3.11.18. This makes it possible for unauthenticated attackers to cancel other users orders...

4.3CVSS6.8AI score0.00435EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:13 a.m.6 views

CVE-2024-2187

The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonials widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.8AI score0.00423EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:11 a.m.25 views

CVE-2025-1304

The NewsBlogger theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the newsbloggerinstallandactivateplugin function in all versions up to, and including, 0.2.5.1. This makes it possible for authenticated attackers, with subscriber-level access and...

8.8CVSS7.6AI score0.00996EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:9 a.m.10 views

CVE-2024-2038

The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible fo...

7.5CVSS6.8AI score0.00494EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:9 a.m.11 views

CVE-2024-2771

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint in all versions up to, and including, 5.1.16. This makes ...

9.8CVSS6.9AI score0.02333EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/01/07 8:21 a.m.28 views

CVE-2025-12030 ACF to REST API <= 3.3.4 - Insecure Direct Object Reference to Authenticated (Contributor+) ACF Field/Option Modification

The ACF to REST API plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.4. This is due to insufficient capability checks in the updateitempermissionscheck method, which only verifies that the current user has the editposts capability...

4.3CVSS0.00289EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2026/01/06 9:17 p.m.157 views

Exploit for CVE-2025-12030

CVE-2025-12030: Insecure Direct Object Reference in ACF to RES...

6.1AI score0.00289EPSS
Exploits1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.5 views

WordPress SecuPress Free - WordPress Security plugin <= 2.2.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via secupress_check_ban_ips_form Shortcode vulnerability

WordPress SecuPress Free - WordPress Security plugin = 2.2.5.3 - Authenticated Contributor+ Stored Cross-Site Scripting via secupresscheckbanipsform Shortcode vulnerability discovered by Brian Sans-Souci liardom in WordPress Plugin SecuPress Free versions = 2.2.5.3...

6.4CVSS5.4AI score0.00193EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.3 views

WordPress plugin LearnPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

7.5CVSS6.5AI score0.0023EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.1 views

WordPress plugin Plan My Day 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

8.1CVSS6.7AI score0.00445EPSS
Exploits0References1
Rows per page
Query Builder