Lucene search
K

12143 matches found

CVE
CVE
added 2026/06/15 8:19 p.m.25 views

CVE-2026-49061

CVE-2026-49061 : Unauthenticated arbitrary file download in the WordPress plugin WPC Product Options for WooCommerce (versions

7.5CVSS5.2AI score0.00362EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:18 p.m.37 views

CVE-2026-40792 WordPress KiviCare plugin <= 4.2.1 - Insecure Direct Object References (IDOR) vulnerability

Subscriber Insecure Direct Object References IDOR in KiviCare = 4.2.1 versions...

6.3CVSS0.00249EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:17 p.m.24 views

CVE-2026-39465 WordPress Responsive Slider by MetaSlider plugin <= 3.106.0 - Remote Code Execution (RCE) vulnerability

Editor Remote Code Execution RCE in Responsive Slider by MetaSlider = 3.106.0 versions...

9.1CVSS0.0068EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/15 5:27 p.m.11 views

NPM: protobufjs : Schema-derived names can shadow runtime-significant properties

NPM: protobufjs : Schema-derived names can shadow runtime-significant properties vulnerability discovered by ? in WordPress Npm protobufjs-cli versions = 1.3.2...

5.3CVSS5.8AI score0.00238EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/15 5:17 p.m.6 views

NPM: vite: `server.fs.deny` bypass on Windows alternate paths

NPM: vite: server.fs.deny bypass on Windows alternate paths vulnerability discovered by ? in WordPress Npm vite versions = 6.4.2...

8.2CVSS5.8AI score0.00393EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2026/06/15 5:15 p.m.6 views

NPM: JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases

NPM: JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases vulnerability discovered by ? in WordPress Npm js-yaml versions = 4.1.1...

5.3CVSS5.8AI score0.00259EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/15 12:0 p.m.8 views

CVE-2018-25437 WordPress CherryFramework Themes 3.1.4 Backup File Download

WordPress CherryFramework Themes 3.1.4 contains an information disclosure vulnerability that allows unauthenticated attackers to download sensitive backup files by accessing the downloadbackup.php endpoint. Attackers can directly access the downloadbackup.php script in the admin/datamanagement...

8.7CVSS5.2AI score0.00287EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/15 12:0 p.m.33 views

CVE-2016-20083 WordPress More Fields Plugin 2.1 Cross-Site Request Forgery

WordPress More Fields Plugin 2.1 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by disabling CSRF token validation. Attackers can craft malicious web pages that trick logged-in administrators into adding or deleting custom fields and boxe...

6.9CVSS0.00138EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/15 6:0 a.m.40 views

CVE-2026-9278 Form Builder CP < 1.2.47 - Editor+ Stored XSS via form_structure

The Form Builder CP WordPress plugin before 1.2.47 does not properly sanitize a form configuration value before storing it and using it as part of a client-side script execution, allowing authenticated users with Editor-level access and above to perform Stored Cross-Site Scripting attacks against...

0.00159EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/14 12:0 a.m.10 views

PT-2026-49107

Name of the Vulnerable Software and Affected Versions WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms versions prior to 1.1.5 Description An unauthenticated PHP Object Injection issue exists in the plugin. PHP Object Injection occurs when user-supplied input is...

9.8CVSS5.8AI score0.00476EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/14 12:0 a.m.16 views

PT-2026-49141

Name of the Vulnerable Software and Affected Versions LatePoint versions prior to 5.5.2 Description A privilege escalation issue exists where users with Contributor roles can gain higher privileges. Recommendations Update to version 5.5.2 or later...

7.5CVSS5.2AI score0.00287EPSS
Exploits2References3
GithubExploit
GithubExploit
added 2026/06/13 1:43 p.m.99 views

Exploit for CVE-2026-1555

CVE-2026-1555: Unauthenticated Arbitrary File Upload in WebSta...

9.8CVSS5.3AI score0.00984EPSS
Exploits3
GithubExploit
GithubExploit
added 2026/06/13 11:45 a.m.83 views

Exploit for CVE-2026-48907

CVE-2026-48907 Description هذا الملف CVE-2025-9209.py هو أداة...

10CVSS5.3AI score0.80425EPSS
Exploits23
NVD
NVD
added 2026/06/13 7:16 a.m.13 views

CVE-2026-9134

The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customattributekey' shortcode parameter in versions up to, and including, 3.1.31 This is due to an incomplete JavaScript event handler blacklist in the foogallerysanitizejavascript function, which blocks onl...

6.4CVSS0.00203EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.12 views

WordPress plugin Soledad 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

5.4CVSS5.5AI score0.00177EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/10 6:30 p.m.89 views

Exploit for CVE-2026-9067

POC & Xploit - Proof of Concept Directory Dokumentasi dan exp...

9.1CVSS5.8AI score0.00426EPSS
Exploits1
EUVD
EUVD
added 2026/06/10 8:28 a.m.14 views

EUVD-2025-210104

The Doctreat Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.6.8. This is due to the doctreatprocessregistration function not properly restricting the roles that a user can register with. This makes it possible for unauthenticated attackers ...

9.8CVSS5.5AI score0.00494EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/10 6:0 a.m.9 views

CVE-2026-9060 Agile Store Locator < 1.6.6 - Admin+ Stored XSS via map_style

The Store Locator WordPress plugin before 1.6.6 does not sanitize and escape one of its settings before storing it and outputting it on the Store Locator WordPress plugin before 1.6.6 admin page, allowing high-privileged users such as administrators to perform Stored Cross-Site Scripting attacks...

5.5AI score0.00138EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.14 views

WordPress plugin Schema and Structured Data for WP and AMP 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

9.1CVSS5.5AI score0.00426EPSS
Exploits1References2
CVE
CVE
added 2026/06/09 3:41 a.m.18 views

CVE-2026-8909

WpMobi WordPress plugin (versions ≤ 0.0.3) is vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation in handleSaveGeneralSettings. This allows unauthenticated attackers to modify General Settings and inject scripts into an administrator’s browser via unescaped app_name...

4.3CVSS5.5AI score0.00128EPSS
Exploits0References4
Rows per page
Query Builder