Lucene search
K

83678 matches found

CVE
CVE
added 2026/06/15 8:17 p.m.13 views

CVE-2026-39434

CVE-2026-39434 affects WordPress CTX Feed plugin (WebAppick CTX Feed) versions

7.2CVSS5.3AI score0.00446EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:17 p.m.12 views

CVE-2026-34901

CVE-2026-34901 affects WordPress iControlWP plugin,

9.8CVSS5.2AI score0.00321EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:17 p.m.23 views

CVE-2026-34898 WordPress Event Tickets Manager for WooCommerce plugin <= 1.5.3 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Event Tickets Manager for WooCommerce = 1.5.3 versions...

7.5CVSS0.00246EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:17 p.m.10 views

CVE-2026-34886

The CVE-2026-34886 entry affects WordPress WordPress Simple Membership plugin versions

7.5CVSS5.1AI score0.00251EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:17 p.m.24 views

CVE-2026-27089 WordPress WpTravelly plugin <= 2.1.7 - Bypass Vulnerability vulnerability

Unauthenticated Bypass Vulnerability in WpTravelly = 2.1.7 versions...

7.5CVSS0.00267EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:17 p.m.23 views

CVE-2026-24637 WordPress PowerPress Podcasting plugin <= 11.15.10 - SQL Injection vulnerability

Contributor SQL Injection in PowerPress Podcasting = 11.15.10 versions...

8.5CVSS0.00253EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:17 p.m.20 views

CVE-2026-23970

The CVE covers WordPress plugin Redirection for Contact Form 7 (versions

7.1CVSS5.1AI score0.00237EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:17 p.m.31 views

CVE-2026-9691 WordPress Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms = 1.1.1 versions...

9.8CVSS0.00476EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/15 8:17 p.m.25 views

CVE-2025-69332 WordPress Bookify plugin <= 1.1.1 - Broken Access Control vulnerability

Subscriber Broken Access Control in Bookify = 1.1.1 versions...

6.5CVSS0.00326EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:17 p.m.12 views

CVE-2025-68872

CVE-2025-68872 is a reflected XSS vulnerability in the WordPress plugin “Eli's WordCents adSense Widget with Analytics” (versions

7.1CVSS5.1AI score0.00175EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:17 p.m.24 views

CVE-2025-68872 WordPress Eli's WordCents adSense Widget with Analytics plugin <= 1.3.03.27 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Elis WordCents adSense Widget with Analytics = 1.3.03.27 versions...

7.1CVSS0.00175EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:17 p.m.24 views

CVE-2025-68851 WordPress Okay Toolkit plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Okay Toolkit = 2.3 versions...

7.1CVSS0.00186EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 8:17 p.m.5 views

CVE-2025-68840 WordPress iRobots.txt SEO plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in iRobots.txt SEO = 1.1.2 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:17 p.m.14 views

CVE-2025-68049

CVE-2025-68049 affects the WordPress bunny.net plugin, version up to 2.3.6, with a Broken Access Control flaw. The CVSS 3.1 base metrics indicate Low impact to confidentiality, integrity, and availability, and a network attack vector with low privileges required and no user interaction. The provi...

6.3CVSS5.1AI score0.00242EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 2:16 p.m.9 views

CVE-2018-25436

WordPress Plugin Baggage Freight Shipping Australia 0.1.0 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files by exploiting the upload-package.php endpoint. Attackers can submit POST requests with malicious file extensions to the uplo...

9.8CVSS0.00661EPSS
Exploits0References4
NVD
NVD
added 2026/06/15 2:16 p.m.11 views

CVE-2016-20082

WordPress Plugin Abtest contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the action parameter. Attackers can send GET requests to abtestadmin.php with malicious action values to include files from the admin directory an...

6.9CVSS0.00326EPSS
Exploits0References3
NVD
NVD
added 2026/06/15 2:16 p.m.12 views

CVE-2016-20077

WordPress Plugin Photocart Link 1.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in decode.php. Attackers can supply base64-encoded file paths in the 'id' parameter to the decode.php endpoin...

6.9CVSS0.00374EPSS
Exploits0References3
NVD
NVD
added 2026/06/15 2:16 p.m.11 views

CVE-2016-20081

WordPress Plugin HB Audio Gallery Lite 1.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the filepath parameter. Attackers can send requests to the audio-download.php endpoint with directory traversal sequences to acces...

8.7CVSS0.00641EPSS
Exploits0References3
NVD
NVD
added 2026/06/15 2:16 p.m.10 views

CVE-2016-20074

WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into submitting POST requests to the plugin settings page via...

5.3CVSS0.00106EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 2:16 p.m.11 views

CVE-2016-20071

The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through unsanitized user input. Attackers can craft GET requests with SQL injection payloa...

8.8CVSS0.00302EPSS
Exploits0References3
Rows per page
Query Builder