Lucene search
K

83678 matches found

Vulnrichment
Vulnrichment
added 2026/06/15 12:0 p.m.6 views

CVE-2016-20075 WordPress Ultimate Product Catalog 3.8.6 Arbitrary File Upload RCE

WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields functionality. Attackers can upload PHP shells through the...

8.8CVSS6AI score0.00327EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/15 12:0 p.m.6 views

EUVD-2016-10887

WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields functionality. Attackers can upload PHP shells through the...

8.8CVSS6AI score0.00327EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/15 12:0 p.m.6 views

CVE-2016-20074 WordPress Lazy Content Slider Plugin 3.4 CSRF

WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into submitting POST requests to the plugin settings page via...

5.3CVSS5.1AI score0.00106EPSS
Exploits0References2
CVE
CVE
added 2026/06/15 12:0 p.m.11 views

CVE-2016-20073

The Answer My Question 1.3 WordPress plugin contains an unauthenticated SQL injection in modal.php via the id POST parameter, enabling attackers to execute arbitrary SQL and extract sensitive database information (e.g., WordPress terms and configuration data). CVSS metrics are provided: CVSS v3.1...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/15 12:0 p.m.7 views

EUVD-2016-10885

Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' POST parameter. Attackers can submit crafted SQL statements to the modal.php endpoint to extract...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/15 12:0 p.m.7 views

CVE-2016-20073 Answer My Question 1.3 Plugin WordPress SQL Injection via modal.php

Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' POST parameter. Attackers can submit crafted SQL statements to the modal.php endpoint to extract...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References4
CVE
CVE
added 2026/06/15 12:0 p.m.13 views

CVE-2016-20072

CVE-2016-20072 affects the BBS e-Franchise 1.1.1 WordPress plugin. The vulnerability is an SQL injection in the uid parameter used by the plugin’s shortcode, enabling unauthenticated attackers to craft requests (Union-based SQLi) to extract sensitive data (e.g., user information, taxonomy terms)....

8.8CVSS6.2AI score0.0027EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/15 12:0 p.m.27 views

CVE-2016-20072 BBS e-Franchise 1.1.1 WordPress Plugin SQL Injection via uid

BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the uid parameter. Attackers can craft requests to pages using the plugin's shortcode with UNION-based SQL...

8.8CVSS0.0027EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/15 12:0 p.m.6 views

CVE-2016-20072 BBS e-Franchise 1.1.1 WordPress Plugin SQL Injection via uid

BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the uid parameter. Attackers can craft requests to pages using the plugin's shortcode with UNION-based SQL...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/15 12:0 p.m.5 views

CVE-2016-20071 WordPress 404 Redirection Manager Plugin 1.0 SQL Injection

The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through unsanitized user input. Attackers can craft GET requests with SQL injection payloa...

8.8CVSS6.1AI score0.00302EPSS
Exploits0References3
NVD
NVD
added 2026/06/15 8:16 a.m.13 views

CVE-2026-8386

The WP Go Maps WordPress plugin before 10.0.10 does not perform any approval-state filtering on its public single-marker REST endpoint, allowing unauthenticated users to retrieve marker records that an administrator has not yet approved for public display, including any PII placed in the address...

5.3CVSS0.00225EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 8:16 a.m.12 views

CVE-2026-8935

The WP MAPS PRO WordPress plugin before 6.1.1 registers an unauthenticated AJAX action which, given a valid nonce that is publicly emitted on any frontend page enqueuing its map script, unconditionally creates an administrator account and returns a magic-login URL granting interactive admin acces...

9.8CVSS0.00268EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 8:16 a.m.10 views

CVE-2026-9278

The Form Builder CP WordPress plugin before 1.2.47 does not properly sanitize a form configuration value before storing it and using it as part of a client-side script execution, allowing authenticated users with Editor-level access and above to perform Stored Cross-Site Scripting attacks against...

5.4CVSS0.00159EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 8:16 a.m.13 views

CVE-2026-8385

The WP Go Maps WordPress plugin before 10.0.10 does not properly enforce the marker approval filter on the admin-ajax fallback for its datatables route, allowing unauthenticated visitors to retrieve marker records that the site owner has not approved for public display, including their title,...

5.3CVSS0.00192EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 6:0 a.m.34 views

CVE-2026-8386 WP Go Maps < 10.0.10 - Unauthenticated Sensitive Information Disclosure via Marker ID

The WP Go Maps WordPress plugin before 10.0.10 does not perform any approval-state filtering on its public single-marker REST endpoint, allowing unauthenticated users to retrieve marker records that an administrator has not yet approved for public display, including any PII placed in the address...

0.00225EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 6:0 a.m.9 views

EUVD-2026-36700

The Form Builder CP WordPress plugin before 1.2.47 does not properly sanitize a form configuration value before storing it and using it as part of a client-side script execution, allowing authenticated users with Editor-level access and above to perform Stored Cross-Site Scripting attacks against...

5.4CVSS5.2AI score0.00159EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 6:0 a.m.8 views

CVE-2026-9278 Form Builder CP < 1.2.47 - Editor+ Stored XSS via form_structure

The Form Builder CP WordPress plugin before 1.2.47 does not properly sanitize a form configuration value before storing it and using it as part of a client-side script execution, allowing authenticated users with Editor-level access and above to perform Stored Cross-Site Scripting attacks against...

5.2AI score0.00159EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 6:0 a.m.9 views

EUVD-2026-36699

The WP MAPS PRO WordPress plugin before 6.1.1 registers an unauthenticated AJAX action which, given a valid nonce that is publicly emitted on any frontend page enqueuing its map script, unconditionally creates an administrator account and returns a magic-login URL granting interactive admin acces...

9.8CVSS5.2AI score0.00268EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 6:0 a.m.6 views

CVE-2026-8386 WP Go Maps < 10.0.10 - Unauthenticated Sensitive Information Disclosure via Marker ID

The WP Go Maps WordPress plugin before 10.0.10 does not perform any approval-state filtering on its public single-marker REST endpoint, allowing unauthenticated users to retrieve marker records that an administrator has not yet approved for public display, including any PII placed in the address...

5.3AI score0.00225EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 6:0 a.m.10 views

EUVD-2026-36698

The WP Go Maps WordPress plugin before 10.0.10 does not perform any approval-state filtering on its public single-marker REST endpoint, allowing unauthenticated users to retrieve marker records that an administrator has not yet approved for public display, including any PII placed in the address...

5.3CVSS5.3AI score0.00225EPSS
Exploits0References1
Rows per page
Query Builder