Lucene search
K

83717 matches found

Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.13 views

PT-2026-49080

Name of the Vulnerable Software and Affected Versions Store Locator WordPress plugin versions prior to 1.6.9 Description Insufficient validation of a parameter used in a file path allows high-privileged users, such as administrators, to read arbitrary .php files from the server. This can lead to...

3.4CVSS5.5AI score0.00248EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.13 views

PT-2026-49082

Name of the Vulnerable Software and Affected Versions FooGallery versions prior to 3.1.32 Description The FooGallery plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs because the foogallery sanitize javascript function uses an incomplete blacklist for JavaScript event...

6.4CVSS5.5AI score0.00203EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.13 views

PT-2026-49072

Name of the Vulnerable Software and Affected Versions LWS Optimize – All-in-One Speed Booster & Cache Tools versions prior to 3.3.20 Description The plugin is subject to an arbitrary file read issue. This occurs because the combine current css function trusts values harvested from page HTML and...

4.9CVSS5.4AI score0.00336EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.20 views

PT-2026-49090

Name of the Vulnerable Software and Affected Versions Meow Gallery versions prior to 5.4.5 Description The Meow Gallery plugin for WordPress allows unauthorized modification of data because of a missing capability check on the REST API endpoint "/wp-json/meow-gallery/v1/save shortcode"...

4.3CVSS5.3AI score0.00214EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.13 views

PT-2026-49079

Name of the Vulnerable Software and Affected Versions Store Locator WordPress plugin versions prior to 1.6.9 Description Insufficient sanitization and escaping of store logo metadata before it is stored and displayed on the admin page allows high-privileged users, such as administrators, to execu...

3.5CVSS5.4AI score0.00145EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.16 views

PT-2026-49091

Name of the Vulnerable Software and Affected Versions Bookly versions prior to 27.3 Description The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs due to insufficient input sanitization and output escaping...

7.2CVSS5.5AI score0.00312EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.18 views

PT-2026-49087

Name of the Vulnerable Software and Affected Versions Canvas plugin for WordPress versions prior to 2.5.3 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. Authenticated attackers with contributor-level access or higher can inject arbitrary...

6.4CVSS5.5AI score0.00199EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.12 views

PT-2026-49081

Name of the Vulnerable Software and Affected Versions GPTranslate – Multilingual AI Translation for WordPress versions prior to 2.32 Description Insufficient input sanitization and output escaping allow unauthenticated attackers to perform Stored Cross-Site Scripting. Attackers can retrieve a...

7.2CVSS5.6AI score0.00316EPSS
Exploits0References18
Vulnrichment
Vulnrichment
added 2026/06/12 8:46 p.m.10 views

CVE-2026-24618 WordPress Hash Elements plugin <= 1.5.4 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HashThemes Hash Elements allows Retrieve Embedded Sensitive Data. This issue affects Hash Elements: from n/a through 1.5.4...

4.3CVSS5.2AI score0.00175EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/12 7:6 p.m.5 views

WordPress Page Builder: Pagelayer – Drag and Drop website builder plugin <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin PageLayer versions = 2.0.9...

6.4CVSS5.2AI score0.00155EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/12 6:3 p.m.6 views

WordPress Photo Gallery by FooGallery : Responsive Image Gallery, Masonry Gallery & Carousel plugin <= 3.1.31 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin FooGallery versions = 3.1.31...

6.4CVSS5.2AI score0.00203EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/12 2:6 p.m.5 views

WordPress LWS Optimize – All-in-One Speed Booster & Cache Tools plugin <= 3.3.19 - Authenticated (Editor+) Arbitrary File Read vulnerability

Authenticated Editor+ Arbitrary File Read vulnerability discovered by Omar Elshopky in WordPress Plugin LWS Optimize versions = 3.3.19...

4.9CVSS5.2AI score0.00336EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/12 8:31 a.m.9 views

WordPress Fediverse Embeds plugin <= 1.5.7 - Unauthenticated SSRF vulnerability

Unauthenticated SSRF vulnerability discovered by 0xBassia in WordPress Plugin Fediverse Embeds versions = 1.5.7...

7.5CVSS5.2AI score0.00234EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2026/06/12 8:9 a.m.69 views

Exploit for CVE-2026-8809

CVE-2026-8809 Advanced Custom Fields: Extended = 0.9.2.5 -...

9.8CVSS5.6AI score0.008EPSS
Exploits1
NVD
NVD
added 2026/06/12 7:16 a.m.14 views

CVE-2026-9269

The Secure Copy Content Protection and Content Locking WordPress plugin before 5.1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for...

3.5CVSS0.00145EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 6:0 a.m.29 views

CVE-2026-9269 Secure Copy Content Protection and Content Locking < 5.1.5 - Admin+ Stored XSS via ays_sccp_sub_icon_image Parameter

The Secure Copy Content Protection and Content Locking WordPress plugin before 5.1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for...

0.00145EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 6:0 a.m.7 views

EUVD-2026-36387

The Secure Copy Content Protection and Content Locking WordPress plugin before 5.1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for...

3.5CVSS5.2AI score0.00145EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 6:0 a.m.7 views

CVE-2026-9269 Secure Copy Content Protection and Content Locking < 5.1.5 - Admin+ Stored XSS via ays_sccp_sub_icon_image Parameter

The Secure Copy Content Protection and Content Locking WordPress plugin before 5.1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for...

5.2AI score0.00145EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 6:0 a.m.64 views

CVE-2026-9269

The CVE pertains to the WordPress plugin “Secure Copy Content Protection and Content Locking” prior to version 5.1.5, which fails to sanitize and escape certain settings. This enables Stored XSS for high-privilege users (e.g., admin), even when unfiltered_html is disallowed (such as in multisite ...

3.5CVSS5.2AI score0.00145EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 2:16 a.m.10 views

CVE-2026-9125

The Presto Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'linkurl' parameter of the prestoplayeroverlay shortcode in versions up to, and including, 4.2.0 This is due to insufficient input sanitization and output escaping in the getOverlays function, which copies...

6.4CVSS0.00239EPSS
Exploits0References10
Rows per page
Query Builder