Lucene search
K

83717 matches found

Vulnrichment
Vulnrichment
added 2026/06/12 1:28 a.m.9 views

CVE-2026-9125 The Ultimate Video Player For WordPress <= 4.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'link_url' Shortcode Attribute

The Presto Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'linkurl' parameter of the prestoplayeroverlay shortcode in versions up to, and including, 4.2.0 This is due to insufficient input sanitization and output escaping in the getOverlays function, which copies...

6.4CVSS5.6AI score0.00239EPSS
Exploits0References10
EUVD
EUVD
added 2026/06/12 1:28 a.m.12 views

EUVD-2026-36372

The Presto Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'linkurl' parameter of the prestoplayeroverlay shortcode in versions up to, and including, 4.2.0 This is due to insufficient input sanitization and output escaping in the getOverlays function, which copies...

6.4CVSS5.7AI score0.00239EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.21 views

PT-2026-48818

The Presto Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link url' parameter of the presto player overlay shortcode in versions up to, and including, 4.2.0 This is due to insufficient input sanitization and output escaping in the getOverlays function, which...

6.4CVSS5.7AI score0.00239EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.15 views

PT-2026-48832

The Secure Copy Content Protection and Content Locking WordPress plugin before 5.1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered html capability is disallowed for...

5.2AI score0.00145EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 9:7 p.m.8 views

CVE-2026-42653 WordPress SliceWP plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in iova.Mihai SliceWP allows Stored XSS. This issue affects SliceWP: from n/a through 1.2.6...

7.1CVSS5.2AI score0.00142EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/11 9:4 p.m.26 views

CVE-2026-42647 WordPress JoomSport plugin <= 5.7.7 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Beardev JoomSport allows Blind SQL Injection. This issue affects JoomSport: from n/a through 5.7.7...

9.3CVSS0.01323EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/11 9:2 p.m.28 views

CVE-2026-49060 WordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.4 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Hippoo Mobile App for WooCommerce allows Privilege Escalation. This issue affects Hippoo Mobile App for WooCommerce: from n/a through 1.9.4...

9.8CVSS0.00514EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/11 9:2 p.m.10 views

CVE-2026-49060 WordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.4 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Hippoo Mobile App for WooCommerce allows Privilege Escalation. This issue affects Hippoo Mobile App for WooCommerce: from n/a through 1.9.4...

9.8CVSS5.2AI score0.00514EPSS
Exploits1References1
CVE
CVE
added 2026/06/11 9:2 p.m.54 views

CVE-2026-49060

The CVE-2026-49060 entry concerns the WordPress plugin Hippoo Mobile App for WooCommerce. Affected: Hippoo Mobile App for WooCommerce plugin versions up to 1.9.4. Issue: Incorrect Privilege Assignment leading to Privilege Escalation. Impact: high risk across confidentiality, integrity, and availa...

9.8CVSS5.4AI score0.00514EPSS
In wildExploits1References1
NVD
NVD
added 2026/06/11 6:16 p.m.11 views

CVE-2026-46698

Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.9, Fediverse Embeds registered the unauthenticated AJAX action wpajaxnoprivftfgetsiteinfo includes/SiteInfo.php that verified a nonce ftf-fediverse-embeds-nonce and then called filegethtml$siteurl on the...

5.3CVSS0.00229EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 6:16 p.m.9 views

CVE-2026-46697

Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.8, Fediverse Embeds registered an unauthenticated REST route ftf/media-proxy includes/MediaProxy.php with permissioncallback = returntrue that accepted a base64-encoded URL and forwarded it to wpremoteget$url without...

7.5CVSS0.00234EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/11 5:16 p.m.24 views

CVE-2026-46697 Fediverse Embeds: Unauthenticated SSRF / open proxy via REST media-proxy endpoint

Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.8, Fediverse Embeds registered an unauthenticated REST route ftf/media-proxy includes/MediaProxy.php with permissioncallback = returntrue that accepted a base64-encoded URL and forwarded it to wpremoteget$url without...

7.5CVSS0.00234EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 5:16 p.m.8 views

CVE-2026-46697 Fediverse Embeds: Unauthenticated SSRF / open proxy via REST media-proxy endpoint

Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.8, Fediverse Embeds registered an unauthenticated REST route ftf/media-proxy includes/MediaProxy.php with permissioncallback = returntrue that accepted a base64-encoded URL and forwarded it to wpremoteget$url without...

7.5CVSS5.4AI score0.00234EPSS
Exploits0References2
CVE
CVE
added 2026/06/11 5:15 p.m.15 views

CVE-2026-46698

Fediverse Embeds (WordPress plugin) prior to 1.5.9 registered an unauthenticated AJAX action, wp_ajax_nopriv_ftf_get_site_info, which validated a nonce ftf-fediverse-embeds-nonce and then performed file_get_html($site_url) on an attacker-supplied URL. The same nonce was enqueued on every public p...

5.3CVSS5.4AI score0.00229EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/06/11 2:19 p.m.95 views

Exploit for CVE-2026-10795

CVE-2026-10795 UpdraftPlus Auto-Exploit & Mass Scanner Au...

8.1CVSS5.5AI score0.03578EPSS
Exploits3
NVD
NVD
added 2026/06/11 12:16 p.m.12 views

CVE-2023-32959

Missing Authorization vulnerability in Sparkle WP MetroStore metrostore allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MetroStore: from n/a through 1.3.2...

4.3CVSS0.00184EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 10:46 a.m.23 views

CVE-2023-25969

CVE-2023-25969 is aBroken Access Control issue reported across multiple WordPress plugins with unauthenticated access. Connected advisories show: Lead Form Elementor Builder: vulnerable &lt;= 1.8.4; fixed in 1.8.5 TH Side Cart and Menu Cart for WooCommerce: vulnerable &lt;= 1.1.1; fixed in 1.1.2 ...

5.4CVSS7.8AI score0.00176EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 10:43 a.m.7 views

CVE-2022-47150 WordPress WooCommerce Conversion Tracking plugin <= 2.0.10 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site request forgery CSRF vulnerability in weDevs WooCommerce Conversion Tracking allows Cross Site Request Forgery. This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.10...

4.3CVSS5.4AI score0.00113EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/11 10:41 a.m.27 views

CVE-2022-45813 WordPress Advanced AJAX Product Filters plugin <= 1.6.3.3 - Broken Access Control + CSRF

Missing Authorization vulnerability in BeRocket Advanced AJAX Product Filters allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced AJAX Product Filters: from n/a through 1.6.3.3...

5.4CVSS0.00227EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 10:41 a.m.9 views

CVE-2022-45813 WordPress Advanced AJAX Product Filters plugin <= 1.6.3.3 - Broken Access Control + CSRF

Missing Authorization vulnerability in BeRocket Advanced AJAX Product Filters allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced AJAX Product Filters: from n/a through 1.6.3.3...

5.4CVSS5.4AI score0.00227EPSS
Exploits0References1
Rows per page
Query Builder