Lucene search
K

83717 matches found

Vulnrichment
Vulnrichment
added 2026/06/11 9:50 a.m.8 views

CVE-2022-44630 WordPress YITH WooCommerce Product Slider Carousel plugin <= 1.16.0 - Cross-Site Request Forgery (CSRF)

Cross-Site request forgery CSRF vulnerability in YITH YITH WooCommerce Product Slider Carousel allows Cross Site Request Forgery. This issue affects YITH WooCommerce Product Slider Carousel: from n/a through 1.16.0...

4.6CVSS5.4AI score0.00144EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/11 9:0 a.m.11 views

WordPress Schema & Structured Data for WP & AMP plugin < 1.60 - Unauthenticated Arbitrary Media Upload vulnerability

Unauthenticated Arbitrary Media Upload vulnerability discovered by 0xBassia in WordPress Plugin Schema & Structured Data for WP & AMP versions 1.60...

9.1CVSS5.4AI score0.00426EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.11 views

CVE-2026-8071

The Anti-Spam by CleanTalk. Spam protection WordPress plugin before 6.79 does not properly sanitize content within a custom shortcode used in its email-encoding feature, allowing unauthenticated attackers to inject arbitrary web scripts into approved comments that will execute when any user...

8.8CVSS5.7AI score0.00296EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.13 views

CVE-2026-9067

The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and does not validate the actual content of uploaded files against the endpoint's intended media type, allowing unauthenticated users to upload any fil...

9.1CVSS5.5AI score0.00426EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.9 views

CVE-2026-9019

The Easy Image Collage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'gridpropertiesborderColor' and 'gridimagesNattachmenturl' Parameters in all versions up to, and including, 1.13.6 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.6AI score0.00195EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.7 views

CVE-2026-8853

The MW WP Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'memo' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above,...

4.4CVSS5.7AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.9 views

CVE-2026-8613

The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'titletag' Widget Setting in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.7AI score0.002EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.10 views

CVE-2025-8444

The Animation Addons for Elementor – GSAP Powered Elementor Addons & Website Templates plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the multiple parameters in all versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. Th...

6.4CVSS5.7AI score0.00155EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.9 views

CVE-2025-6254

The Doctreat Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.6.8. This is due to the doctreatprocessregistration function not properly restricting the roles that a user can register with. This makes it possible for unauthenticated attackers ...

9.8CVSS5.5AI score0.00494EPSS
Exploits1References1
Patchstack
Patchstack
added 2026/06/11 8:30 a.m.9 views

WordPress Spam protection, Honeypot, Anti-Spam by CleanTalk plugin < 6.79 - Unauthenticated Stored XSS via Comment Shortcode Bypass vulnerability

Unauthenticated Stored XSS via Comment Shortcode Bypass vulnerability discovered by Matthew Rollings in WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk versions 6.79...

8.8CVSS5.4AI score0.00296EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/11 7:16 a.m.19 views

CVE-2026-10795

The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.26.4 via the UpdraftPlusRemoteCommunicationsV2::wploaded function. This is due to insufficient validation of the remote communications message format,...

8.1CVSS0.03578EPSS
Exploits3References4
Cvelist
Cvelist
added 2026/06/11 7:11 a.m.29 views

CVE-2023-40200 WordPress WP Logo Showcase Responsive Slider and Carousel plugin <= 3.6 - Broken Access Control vulnerability

Authorization bypass through User-Controlled key vulnerability in Essential Plugin WP Logo Showcase Responsive Slider and Carousel allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Logo Showcase Responsive Slider and Carousel: from n/a through 3.6...

5.3CVSS0.00188EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 7:11 a.m.33 views

CVE-2023-40200

CVE-2023-40200 affects the WordPress plugin WP Logo Showcase Responsive Slider and Carousel (versions

5.3CVSS7.7AI score0.00188EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 7:3 a.m.8 views

CVE-2023-33999 WordPress WP Mail Log plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in WPVibes WP Mail Log allows DOM-Based XSS. This issue affects WP Mail Log: from n/a through 1.0.2...

7.1CVSS7.8AI score0.00284EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/11 6:55 a.m.58 views

Exploit for CVE-2026-7458

🧨 CVE-2026-7458 – PickPlugins User Verification OTP Bypass Un...

9.8CVSS5.5AI score0.00578EPSS
Exploits3
EUVD
EUVD
added 2026/06/11 5:34 a.m.13 views

EUVD-2026-36215

The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.26.4 via the UpdraftPlusRemoteCommunicationsV2::wploaded function. This is due to insufficient validation of the remote communications message format,...

8.1CVSS6.1AI score0.03578EPSS
Exploits3References4
Cvelist
Cvelist
added 2026/06/11 5:34 a.m.32 views

CVE-2026-10795 UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauthenticated Authentication Bypass via UpdraftCentral udrpc

The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.26.4 via the UpdraftPlusRemoteCommunicationsV2::wploaded function. This is due to insufficient validation of the remote communications message format,...

8.1CVSS0.03578EPSS
Exploits3References4
NVD
NVD
added 2026/06/11 2:16 a.m.8 views

CVE-2026-2827

The Open User Map PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'oumlocationnotification' parameter in versions up to, and including, 1.4.31 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

4.7CVSS0.00188EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/11 1:27 a.m.28 views

CVE-2026-2827 Open User Map PRO <= 1.4.31 - Unauthenticated Stored Cross-Site Scripting via 'oum_location_notification'

The Open User Map PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'oumlocationnotification' parameter in versions up to, and including, 1.4.31 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

4.7CVSS0.00188EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 1:27 a.m.8 views

CVE-2026-2827 Open User Map PRO <= 1.4.31 - Unauthenticated Stored Cross-Site Scripting via 'oum_location_notification'

The Open User Map PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'oumlocationnotification' parameter in versions up to, and including, 1.4.31 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

4.7CVSS5.7AI score0.00188EPSS
Exploits0References2
Rows per page
Query Builder