Lucene search
K

83780 matches found

Vulnrichment
Vulnrichment
added 2026/06/13 2:29 a.m.7 views

CVE-2026-12089 WS Optimize – All-in-One Speed Booster & Cache Tools <= 3.3.19 - Authenticated (Editor+) Arbitrary File Read

The LWS Optimize – All-in-One Speed Booster & Cache Tools plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 3.3.19. This is due to the combinecurrentcss function trusting values harvested from page HTML and converting same-site URLs to absolute filesystem...

4.9CVSS5.5AI score0.00336EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/13 2:29 a.m.13 views

EUVD-2026-36635

The LWS Optimize – All-in-One Speed Booster & Cache Tools plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 3.3.19. This is due to the combinecurrentcss function trusting values harvested from page HTML and converting same-site URLs to absolute filesystem...

4.9CVSS5.5AI score0.00336EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/13 2:29 a.m.34 views

CVE-2026-12089 WS Optimize – All-in-One Speed Booster & Cache Tools <= 3.3.19 - Authenticated (Editor+) Arbitrary File Read

The LWS Optimize – All-in-One Speed Booster & Cache Tools plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 3.3.19. This is due to the combinecurrentcss function trusting values harvested from page HTML and converting same-site URLs to absolute filesystem...

4.9CVSS0.00336EPSS
Exploits0References3
CVE
CVE
added 2026/06/13 2:29 a.m.24 views

CVE-2026-12089

The vulnerability CVE-2026-12089 affects the WordPress plugin “LWS Optimize – All-in-One Speed Booster & Cache Tools” up to version 3.3.19. The root cause is in the combine_current_css() function, which trusts href values harvested from page HTML and converts same-site URLs to absolute filesyste...

4.9CVSS5.5AI score0.00336EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.13 views

PT-2026-49080

Name of the Vulnerable Software and Affected Versions Store Locator WordPress plugin versions prior to 1.6.9 Description Insufficient validation of a parameter used in a file path allows high-privileged users, such as administrators, to read arbitrary .php files from the server. This can lead to...

3.4CVSS5.5AI score0.00248EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.13 views

PT-2026-49082

Name of the Vulnerable Software and Affected Versions FooGallery versions prior to 3.1.32 Description The FooGallery plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs because the foogallery sanitize javascript function uses an incomplete blacklist for JavaScript event...

6.4CVSS5.5AI score0.00203EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.13 views

PT-2026-49072

Name of the Vulnerable Software and Affected Versions LWS Optimize – All-in-One Speed Booster & Cache Tools versions prior to 3.3.20 Description The plugin is subject to an arbitrary file read issue. This occurs because the combine current css function trusts values harvested from page HTML and...

4.9CVSS5.4AI score0.00336EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.20 views

PT-2026-49090

Name of the Vulnerable Software and Affected Versions Meow Gallery versions prior to 5.4.5 Description The Meow Gallery plugin for WordPress allows unauthorized modification of data because of a missing capability check on the REST API endpoint "/wp-json/meow-gallery/v1/save shortcode"...

4.3CVSS5.3AI score0.00214EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.16 views

PT-2026-49091

Name of the Vulnerable Software and Affected Versions Bookly versions prior to 27.3 Description The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs due to insufficient input sanitization and output escaping...

7.2CVSS5.5AI score0.00312EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.18 views

PT-2026-49087

Name of the Vulnerable Software and Affected Versions Canvas plugin for WordPress versions prior to 2.5.3 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. Authenticated attackers with contributor-level access or higher can inject arbitrary...

6.4CVSS5.5AI score0.00199EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.13 views

PT-2026-49079

Name of the Vulnerable Software and Affected Versions Store Locator WordPress plugin versions prior to 1.6.9 Description Insufficient sanitization and escaping of store logo metadata before it is stored and displayed on the admin page allows high-privileged users, such as administrators, to execu...

3.5CVSS5.4AI score0.00145EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.12 views

PT-2026-49081

Name of the Vulnerable Software and Affected Versions GPTranslate – Multilingual AI Translation for WordPress versions prior to 2.32 Description Insufficient input sanitization and output escaping allow unauthenticated attackers to perform Stored Cross-Site Scripting. Attackers can retrieve a...

7.2CVSS5.6AI score0.00316EPSS
Exploits0References18
Vulnrichment
Vulnrichment
added 2026/06/12 8:46 p.m.10 views

CVE-2026-24618 WordPress Hash Elements plugin <= 1.5.4 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HashThemes Hash Elements allows Retrieve Embedded Sensitive Data. This issue affects Hash Elements: from n/a through 1.5.4...

4.3CVSS5.2AI score0.00175EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/12 7:6 p.m.5 views

WordPress Page Builder: Pagelayer – Drag and Drop website builder plugin <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin PageLayer versions = 2.0.9...

6.4CVSS5.2AI score0.00155EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/12 6:3 p.m.6 views

WordPress Photo Gallery by FooGallery : Responsive Image Gallery, Masonry Gallery & Carousel plugin <= 3.1.31 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin FooGallery versions = 3.1.31...

6.4CVSS5.2AI score0.00203EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/12 2:6 p.m.5 views

WordPress LWS Optimize – All-in-One Speed Booster & Cache Tools plugin <= 3.3.19 - Authenticated (Editor+) Arbitrary File Read vulnerability

Authenticated Editor+ Arbitrary File Read vulnerability discovered by Omar Elshopky in WordPress Plugin LWS Optimize versions = 3.3.19...

4.9CVSS5.2AI score0.00336EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/12 8:31 a.m.9 views

WordPress Fediverse Embeds plugin <= 1.5.7 - Unauthenticated SSRF vulnerability

Unauthenticated SSRF vulnerability discovered by 0xBassia in WordPress Plugin Fediverse Embeds versions = 1.5.7...

7.5CVSS5.2AI score0.00234EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2026/06/12 8:9 a.m.70 views

Exploit for CVE-2026-8809

CVE-2026-8809 Advanced Custom Fields: Extended = 0.9.2.5 -...

9.8CVSS5.6AI score0.008EPSS
Exploits1
NVD
NVD
added 2026/06/12 7:16 a.m.14 views

CVE-2026-9269

The Secure Copy Content Protection and Content Locking WordPress plugin before 5.1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for...

3.5CVSS0.00145EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 6:0 a.m.29 views

CVE-2026-9269 Secure Copy Content Protection and Content Locking < 5.1.5 - Admin+ Stored XSS via ays_sccp_sub_icon_image Parameter

The Secure Copy Content Protection and Content Locking WordPress plugin before 5.1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for...

0.00145EPSS
Exploits0References1
Rows per page
Query Builder