Lucene search
K

83780 matches found

Patchstack
Patchstack
added 2026/06/09 6:49 p.m.11 views

WordPress aThemes Addons for Elementor plugin <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Romain Deperne ang3L in WordPress Plugin aThemes Addons for Elementor versions = 1.1.8...

6.4CVSS5.4AI score0.002EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/09 6:48 p.m.9 views

WordPress MW WP Form plugin <= 5.1.3 - Authenticated (Editor+) Stored Cross-Site Scripting vulnerability

Authenticated Editor+ Stored Cross-Site Scripting vulnerability discovered by Sérgio Charruadas itzvenom in WordPress Plugin MW WP Form versions = 5.1.3...

4.4CVSS5.4AI score0.00201EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/09 6:47 p.m.10 views

WordPress Easy Image Collage plugin <= 1.13.6 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by gnsehfvlr in WordPress Plugin Easy Image Collage versions = 1.13.6...

6.4CVSS5.4AI score0.00195EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2026/06/09 4:24 p.m.60 views

Exploit for CVE-2017-20251

CVE-2017-20251: Insert PHP Plugin PHP Code Injection Vulne...

9.8CVSS6.3AI score0.00559EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.11 views

CVE-2026-3011

The Recipe Card Blocks Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the recipe block's 'summary' and 'notes' attributes in all versions up to, and including, 3.4.13. This is due to the 'WPZOOMHelpers::deserializeblockattributes' method converting unicode-encoded...

6.4CVSS5.7AI score0.00206EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 1:16 p.m.11 views

CVE-2017-20246

KittyCatfish 2.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to read database contents by exploiting an unescaped GET parameter. Attackers can inject SQL code through the 'kcad' parameter in base.css.php or kittycatfish.php to extract sensiti...

8.8CVSS0.0027EPSS
Exploits0References4
NVD
NVD
added 2026/06/09 1:16 p.m.9 views

CVE-2017-20245

Wow Viral Signups 2.1 WordPress plugin contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by exploiting the unescaped 'idsignup' POST parameter. Attackers can send crafted requests to the admin-ajax.php endpoint with malicious SQL payload...

8.8CVSS0.0027EPSS
Exploits0References5
NVD
NVD
added 2026/06/09 1:16 p.m.15 views

CVE-2017-20244

Wow Forms WordPress Plugin version 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to read arbitrary database information by exploiting an unescaped POST parameter. Attackers can inject SQL code through the 'mwpformid' parameter in requests to the admin-ajax.php...

8.8CVSS0.0027EPSS
Exploits0References5
NVD
NVD
added 2026/06/09 1:16 p.m.9 views

CVE-2016-20064

WP Vault 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the include functionality. Attackers can supply directory traversal sequences through the wpv-image GET parameter to access sensitiv...

6.9CVSS0.00671EPSS
Exploits0References4
NVD
NVD
added 2026/06/09 1:16 p.m.8 views

CVE-2016-20065

Product Catalog 8 1.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the selectedCategory parameter. Attackers can submit POST requests to the admin-ajax.php endpoint with the...

8.8CVSS0.0027EPSS
Exploits0References4
NVD
NVD
added 2026/06/09 1:16 p.m.16 views

CVE-2017-20243

WordPress Car Park Booking Plugin version 13 October 17 contains a time-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the spaceid parameter. Attackers can send GET requests to the booking-page endpoint with...

8.8CVSS0.00262EPSS
Exploits0References3
NVD
NVD
added 2026/06/09 1:16 p.m.10 views

CVE-2016-20062

Simply Poll 1.4.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the 'pollid' POST parameter. Attackers can send requests to the admin-ajax.php endpoint with the 'spAjaxResults' actio...

8.8CVSS0.0027EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/06/09 12:25 p.m.10 views

WordPress WP GDPR Cookie Consent plugin <= 1.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin WP GDPR Cookie Consent versions = 1.0.0...

6.4CVSS5.4AI score0.00188EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/09 11:48 a.m.36 views

CVE-2017-20251

CVE-2017-20251 affects WordPress Insert PHP plugin versions prior to 3.3.1. The vulnerability is a PHP code injection via the REST API, allowing unauthenticated attackers to execute arbitrary PHP by injecting an insert_php shortcode through POST requests to wp-json/wp/v2/posts, enabling remote PH...

9.8CVSS6.1AI score0.00559EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/09 11:48 a.m.31 views

CVE-2017-20251 WordPress Insert PHP Plugin 4.7.0 PHP Code Injection via REST API

WordPress Insert PHP plugin versions before 3.3.1 contain a PHP code injection vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by injecting malicious shortcodes through the WordPress REST API. Attackers can send POST requests to the wp-json/wp/v2/posts endpoint...

9.8CVSS0.00559EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/06/09 11:48 a.m.13 views

CVE-2017-20250 WordPress Plugin Mac Photo Gallery 3.0 Arbitrary File Download

Mac Photo Gallery 3.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the albid parameter. Attackers can send requests to macdownload.php with directory traversal sequences to access sensitive files like wp-load.php outside...

8.7CVSS5.6AI score0.00641EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 11:48 a.m.19 views

CVE-2017-20250

CVE-2017-20250 affects WordPress plugin Mac Photo Gallery 3.0 through a path traversal vulnerability in macdownload.php that allows unauthenticated attackers to download arbitrary files (e.g., wp-load.php) by manipulating the albid parameter. Reported impact includes potential high confidentialit...

8.7CVSS5.6AI score0.00641EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 11:48 a.m.18 views

CVE-2017-20248

CVE-2017-20248 affects the WordPress plugin Apptha Slider Gallery 1.0. It describes a path traversal vulnerability in asgallDownload.php that lets unauthenticated attackers download arbitrary files by supplying directory traversal sequences (e.g., ../) via the imgname parameter. CVSS scores in th...

8.7CVSS5.6AI score0.00641EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/09 11:48 a.m.27 views

CVE-2017-20249 WordPress Plugin Apptha Slider Gallery 1.0 SQL Injection

Apptha Slider Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the albid parameter. Attackers can send GET requests with crafted SQL payloads in the albid parameter to extract sensitive...

8.8CVSS0.00295EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/09 11:48 a.m.27 views

CVE-2017-20248 WordPress Plugin Apptha Slider Gallery 1.0 Path Traversal File Download

Apptha Slider Gallery 1.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the imgname parameter. Attackers can send requests to asgallDownload.php with directory traversal sequences ../ to access sensitive files outside the...

8.7CVSS0.00641EPSS
Exploits0References3
Rows per page
Query Builder