Lucene search
K

83789 matches found

Positive Technologies
Positive Technologies
β€’added 2026/06/09 12:0 a.m.β€’10 views

PT-2026-47674

The RomanCart Ecommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blclass' attribute and other attributes of the romancart button shortcode in versions up to, and including, 2.0.8. This is due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS5.7AI score0.00192EPSS
Exploits0References4
Positive Technologies
Positive Technologies
β€’added 2026/06/09 12:0 a.m.β€’10 views

PT-2026-47768

Wow Viral Signups 2.1 WordPress plugin contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by exploiting the unescaped 'idsignup' POST parameter. Attackers can send crafted requests to the admin-ajax.php endpoint with malicious SQL payload...

8.8CVSS5.8AI score0.0027EPSS
Exploits0References6
Positive Technologies
Positive Technologies
β€’added 2026/06/09 12:0 a.m.β€’10 views

PT-2026-47629

The Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion body field in all versions up to, and including, 2.3.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Custom-level access and...

6.4CVSS5.7AI score0.00155EPSS
Exploits0References3
Positive Technologies
Positive Technologies
β€’added 2026/06/09 12:0 a.m.β€’13 views

PT-2026-47673

Name of the Vulnerable Software and Affected Versions Extra Settings for RocketChat versions prior to 0.2 Description The Extra Settings for RocketChat plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs because the rxstg shortcode function fails to properly sanitize...

6.4CVSS5.5AI score0.00181EPSS
Exploits0References7
Positive Technologies
Positive Technologies
β€’added 2026/06/09 12:0 a.m.β€’10 views

PT-2026-47638

Name of the Vulnerable Software and Affected Versions jQuery Hover Footnotes versions prior to 1.5 Description The jQuery Hover Footnotes plugin for WordPress contains a Stored Cross-Site Scripting issue involving the Footnote Qualifier '...' Syntax. Due to insufficient input sanitization and...

6.4CVSS5.5AI score0.00253EPSS
Exploits0References8
Positive Technologies
Positive Technologies
β€’added 2026/06/09 12:0 a.m.β€’11 views

PT-2026-47676

Name of the Vulnerable Software and Affected Versions Global Body Mass Index Calculator versions prior to 1.3 Description The Global Body Mass Index Calculator plugin for WordPress contains a Stored Cross-Site Scripting issue. The GBMI Calc Widget::widget function fails to properly sanitize input...

6.4CVSS5.6AI score0.00188EPSS
Exploits0References9
Positive Technologies
Positive Technologies
β€’added 2026/06/09 12:0 a.m.β€’25 views

PT-2026-47684

Name of the Vulnerable Software and Affected Versions 6Storage Rentals versions prior to 2.22.1 Description An authorization bypass exists in the 6Storage Rentals plugin for WordPress. Unauthenticated attackers can read and modify arbitrary tenant profile data, including names, email addresses,...

7.5CVSS5.3AI score0.00403EPSS
Exploits0References15
Positive Technologies
Positive Technologies
β€’added 2026/06/09 12:0 a.m.β€’12 views

PT-2026-47762

Simply Poll 1.4.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the 'pollid' POST parameter. Attackers can send requests to the admin-ajax.php endpoint with the 'spAjaxResults' actio...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References5
Packet Storm
Packet Storm
β€’added 2026/06/09 12:0 a.m.β€’66 views

πŸ“„ Quick Playground for WordPress 1.3.1 Shell Upload

Proof of concept remote shell upload exploit for Quick Playground for WordPress plugin versions 1.3.1 and below. ================================================================================================================================== | Title : Quick Playground for WordPress 1.3.1 β€”...

9.8CVSS5.5AI score0.03092EPSS
Exploits3
CNNVD
CNNVD
β€’added 2026/06/09 12:0 a.m.β€’15 views

WordPress plugin FastPicker 跨站请求δΌͺι€ ζΌζ΄ž

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.3AI score0.00124EPSS
Exploits0References2
CNNVD
CNNVD
β€’added 2026/06/09 12:0 a.m.β€’15 views

WordPress plugin jQuery Hover Footnotes θ·¨η«™θ„šζœ¬ζΌζ΄ž

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. WordPress...

6.4CVSS5.3AI score0.00253EPSS
Exploits0References1
CNNVD
CNNVD
β€’added 2026/06/09 12:0 a.m.β€’10 views

WordPress plugin KittyCatfish SQL注ε…₯漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS5.8AI score0.0027EPSS
Exploits0References1
CNNVD
CNNVD
β€’added 2026/06/09 12:0 a.m.β€’8 views

WordPress plugin Wow Viral Signups SQL注ε…₯漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

8.8CVSS5.8AI score0.0027EPSS
Exploits0References1
CNNVD
CNNVD
β€’added 2026/06/09 12:0 a.m.β€’10 views

WordPress plugin Insert PHP 代码注ε…₯漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

9.8CVSS6AI score0.00559EPSS
Exploits1References1
CNNVD
CNNVD
β€’added 2026/06/09 12:0 a.m.β€’8 views

WordPress plugin Car Park Booking Plugin 13 October SQL注ε…₯漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.8CVSS5.8AI score0.00262EPSS
Exploits0References1
Positive Technologies
Positive Technologies
β€’added 2026/06/09 12:0 a.m.β€’13 views

PT-2026-47675

Name of the Vulnerable Software and Affected Versions WP ApplicantStack Jobs Display versions prior to 1.1.2 Description Insufficient input sanitization and output escaping in shortcode attributes allow authenticated attackers with contributor-level access or higher to perform Stored Cross-Site...

6.4CVSS5.7AI score0.00181EPSS
Exploits0References7
Positive Technologies
Positive Technologies
β€’added 2026/06/09 12:0 a.m.β€’14 views

PT-2026-47722

Name of the Vulnerable Software and Affected Versions Slider Revolution versions prior to 7.0.11 Description The plugin is subject to sensitive information disclosure resulting from three design flaws. First, a valid backend AJAX nonce revslider actions is leaked to all authenticated users,...

6.5CVSS5.3AI score0.00252EPSS
Exploits0References8
Positive Technologies
Positive Technologies
β€’added 2026/06/09 12:0 a.m.β€’15 views

PT-2026-47677

Name of the Vulnerable Software and Affected Versions kk blog card versions prior to 1.4 Description The kk blog card plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs because the plugin fails to properly sanitize input and escape output for the href and type attribut...

6.4CVSS5.6AI score0.00181EPSS
Exploits0References7
Positive Technologies
Positive Technologies
β€’added 2026/06/09 12:0 a.m.β€’17 views

PT-2026-47685

Name of the Vulnerable Software and Affected Versions Recover Exit For WooCommerce versions prior to 1.0.4 Description The plugin is subject to Local File Inclusion due to insufficient validation and sanitization of the tpf POST parameter within the recover exit function. This allows...

8.1CVSS6.3AI score0.00551EPSS
Exploits0References12
Positive Technologies
Positive Technologies
β€’added 2026/06/09 12:0 a.m.β€’14 views

PT-2026-47635

Name of the Vulnerable Software and Affected Versions FV Flowplayer Video Player versions prior to 7.5.49.7213 Description The FV Flowplayer Video Player plugin for WordPress contains a Stored Cross-Site Scripting issue caused by insufficient input sanitization and output escaping of comment text...

7.2CVSS5.7AI score0.00241EPSS
Exploits0References9
Rows per page
Query Builder