Lucene search
K

83800 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/06 2:28 a.m.10 views

CVE-2026-7537

The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjmsendcommemail function. This is due to no file type, extension, or MIME type validation being performed on uploaded files. This makes it possible for...

7.2CVSS6.3AI score0.00659EPSS
Exploits1References11
ATTACKERKB
ATTACKERKB
added 2026/06/06 2:28 a.m.7 views

CVE-2026-7795

The Click to Chat – WA Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the chat shortcode 'num' parameter in all versions up to, and including, 4.38. This is due to insufficient escaping when embedding user-supplied shortcode attribute values inside JavaScript string...

6.4CVSS5.8AI score0.00288EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/06/06 2:28 a.m.38 views

CVE-2026-7537 MDJM Event Management <= 1.7.8.3 - Authenticated (Administrator+) Arbitrary File Upload via 'mdjm_email_upload_file' Parameter

The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjmsendcommemail function. This is due to no file type, extension, or MIME type validation being performed on uploaded files. This makes it possible for...

7.2CVSS0.00659EPSS
Exploits1References10
Cvelist
Cvelist
added 2026/06/06 2:28 a.m.44 views

CVE-2026-7795 Click to Chat <= 4.39 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'num' Shortcode Parameter

The Click to Chat – WA Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the chat shortcode 'num' parameter in all versions up to, and including, 4.38. This is due to insufficient escaping when embedding user-supplied shortcode attribute values inside JavaScript string...

6.4CVSS0.00288EPSS
Exploits0References11
EUVD
EUVD
added 2026/06/06 2:28 a.m.14 views

EUVD-2026-34948

The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjmsendcommemail function. This is due to no file type, extension, or MIME type validation being performed on uploaded files. This makes it possible for...

7.2CVSS6.3AI score0.00659EPSS
Exploits1References10
EUVD
EUVD
added 2026/06/06 2:28 a.m.14 views

EUVD-2026-34949

The Click to Chat – WA Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the chat shortcode 'num' parameter in all versions up to, and including, 4.38. This is due to insufficient escaping when embedding user-supplied shortcode attribute values inside JavaScript string...

6.4CVSS5.8AI score0.00288EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2026/06/06 2:28 a.m.7 views

CVE-2026-7566

The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.4 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP...

6.6CVSS5.9AI score0.0045EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/06/06 2:28 a.m.8 views

CVE-2026-9280

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL Parameters in iframe Mode in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS5.7AI score0.00225EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/06/06 2:28 a.m.10 views

CVE-2026-9280 Ad Inserter <= 2.8.15 - Reflected Cross-Site Scripting via URL Parameters in iframe Mode

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL Parameters in iframe Mode in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS5.7AI score0.00225EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/06/06 2:28 a.m.7 views

CVE-2026-7565 LearnPress <= 4.1.4 - Authenticated (Administrator+) Path Traversal to Arbitrary File Read via 'import-user-file' Parameter

The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to Arbitrary File Read via Directory Traversal in all versions up to, and including, 4.1.4 via the 'import-user-file' parameter parameter. This makes it possible for authenticated attackers, with administrator-level acces...

4.9CVSS5.6AI score0.00646EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/06 2:28 a.m.41 views

CVE-2026-9280 Ad Inserter <= 2.8.15 - Reflected Cross-Site Scripting via URL Parameters in iframe Mode

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL Parameters in iframe Mode in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS0.00225EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/06 2:28 a.m.12 views

EUVD-2026-34947

The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.4 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP...

6.6CVSS5.9AI score0.0045EPSS
Exploits0References8
CVE
CVE
added 2026/06/06 2:28 a.m.21 views

CVE-2026-9280

CVE-2026-9280 affects the Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress. The issue is a Reflected Cross‑Site Scripting (XSS) vulnerability in URL parameters when iframe mode is enabled (AI_OPTION_IFRAME) on at least one ad block. It impacts all versions up to and including 2.8.15, s...

6.1CVSS5.7AI score0.00225EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/06 2:28 a.m.40 views

CVE-2026-7566 LearnPress – Backup & Migration Tool <= 4.1.4 - Authenticated (Administrator+) PHP Object Injection via WXR XML File Upload

The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.4 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP...

6.6CVSS0.0045EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/06 2:28 a.m.12 views

EUVD-2026-34943

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dragndroptext' and 'dragndropbrowsetext' Settings in all versions up to, and including, 1.3.9.7 due to insufficient input sanitization and output escaping. This makes i...

4.4CVSS5.7AI score0.00214EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/06 2:28 a.m.34 views

CVE-2026-9197 Smart Slider 3 <= 3.5.1.36 - Authenticated (Administrator+) Path Traversal to Arbitrary File Read via 'src'/'srcset' Attribute in HTML Export

The Smart Slider 3 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.5.1.36 via the replaceHTMLImage function. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on...

4.9CVSS0.00558EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/06 2:28 a.m.7 views

CVE-2026-9197 Smart Slider 3 <= 3.5.1.36 - Authenticated (Administrator+) Path Traversal to Arbitrary File Read via 'src'/'srcset' Attribute in HTML Export

The Smart Slider 3 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.5.1.36 via the replaceHTMLImage function. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on...

4.9CVSS5.6AI score0.00558EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/06 2:28 a.m.12 views

EUVD-2026-34944

The Smart Slider 3 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.5.1.36 via the replaceHTMLImage function. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on...

4.9CVSS5.6AI score0.00558EPSS
Exploits0References5
CVE
CVE
added 2026/06/06 2:28 a.m.27 views

CVE-2026-8991

The CVE concerns the WordPress plugin “Drag and Drop Multiple File Upload for Contact Form 7” (WordPress) up to version 1.3.9.7. It is affected in the Drag and Drop settings drag_n_drop_text and drag_n_drop_browse_text, where insufficient input sanitization and output escaping enables Stored Cros...

4.4CVSS5.7AI score0.00214EPSS
Exploits0References8
CVE
CVE
added 2026/06/06 2:28 a.m.28 views

CVE-2026-9197

CVE-2026-9197 affects the Smart Slider 3 WordPress plugin. All versions up to 3.5.1.36 are vulnerable due to a directory traversal flaw in the replaceHTMLImage function used during HTML export, which can allow an authenticated administrator+ to read arbitrary files on the server. The provided doc...

4.9CVSS5.6AI score0.00558EPSS
Exploits0References5
Rows per page
Query Builder