Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

263188 matches found

Vulnrichment
Vulnrichmentadded 4 days ago3 views

CVE-2016-20071 WordPress 404 Redirection Manager Plugin 1.0 SQL Injection

The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through unsanitized user input. Attackers can craft GET requests with SQL injection payloa...

8.8CVSS6.1AI score0.00302EPSS
Exploits0References3
EUVD
EUVDadded 4 days ago4 views

EUVD-2016-10882

WordPress Booking Calendar Contact Form 1.0.23 contains privilege escalation and stored cross-site scripting vulnerabilities that allow authenticated users to modify plugin options and inject malicious scripts by failing to verify user privileges and sanitize input parameters. Attackers with...

6.4CVSS5.2AI score0.00231EPSS
Exploits0References3
EUVD
EUVDadded 4 days ago4 views

EUVD-2016-10881

WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode function that fails to sanitize the calendar parameter before using it in database queries. Attackers can inject SQL commands through the calendar shortcode parameter to...

8.8CVSS6.1AI score0.0024EPSS
Exploits0References3
CVE
CVEadded 4 days ago5 views

CVE-2016-20069

CVE-2016-20069 affects WordPress plugin WordPress Booking Calendar Contact Form 1.0.23. It contains an unauthenticated blind SQL injection in the shortcode function where the calendar parameter is not sanitized before being used in database queries. This allows an attacker to inject SQL commands ...

8.8CVSS6.2AI score0.0024EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 4 days ago3 views

CVE-2016-20069 WordPress Booking Calendar Contact Form 1.0.23 SQL Injection

WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode function that fails to sanitize the calendar parameter before using it in database queries. Attackers can inject SQL commands through the calendar shortcode parameter to...

8.8CVSS6.1AI score0.0024EPSS
Exploits0References3
Cvelist
Cvelistadded 4 days ago31 views

CVE-2016-20069 WordPress Booking Calendar Contact Form 1.0.23 SQL Injection

WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode function that fails to sanitize the calendar parameter before using it in database queries. Attackers can inject SQL commands through the calendar shortcode parameter to...

8.8CVSS0.0024EPSS
Exploits0References3
CVE
CVEadded 4 days ago7 views

CVE-2016-20067

CVE-2016-20067 : WordPress CP Polls 1.0.8 contains a cross-site request forgery (CSRF) vulnerability that allows an attacker to perform unauthorized poll operations on behalf of an authenticated administrator. An attacker can craft a malicious HTML page; when an admin visits it while logged in, t...

5.3CVSS5.3AI score0.00116EPSS
Exploits0References2
EUVD
EUVDadded 4 days ago6 views

EUVD-2016-10880

WordPress CP Polls 1.0.8 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML pages that execute unwanted poll operations when administrators visit the page while logged in...

5.3CVSS5.2AI score0.00116EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 4 days ago4 views

CVE-2016-20067 WordPress CP Polls 1.0.8 Cross-Site Request Forgery

WordPress CP Polls 1.0.8 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML pages that execute unwanted poll operations when administrators visit the page while logged in...

5.3CVSS5.2AI score0.00116EPSS
Exploits0References2
Cvelist
Cvelistadded 4 days ago26 views

CVE-2016-20067 WordPress CP Polls 1.0.8 Cross-Site Request Forgery

WordPress CP Polls 1.0.8 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML pages that execute unwanted poll operations when administrators visit the page while logged in...

5.3CVSS0.00116EPSS
Exploits0References2
CVE
CVEadded 4 days ago5 views

CVE-2016-20066

WordPress CP Polls 1.0.8 is affected by a persistent cross-site scripting (XSS) vulnerability via unsanitized file upload functionality. Attackers can upload files containing script payloads (e.g., onerror handlers) to execute arbitrary JavaScript in the browsers of users viewing the affected con...

7.2CVSS5.4AI score0.00192EPSS
Exploits0References2
Cvelist
Cvelistadded 4 days ago28 views

CVE-2016-20066 WordPress CP Polls 1.0.8 Persistent Cross-Site Scripting

WordPress CP Polls 1.0.8 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unsanitized file upload functionality. Attackers can upload files containing script payloads with event handlers like onerror attributes to execute arbitrary...

7.2CVSS0.00192EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 4 days ago4 views

CVE-2016-20066 WordPress CP Polls 1.0.8 Persistent Cross-Site Scripting

WordPress CP Polls 1.0.8 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unsanitized file upload functionality. Attackers can upload files containing script payloads with event handlers like onerror attributes to execute arbitrary...

7.2CVSS5.3AI score0.00192EPSS
Exploits0References2
EUVD
EUVDadded 4 days ago4 views

EUVD-2016-10879

WordPress CP Polls 1.0.8 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unsanitized file upload functionality. Attackers can upload files containing script payloads with event handlers like onerror attributes to execute arbitrary...

7.2CVSS5.3AI score0.00192EPSS
Exploits0References2
The Hacker News
The Hacker Newsadded 4 days ago10 views

Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites

An attacker tampered with trusted JavaScript files used by WordPress sites running PushEngage , OptinMonster , and TrustPulse , turning those files into a way to break into the sites. When a site administrator was logged in as the file loaded, the code created an admin account under the attacker'...

8.1CVSS6.2AI score0.01252EPSS
Exploits3
Patchstack
Patchstackadded 4 days ago8 views

WordPress Online Scheduling and Appointment Booking System – Bookly plugin <= 27.2 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin Bookly versions = 27.2...

7.2CVSS5.2AI score0.00257EPSS
Exploits1References1Affected Software1
Patchstack
Patchstackadded 4 days ago7 views

WordPress GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin <= 2.31 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites versions = 2.31...

7.2CVSS5.2AI score0.0033EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded 4 days ago7 views

WordPress Customer Support Ticket System & Helpdesk plugin <= 6.0.4 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by she11f in WordPress Plugin WP Ticket Customer Service Software & Support Ticket System versions = 6.0.4...

7.5CVSS5.7AI score0.00336EPSS
Exploits0References1Affected Software1
NVD
NVDadded 4 days ago8 views

CVE-2026-8386

The WP Go Maps WordPress plugin before 10.0.10 does not perform any approval-state filtering on its public single-marker REST endpoint, allowing unauthenticated users to retrieve marker records that an administrator has not yet approved for public display, including any PII placed in the address...

5.3CVSS0.00206EPSS
Exploits0References1
NVD
NVDadded 4 days ago10 views

CVE-2026-8935

The WP MAPS PRO WordPress plugin before 6.1.1 registers an unauthenticated AJAX action which, given a valid nonce that is publicly emitted on any frontend page enqueuing its map script, unconditionally creates an administrator account and returns a magic-login URL granting interactive admin acces...

9.8CVSS0.00268EPSS
Exploits0References1
Rows per page
Query Builder