Lucene search
K

264410 matches found

Patchstack
Patchstack
added 2026/05/27 2:2 a.m.7 views

WordPress BP Better Messages plugin <= 2.14.16 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by dodoh4t in WordPress Plugin BP Better Messages versions = 2.14.16...

7.5CVSS5.8AI score0.00246EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/05/27 1:26 a.m.33 views

CVE-2026-6565 Style Kits – Advanced Theme Styles for Elementor <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Kit Title

The Style Kits – Advanced Theme Styles for Elementor, Elementor Kits & Elementor Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '/wp-json/agwp/v1/tokens/save' endpoint kit title parameter in versions up to, and including, 2.5.0 due to insufficient input...

6.4CVSS0.00156EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/27 1:26 a.m.11 views

CVE-2026-6565

The Style Kits – Advanced Theme Styles for Elementor, Elementor Kits & Elementor Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '/wp-json/agwp/v1/tokens/save' endpoint kit title parameter in versions up to, and including, 2.5.0 due to insufficient input...

6.4CVSS6AI score0.00156EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/27 1:26 a.m.20 views

EUVD-2026-32037

The Style Kits – Advanced Theme Styles for Elementor, Elementor Kits & Elementor Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '/wp-json/agwp/v1/tokens/save' endpoint kit title parameter in versions up to, and including, 2.5.0 due to insufficient input...

6.4CVSS6AI score0.00156EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/27 1:26 a.m.6 views

CVE-2026-7493

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to denial of service in all versions up to, and including, 1.6.11.5. This is due to a publicly accessible REST API endpoint /wp-json/ssa/v1/async that calls PHP's sleep function on a...

5.3CVSS5.7AI score0.0035EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/27 1:26 a.m.34 views

CVE-2026-7493 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.11.5 - Unauthenticated Denial of Service

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to denial of service in all versions up to, and including, 1.6.11.5. This is due to a publicly accessible REST API endpoint /wp-json/ssa/v1/async that calls PHP's sleep function on a...

5.3CVSS0.0035EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/27 1:26 a.m.10 views

CVE-2026-7493 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.11.5 - Unauthenticated Denial of Service

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to denial of service in all versions up to, and including, 1.6.11.5. This is due to a publicly accessible REST API endpoint /wp-json/ssa/v1/async that calls PHP's sleep function on a...

5.3CVSS5.7AI score0.0035EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/27 1:26 a.m.9 views

EUVD-2026-32036

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to denial of service in all versions up to, and including, 1.6.11.5. This is due to a publicly accessible REST API endpoint /wp-json/ssa/v1/async that calls PHP's sleep function on a...

5.3CVSS5.7AI score0.0035EPSS
Exploits0References2
CVE
CVE
added 2026/05/27 1:26 a.m.23 views

CVE-2026-7493

The CVE concerns the WordPress plugin Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin . Affected versions are all up to and including 1.6.11.5 . The root cause is a publicly accessible REST API endpoint /wp-json/ssa/v1/async that calls PHP’s sleep() with a user-supplied...

5.3CVSS5.7AI score0.0035EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.7 views

WordPress plugin Master Slider 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.6AI score0.00182EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.9 views

WordPress plugin BitForm 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.7AI score0.00193EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.7 views

WordPress plugin Backup and Staging by WP Time Capsule 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.5CVSS5.8AI score0.00291EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.7 views

WordPress plugin LiteSpeed Cache 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

7.2CVSS5.8AI score0.00359EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.7 views

WordPress plugin GNTT Post Title Ticker 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.8AI score0.00187EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.9 views

WordPress plugin Favicon 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

7.1CVSS5.7AI score0.00203EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.13 views

WordPress plugin Enable jQuery Migrate Helper 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.5CVSS5.8AI score0.00277EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.9 views

WordPress plugin WP Promoter 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.1CVSS5.7AI score0.00119EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.14 views

PT-2026-43521

The Content Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level acces...

6.4CVSS6AI score0.00187EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.11 views

PT-2026-43478

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to denial of service in all versions up to, and including, 1.6.11.5. This is due to a publicly accessible REST API endpoint /wp-json/ssa/v1/async that calls PHP's sleep function on a...

5.3CVSS5.7AI score0.0035EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.16 views

PT-2026-43536

The CDN Linker lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the ossdl off options function. This makes it possible for unauthenticated attackers to update the plugin's setting...

4.3CVSS5.7AI score0.0014EPSS
Exploits0References5
Rows per page
Query Builder