Lucene search
K

264432 matches found

CNNVD
CNNVD
added 2026/05/27 12:0 a.m.8 views

WordPress plugin Affiliate Super Assistent 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.1CVSS5.6AI score0.00146EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.8 views

WordPress plugin NS Product icon badge 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.1CVSS5.7AI score0.00211EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.7 views

WordPress plugin CDN Linker lite 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

4.3CVSS5.7AI score0.0014EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

WordPress plugin HT Contact Form 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.1CVSS5.6AI score0.00175EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.11 views

PT-2026-44023

Name of the Vulnerable Software and Affected Versions Adminimize versions prior to 1.11.12 Description A missing authorization issue in WP Media Adminimize allows for the exploitation of incorrectly configured access control security levels. This is a broken access control flaw where the system...

4.3CVSS5.8AI score0.00213EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.12 views

PT-2026-43531

The Auto Thumbnail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'thumbnails' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on the shortcode's 'width' and 'height' attributes in the athn thumbnai...

6.4CVSS6AI score0.00198EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.12 views

PT-2026-43477

The Style Kits – Advanced Theme Styles for Elementor, Elementor Kits & Elementor Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '/wp-json/agwp/v1/tokens/save' endpoint kit title parameter in versions up to, and including, 2.5.0 due to insufficient input...

6.4CVSS6AI score0.00156EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.9 views

PT-2026-43506

Name of the Vulnerable Software and Affected Versions Login with OTP plugin for WordPress versions prior to 1.7 Description An authentication bypass exists due to an incomplete fix in the otpl login action function. The rate-limit and lockout checks are only applied during the OTP generation phas...

9.8CVSS5.8AI score0.00595EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.15 views

PT-2026-43523

The Responsive Video Embedder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rem video' shortcode in versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes notably 'id' and 'list' in the video...

6.4CVSS6AI score0.00235EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.15 views

PT-2026-43632

The Xpro Elementor Addons - Pro plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 1.4.7 via the Draw SVG widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on...

6.5CVSS5.9AI score0.00281EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.9 views

WordPress plugin WebinarIgnition 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

9.8CVSS5.8AI score0.00308EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.13 views

PT-2026-43495

The CM Ad Changer – A simple tool to control and optimize your site's banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the cmac campaigns action function. This makes it...

4.3CVSS5.9AI score0.00128EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.7 views

WordPress plugin Content Slideshow 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.8AI score0.00187EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.13 views

PT-2026-43539

The WP Promoter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reset stats function in versions up to, and including, 1.3. The function is hooked to both the wp ajax wpp-reset stats and wp ajax nopriv wpp-reset stats actions and...

5.3CVSS5.8AI score0.00268EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.12 views

PT-2026-43534

The auto making JSON-LD plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the amJL certification function. This makes it possible for unauthenticated attackers to update the plugin'...

4.3CVSS5.7AI score0.0014EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

WordPress plugin Search Simple Fields 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.7AI score0.0014EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.15 views

PT-2026-43510

The Responsive Check plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rspcheck' shortcode in versions up to, and including, 0.0.3. This is due to insufficient input sanitization and output escaping on the 'url' and 'button' shortcode attributes in the rspc check shortcod...

6.4CVSS6AI score0.00204EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.11 views

WordPress plugin SVG Support 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

4.3CVSS5.8AI score0.002EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

WordPress plugin WPify Woo Czech 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

9.9CVSS5.9AI score0.00266EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.8 views

WordPress plugin PropertyHive 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.1CVSS5.6AI score0.00175EPSS
Exploits0References1
Rows per page
Query Builder