Lucene search
K

264433 matches found

Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.12 views

PT-2026-43478

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to denial of service in all versions up to, and including, 1.6.11.5. This is due to a publicly accessible REST API endpoint /wp-json/ssa/v1/async that calls PHP's sleep function on a...

5.3CVSS5.7AI score0.0035EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.8 views

WordPress plugin Active Products Tables for WooCommerce SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

9.3CVSS5.9AI score0.00229EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/26 11:13 p.m.9 views

WordPress KiviCare plugin <= 4.3.0 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by kai63001 in WordPress Plugin KiviCare versions = 4.3.0...

8.2CVSS5.8AI score0.00255EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/05/26 8:58 p.m.34 views

CVE-2025-14361 WordPress Woocommerce Envato Affiliates plugin <= 1.2.1 - Settings Change vulnerability

Missing Authorization vulnerability in AA-Team Woocommerce Envato Affiliates allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Woocommerce Envato Affiliates: from n/a through 1.2.1...

7.1CVSS0.00248EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/26 8:58 p.m.8 views

CVE-2025-14361 WordPress Woocommerce Envato Affiliates plugin <= 1.2.1 - Settings Change vulnerability

Missing Authorization vulnerability in AA-Team Woocommerce Envato Affiliates allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Woocommerce Envato Affiliates: from n/a through 1.2.1...

7.1CVSS5.8AI score0.00248EPSS
Exploits0References1
CVE
CVE
added 2026/05/26 8:58 p.m.19 views

CVE-2025-14361

CVE-2025-14361 affects the WordPress plugin AA-Team Woocommerce Envato Affiliates (

7.1CVSS5.8AI score0.00248EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/26 8:55 p.m.8 views

WordPress Xpro Elementor Addons - Pro plugin <= 1.4.7 - Pro <= 1.4.7 - Authenticated (Contributor+) Arbitrary File Read vulnerability

WordPress Xpro Elementor Addons - Pro plugin = 1.4.7 - Pro = 1.4.7 - Authenticated Contributor+ Arbitrary File Read vulnerability discovered by stealthcopter in WordPress Plugin Xpro Elementor Addons - Pro versions = 1.4.7...

6.5CVSS5.8AI score0.00281EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/26 8:48 p.m.7 views

WordPress MinhNhut Link Gateway plugin <= 3.6.1 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by san6051 - COFFSec in WordPress Plugin MinhNhut Link Gateway versions = 3.6.1...

4.4CVSS5.8AI score0.00237EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/26 8:46 p.m.8 views

WordPress myLinksDump plugin <= 1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by san6051 - COFFSec in WordPress Plugin myLinksDump versions = 1.6...

4.8CVSS5.8AI score0.0023EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/26 8:44 p.m.6 views

WordPress rexCrawler plugin <= 1.0.15 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by san6051 - COFFSec in WordPress Plugin rexCrawler versions = 1.0.15...

4.8CVSS5.8AI score0.0023EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/26 8:14 p.m.9 views

CVE-2026-6895

The WishList Member plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Disclosure and Privilege Escalation in versions up to and including 3.30.1. This is due to the missing capability checks in the 'exportsettings' function. This function returns the RES...

8.8CVSS5.8AI score0.00248EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/26 8:14 p.m.9 views

CVE-2026-6419

The WishList Member plugin for WordPress is vulnerable to Privilege Escalation via Missing Authorization in versions up to and including 3.30.1. This is due to the missing capability and nonce check in the ajaxgetscreen function. This makes it possible for authenticated attackers, with...

8.8CVSS5.9AI score0.00258EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/26 8:14 p.m.13 views

CVE-2026-6897

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember\Features\TeamAccounts::savesettings' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated attackers, with...

8.8CVSS5.8AI score0.00244EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/26 7:32 p.m.35 views

CVE-2026-25426 WordPress Taxi Booking Manager for WooCommerce plugin <= 2.0.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Magepeople inc. Taxi Booking Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Taxi Booking Manager for WooCommerce: from n/a through 2.0.1...

5.3CVSS0.00191EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/26 7:32 p.m.9 views

CVE-2026-25426 WordPress Taxi Booking Manager for WooCommerce plugin <= 2.0.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Magepeople inc. Taxi Booking Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Taxi Booking Manager for WooCommerce: from n/a through 2.0.1...

5.3CVSS5.8AI score0.00191EPSS
Exploits0References1
CVE
CVE
added 2026/05/26 7:32 p.m.14 views

CVE-2026-25426

The CVE-2026-25426 entry concerns the WordPress plugin Taxi Booking Manager for WooCommerce (Magepeople) with versions up to 2.0.1 . The vulnerability is described as a Missing Authorization / Broken Access Control flaw caused by incorrectly configured access control security levels , enabling un...

5.3CVSS5.8AI score0.00191EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/26 7:31 p.m.9 views

CVE-2026-24520 WordPress Tiktok Feed plugin <= 1.0.24 - Broken Access Control vulnerability

Missing Authorization vulnerability in bPlugins Tiktok Feed allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Tiktok Feed: from n/a through 1.0.24...

4.3CVSS5.8AI score0.00155EPSS
Exploits0References1
CVE
CVE
added 2026/05/26 7:31 p.m.18 views

CVE-2026-24520

CVE-2026-24520 concerns the WordPress Tiktok Feed plugin with a Missing Authorization vulnerability leading to Broken Access Control. Affected: Tiktok Feed versions up to and including 1.0.24. Root cause: incorrectly configured access control, enabling exploitation of access levels. CVSS 3.1 base...

4.3CVSS5.8AI score0.00155EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/26 7:31 p.m.32 views

CVE-2026-24520 WordPress Tiktok Feed plugin <= 1.0.24 - Broken Access Control vulnerability

Missing Authorization vulnerability in bPlugins Tiktok Feed allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Tiktok Feed: from n/a through 1.0.24...

4.3CVSS0.00155EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/26 7:31 p.m.10 views

WordPress Taxi Booking Manager for WooCommerce plugin <= 2.0.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin Taxi Booking Manager for WooCommerce versions = 2.0.1...

5.3CVSS5.8AI score0.00191EPSS
Exploits0Affected Software1
Rows per page
Query Builder