Lucene search
K

264435 matches found

Cvelist
Cvelist
added 2026/05/26 7:31 p.m.32 views

CVE-2026-24520 WordPress Tiktok Feed plugin <= 1.0.24 - Broken Access Control vulnerability

Missing Authorization vulnerability in bPlugins Tiktok Feed allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Tiktok Feed: from n/a through 1.0.24...

4.3CVSS0.00155EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/26 7:31 p.m.10 views

WordPress Taxi Booking Manager for WooCommerce plugin <= 2.0.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin Taxi Booking Manager for WooCommerce versions = 2.0.1...

5.3CVSS5.8AI score0.00191EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/05/26 7:30 p.m.15 views

CVE-2026-25444

CVE-2026-25444 concerns the WordPress plugin WordPress WpBookingly (Magepeople Inc.), affected versions:

4.3CVSS5.8AI score0.00155EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/26 7:30 p.m.12 views

CVE-2026-25444 WordPress WpBookingly plugin <= 1.2.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpBookingly: from n/a through 1.2.9...

4.3CVSS5.8AI score0.00155EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/26 7:30 p.m.26 views

CVE-2026-25444 WordPress WpBookingly plugin <= 1.2.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpBookingly: from n/a through 1.2.9...

4.3CVSS0.00155EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/26 7:30 p.m.8 views

WordPress Tiktok Feed plugin <= 1.0.24 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Tiktok Feed versions = 1.0.24...

4.3CVSS5.8AI score0.00155EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/05/26 7:29 p.m.32 views

CVE-2026-27331 WordPress WpTravelly plugin <= 2.1.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Magepeople inc. WpTravelly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpTravelly: from n/a through 2.1.5...

6.3CVSS0.00157EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/26 7:29 p.m.8 views

CVE-2026-27331 WordPress WpTravelly plugin <= 2.1.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Magepeople inc. WpTravelly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpTravelly: from n/a through 2.1.5...

6.3CVSS5.8AI score0.00157EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/26 7:29 p.m.9 views

CVE-2026-27331

Missing Authorization vulnerability in Magepeople inc. WpTravelly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpTravelly: from n/a through 2.1.5...

6.3CVSS5.8AI score0.00157EPSS
Exploits0References2
CVE
CVE
added 2026/05/26 7:29 p.m.13 views

CVE-2026-27331

Summary: CVE-2026-27331 affects the WordPress plugin WpTravelly (

6.3CVSS5.8AI score0.00157EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/26 7:29 p.m.8 views

WordPress WpBookingly plugin <= 1.2.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by johska in WordPress Plugin WpBookingly versions = 1.2.9...

4.3CVSS5.8AI score0.00155EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/26 7:27 p.m.8 views

WordPress WpTravelly plugin <= 2.1.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by johska in WordPress Plugin WpTravelly versions = 2.1.5...

6.3CVSS5.8AI score0.00157EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/26 7:7 p.m.7 views

WordPress WP Promoter plugin <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab - Pondok Teknologi in WordPress Plugin WP Promoter versions = 1.3...

6.1CVSS5.8AI score0.00119EPSS
Exploits0References1Affected Software1
Metasploit
Metasploit
added 2026/05/26 7:1 p.m.232 views

Supsystic Contact Form Wordpress Plugin SSTI RCE

This module performs SSTI achieving RCE in webpages containing the Contact Form Wordpress plugin by Supsystic in versions 1.7.36 and before. Module Options msf use exploit/multi/http/wppluginsupsysticcontactformrce msf exploitwppluginsupsysticcontactformrce show targets ...targets... msf...

9.8CVSS5.2AI score0.41475EPSS
Exploits7
Patchstack
Patchstack
added 2026/05/26 6:57 p.m.8 views

WordPress MetaMagic SEO Plugin plugin <= 1.6 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin MetaMagic SEO Plugin versions = 1.6...

4.3CVSS5.8AI score0.00124EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/26 6:56 p.m.8 views

WordPress Github Shortcode plugin <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Github Shortcode versions = 0.1...

6.4CVSS5.8AI score0.00191EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/26 5:34 p.m.8 views

WordPress WPBakery Page Builder Addons by Livemesh plugin <= 3.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Livemesh Addons for WPBakery Page Builder versions = 3.9.4...

6.4CVSS5.8AI score0.00235EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/26 5:33 p.m.8 views

WordPress EnvíaloSimple: Email Marketing y Newsletters plugin <= 2.4.5 - Authenticated (Administrator+) SQL Injection vulnerability

Authenticated Administrator+ SQL Injection vulnerability discovered by Maurice Fielenbach Hexastrike - Hexastrike Cybersecurity UG haftungsbeschränkt in WordPress Plugin EnvíaloSimple versions = 2.4.5...

4.9CVSS5.9AI score0.00294EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/26 5:27 p.m.10 views

WordPress Shortcode Buddy plugin <= 0.1.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Shortcode Buddy versions = 0.1.9.5...

6.4CVSS5.8AI score0.00235EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/26 5:27 p.m.9 views

WordPress iWR Tooltip plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin iWR Tooltip versions = 1.0...

6.4CVSS5.8AI score0.00187EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder