Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

263199 matches found

Cvelist
Cvelistadded 5 days ago29 views

CVE-2016-20077 WordPress Plugin Photocart Link 1.6 Local File Inclusion via decode.php

WordPress Plugin Photocart Link 1.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in decode.php. Attackers can supply base64-encoded file paths in the 'id' parameter to the decode.php endpoin...

6.9CVSS0.00374EPSS
Exploits0References3
EUVD
EUVDadded 5 days ago4 views

EUVD-2016-10889

WordPress Plugin Photocart Link 1.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in decode.php. Attackers can supply base64-encoded file paths in the 'id' parameter to the decode.php endpoin...

6.9CVSS5.4AI score0.00374EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 5 days ago4 views

CVE-2016-20078 WordPress IMDb Profile Widget 1.0.8 Local File Inclusion via pic.php

WordPress IMDb Profile Widget 1.0.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the url parameter. Attackers can supply directory traversal sequences in GET requests to pic.php to access sensitive files like...

6.9CVSS5.4AI score0.00688EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 5 days ago4 views

CVE-2016-20077 WordPress Plugin Photocart Link 1.6 Local File Inclusion via decode.php

WordPress Plugin Photocart Link 1.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in decode.php. Attackers can supply base64-encoded file paths in the 'id' parameter to the decode.php endpoin...

6.9CVSS5.4AI score0.00374EPSS
Exploits0References3
Cvelist
Cvelistadded 5 days ago27 views

CVE-2016-20078 WordPress IMDb Profile Widget 1.0.8 Local File Inclusion via pic.php

WordPress IMDb Profile Widget 1.0.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the url parameter. Attackers can supply directory traversal sequences in GET requests to pic.php to access sensitive files like...

6.9CVSS0.00688EPSS
Exploits0References3
EUVD
EUVDadded 5 days ago6 views

EUVD-2016-10890

WordPress IMDb Profile Widget 1.0.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the url parameter. Attackers can supply directory traversal sequences in GET requests to pic.php to access sensitive files like...

6.9CVSS5.4AI score0.00688EPSS
Exploits0References3
CVE
CVEadded 5 days ago5 views

CVE-2016-20076

WordPress Simple-Backup 2.7.11 is affected by multiple vulnerabilities that allow unauthenticated attackers to delete arbitrary files and download sensitive files via the delete_backup_file and download_backup_file parameters in tools.php. The issue arises from insufficient input validation and d...

8.7CVSS5.5AI score0.00601EPSS
Exploits0References2
Cvelist
Cvelistadded 5 days ago26 views

CVE-2016-20076 WordPress Simple-Backup 2.7.11 Arbitrary File Deletion and Download

WordPress Simple-Backup 2.7.11 contains multiple vulnerabilities that allow unauthenticated attackers to delete arbitrary files and download sensitive files by manipulating the deletebackupfile and downloadbackupfile parameters in tools.php. Attackers can exploit insufficient input validation usi...

8.7CVSS0.00601EPSS
Exploits0References2
EUVD
EUVDadded 5 days ago7 views

EUVD-2016-10888

WordPress Simple-Backup 2.7.11 contains multiple vulnerabilities that allow unauthenticated attackers to delete arbitrary files and download sensitive files by manipulating the deletebackupfile and downloadbackupfile parameters in tools.php. Attackers can exploit insufficient input validation usi...

8.7CVSS5.5AI score0.00601EPSS
Exploits0References2
CVE
CVEadded 5 days ago6 views

CVE-2016-20074

CVE-2016-20074 affects WordPress the Lazy Content Slider Plugin version 3.4. The issue is a CSRF that lets an attacker trick authenticated admins into submitting POST requests to lzcs_admin.php to alter plugin settings such as lzcs_color and lzcs_count. The vulnerability arises from insufficient ...

5.3CVSS5.2AI score0.00106EPSS
Exploits0References2
CVE
CVEadded 5 days ago5 views

CVE-2016-20075

CVE-2016-20075 affects WordPress Ultimate Product Catalog 3.8.6. The vulnerability is an arbitrary file upload via the custom fields feature, exploitable by authenticated users with contributor, editor, author, or administrator roles. By uploading malicious files (e.g., PHP shells) through the Pr...

8.8CVSS6AI score0.00327EPSS
Exploits0References3
Cvelist
Cvelistadded 5 days ago27 views

CVE-2016-20075 WordPress Ultimate Product Catalog 3.8.6 Arbitrary File Upload RCE

WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields functionality. Attackers can upload PHP shells through the...

8.8CVSS0.00327EPSS
Exploits0References3
EUVD
EUVDadded 5 days ago5 views

EUVD-2016-10887

WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields functionality. Attackers can upload PHP shells through the...

8.8CVSS6AI score0.00327EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 5 days ago4 views

CVE-2016-20074 WordPress Lazy Content Slider Plugin 3.4 CSRF

WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into submitting POST requests to the plugin settings page via...

5.3CVSS5.1AI score0.00106EPSS
Exploits0References2
Cvelist
Cvelistadded 5 days ago27 views

CVE-2016-20074 WordPress Lazy Content Slider Plugin 3.4 CSRF

WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into submitting POST requests to the plugin settings page via...

5.3CVSS0.00106EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 5 days ago4 views

CVE-2016-20075 WordPress Ultimate Product Catalog 3.8.6 Arbitrary File Upload RCE

WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields functionality. Attackers can upload PHP shells through the...

8.8CVSS6AI score0.00327EPSS
Exploits0References3
EUVD
EUVDadded 5 days ago4 views

EUVD-2016-10886

WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into submitting POST requests to the plugin settings page via...

5.3CVSS5.1AI score0.00106EPSS
Exploits0References2
CVE
CVEadded 5 days ago6 views

CVE-2016-20073

The Answer My Question 1.3 WordPress plugin contains an unauthenticated SQL injection in modal.php via the id POST parameter, enabling attackers to execute arbitrary SQL and extract sensitive database information (e.g., WordPress terms and configuration data). CVSS metrics are provided: CVSS v3.1...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References4
Cvelist
Cvelistadded 5 days ago26 views

CVE-2016-20073 Answer My Question 1.3 Plugin WordPress SQL Injection via modal.php

Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' POST parameter. Attackers can submit crafted SQL statements to the modal.php endpoint to extract...

8.8CVSS0.0027EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 5 days ago4 views

CVE-2016-20073 Answer My Question 1.3 Plugin WordPress SQL Injection via modal.php

Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' POST parameter. Attackers can submit crafted SQL statements to the modal.php endpoint to extract...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References4
Rows per page
Query Builder