Lucene search
K

264252 matches found

CVE
CVE
added 2026/05/27 9:49 a.m.21 views

CVE-2026-42757

The CVE-2026-42757 issue affects the WordPress WebinarIgnition plugin (vulnerable:

9.9CVSS5.8AI score0.00346EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 9:49 a.m.18 views

CVE-2026-42754

The CVE-2026-42754 entry describes a Reflected XSS vulnerability in the WordPress plugin favicon-by-realfavicongenerator (Favicon), affecting versions up to and including 1.3.46. The underlying issue is improper neutralization of input during web page generation. Impact is Cross-Site Scripting, w...

7.1CVSS5.8AI score0.00203EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 9:49 a.m.15 views

CVE-2026-42755

CVE-2026-42755 affects the WordPress RealMag777 TableOn plugin, specifically the posts-table-filterable component, with versions up to and including 1.0.5.1. The issue is an improper neutralization of special elements used in SQL commands, resulting in a Blind SQL Injection vulnerability. The CVS...

9.3CVSS5.8AI score0.00236EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 9:49 a.m.18 views

CVE-2026-42748

CVE-2026-42748 affects the WordPress plugin WPify Woo Czech (WPify WPify Woo Czech)

9.9CVSS5.8AI score0.00266EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 9:49 a.m.22 views

CVE-2026-42758

CVE-2026-42758 is a privilege-escalation vulnerability in the WordPress WebinarIgnition plugin (Saleswonder Team: Tobias WebinarIgnition). The issue is described as Incorrect Privilege Assignment and affects WebinarIgnition versions before 4.08.253. The vulnerability is categorized with a high/cr...

9.8CVSS5.8AI score0.00308EPSS
Exploits1References1
CVE
CVE
added 2026/05/27 9:49 a.m.20 views

CVE-2026-42747

CVE-2026-42747 describes a Blind SQL Injection in the WordPress plugin Easy Form Builder (hassantafreshi) up to version 4.0.6. The issue is due to improper neutralization of special elements in SQL commands, enabling an attacker to exploit it without user interaction. Impact is stated as high con...

9.3CVSS5.8AI score0.00236EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 9:49 a.m.30 views

CVE-2026-42751 WordPress Booking Manager plugin <= 2.1.18 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpdevelop Booking Manager booking-manager allows Stored XSS.This issue affects Booking Manager: from n/a through = 2.1.18...

6.5CVSS0.0013EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 9:49 a.m.17 views

CVE-2026-42751

The CVE-2026-42751 entry concerns the WordPress Booking Manager plugin by wpdevelop, affected in versions up to 2.1.18. The vulnerability is due to improper neutralization of input during web page generation, enabling a Stored XSS vulnerability in the Booking Manager component. The available conn...

6.5CVSS5.8AI score0.0013EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 9:49 a.m.8 views

CVE-2026-42748 WordPress WPify Woo Czech plugin <= 5.4.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from n/a through = 5.4.1...

9.9CVSS5.8AI score0.00266EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 9:49 a.m.7 views

CVE-2026-42740 WordPress Tainacan plugin <= 1.0.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in tainacan Tainacan tainacan allows Blind SQL Injection.This issue affects Tainacan: from n/a through = 1.0.3...

9.3CVSS5.8AI score0.00236EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 9:49 a.m.11 views

CVE-2026-42754 WordPress Favicon plugin <= 1.3.46 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in phbernard Favicon favicon-by-realfavicongenerator allows Reflected XSS.This issue affects Favicon: from n/a through = 1.3.46...

7.1CVSS5.8AI score0.00203EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 9:49 a.m.7 views

CVE-2026-42749 WordPress Disable Comments for Any Post Types (Remove comments) plugin <= 1.3.0 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeisle Disable Comments for Any Post Types Remove comments comments-plus allows Password Recovery Exploitation.This issue affects Disable Comments for Any Post Types Remove comments: from n/a through = 1.3.0...

7.1CVSS5.8AI score0.00243EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 9:49 a.m.9 views

CVE-2026-42759 WordPress Affiliate Super Assistent plugin <= 1.10.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Timo Affiliate Super Assistent amazonsimpleadmin allows Stored XSS.This issue affects Affiliate Super Assistent: from n/a through = 1.10.1...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 9:49 a.m.23 views

CVE-2026-42744

The CVE-2026-42744 entry concerns the WordPress Ads by WPQuads plugin (quick-adsense-reloaded) version

6.5CVSS5.8AI score0.00207EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 9:49 a.m.33 views

CVE-2026-42740 WordPress Tainacan plugin <= 1.0.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in tainacan Tainacan tainacan allows Blind SQL Injection.This issue affects Tainacan: from n/a through = 1.0.3...

9.3CVSS0.00236EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 9:49 a.m.16 views

CVE-2026-42737

CVE-2026-42737 affects the WordPress VikBooking Hotel Booking Engine & PMS plugin (≤1.8.9). The issue is an improper limitation of a pathname to a restricted directory (path traversal), enabling potential arbitrary file deletion. The CVSS 3.1 base score is 8.6 (HIGH) with Network attack, no user ...

8.6CVSS5.8AI score0.00345EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 9:49 a.m.29 views

CVE-2026-42736 WordPress BP Better Messages plugin <= 2.14.16 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in wordplus BP Better Messages bp-better-messages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BP Better Messages: from n/a through = 2.14.16...

7.5CVSS0.00246EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 9:49 a.m.30 views

CVE-2026-42728 WordPress HT Contact Form 7 plugin <= 2.8.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HT Plugins HT Contact Form 7 ht-contactform allows Stored XSS.This issue affects HT Contact Form 7: from n/a through = 2.8.2...

7.1CVSS0.00175EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 9:49 a.m.15 views

CVE-2026-42733

Summary: CVE-2026-42733 affects the WordPress RealMag777 WPCS currency-switcher plugin (WPCS) versions up to and including 1.3.1. The issue is a DOM-based XSS caused by improper input neutralization during web page generation . Reported CVSS v3.1 metrics indicate a base score of 7.1 (HIGH) with n...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 9:49 a.m.19 views

CVE-2026-42738

The CVE-2026-42738 entry concerns the WordPress Clover-based plugin Smart Online Order for Clover (clover-online-orders), affected versions up to and including 1.6.0. A stored XSS flaw arises from improper neutralization of input during web page generation, enabling malicious input to be stored a...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References1
Rows per page
Query Builder