Lucene search
K

264402 matches found

Cvelist
Cvelist
added 2026/05/27 9:49 a.m.30 views

CVE-2026-42751 WordPress Booking Manager plugin <= 2.1.18 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpdevelop Booking Manager booking-manager allows Stored XSS.This issue affects Booking Manager: from n/a through = 2.1.18...

6.5CVSS0.0013EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 9:49 a.m.17 views

CVE-2026-42751

The CVE-2026-42751 entry concerns the WordPress Booking Manager plugin by wpdevelop, affected in versions up to 2.1.18. The vulnerability is due to improper neutralization of input during web page generation, enabling a Stored XSS vulnerability in the Booking Manager component. The available conn...

6.5CVSS5.8AI score0.0013EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 9:49 a.m.8 views

CVE-2026-42748 WordPress WPify Woo Czech plugin <= 5.4.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from n/a through = 5.4.1...

9.9CVSS5.8AI score0.00266EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 9:49 a.m.23 views

CVE-2026-42744

The CVE-2026-42744 entry concerns the WordPress Ads by WPQuads plugin (quick-adsense-reloaded) version

6.5CVSS5.8AI score0.00207EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 9:49 a.m.33 views

CVE-2026-42740 WordPress Tainacan plugin <= 1.0.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in tainacan Tainacan tainacan allows Blind SQL Injection.This issue affects Tainacan: from n/a through = 1.0.3...

9.3CVSS0.00236EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 9:49 a.m.31 views

CVE-2026-42756

CVE-2026-42756 affects the WordPress QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly plugin up to version 3.2.7. It is an improper pathname limitation (path traversal) vulnerability in QuickWebP that can lead to arbitrary file deletion. Exploitation details are not provided i...

9.9CVSS5.8AI score0.00336EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 9:49 a.m.16 views

CVE-2026-42737

CVE-2026-42737 affects the WordPress VikBooking Hotel Booking Engine & PMS plugin (≤1.8.9). The issue is an improper limitation of a pathname to a restricted directory (path traversal), enabling potential arbitrary file deletion. The CVSS 3.1 base score is 8.6 (HIGH) with Network attack, no user ...

8.6CVSS5.8AI score0.00345EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 9:49 a.m.29 views

CVE-2026-42736 WordPress BP Better Messages plugin <= 2.14.16 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in wordplus BP Better Messages bp-better-messages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BP Better Messages: from n/a through = 2.14.16...

7.5CVSS0.00246EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 9:49 a.m.30 views

CVE-2026-42728 WordPress HT Contact Form 7 plugin <= 2.8.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HT Plugins HT Contact Form 7 ht-contactform allows Stored XSS.This issue affects HT Contact Form 7: from n/a through = 2.8.2...

7.1CVSS0.00175EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 9:49 a.m.15 views

CVE-2026-42733

Summary: CVE-2026-42733 affects the WordPress RealMag777 WPCS currency-switcher plugin (WPCS) versions up to and including 1.3.1. The issue is a DOM-based XSS caused by improper input neutralization during web page generation . Reported CVSS v3.1 metrics indicate a base score of 7.1 (HIGH) with n...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 9:49 a.m.19 views

CVE-2026-42738

The CVE-2026-42738 entry concerns the WordPress Clover-based plugin Smart Online Order for Clover (clover-online-orders), affected versions up to and including 1.6.0. A stored XSS flaw arises from improper neutralization of input during web page generation, enabling malicious input to be stored a...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 9:49 a.m.34 views

CVE-2026-42737 WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.9 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows Path Traversal.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through = 1.8.9...

8.6CVSS0.00345EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 9:49 a.m.15 views

CVE-2026-42736

BP Better Messages WordPress plugin ≤ 2.14.16 is affected by an Insecure Direct Object Reference (IDOR) vulnerability that enables an authorization bypass via a user-controlled key due to misconfigured access controls. Affected component: BP Better Messages plugin for WordPress; root cause: impro...

7.5CVSS5.8AI score0.00246EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 9:49 a.m.11 views

CVE-2026-42738 WordPress Smart Online Order for Clover plugin <= 1.6.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Stored XSS.This issue affects Smart Online Order for Clover: from n/a through = 1.6.0...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 9:49 a.m.7 views

CVE-2026-42735 WordPress KiviCare plugin <= 4.3.0 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Password Recovery Exploitation.This issue affects KiviCare: from n/a through = 4.3.0...

8.2CVSS5.8AI score0.00255EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 9:49 a.m.9 views

CVE-2026-42733 WordPress WPCS plugin <= 1.3.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 WPCS currency-switcher allows DOM-Based XSS.This issue affects WPCS: from n/a through = 1.3.1...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 9:49 a.m.9 views

CVE-2026-42725 WordPress Checkout Files Upload for WooCommerce plugin <= 2.2.5 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in WP Wham Checkout Files Upload for WooCommerce checkout-files-upload-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout Files Upload for WooCommerce: from n/a through =...

6.5CVSS5.8AI score0.00273EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 9:49 a.m.7 views

CVE-2026-42728 WordPress HT Contact Form 7 plugin <= 2.8.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HT Plugins HT Contact Form 7 ht-contactform allows Stored XSS.This issue affects HT Contact Form 7: from n/a through = 2.8.2...

7.1CVSS5.8AI score0.00175EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 9:49 a.m.31 views

CVE-2026-42730 WordPress MasterStudy LMS plugin <= 3.7.29 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through = 3.7.29...

8.5CVSS0.00253EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 9:49 a.m.30 views

CVE-2026-42738 WordPress Smart Online Order for Clover plugin <= 1.6.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Stored XSS.This issue affects Smart Online Order for Clover: from n/a through = 1.6.0...

7.1CVSS0.00146EPSS
Exploits0References1
Rows per page
Query Builder