Lucene search
K

264430 matches found

Patchstack
Patchstack
added 2026/05/27 9:13 a.m.8 views

WordPress WPBakery Page Builder Addons by Livemesh plugin <= 3.9.4 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Livemesh Addons for WPBakery Page Builder versions = 3.9.4...

6.4CVSS5.8AI score0.00223EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/27 9:13 a.m.9 views

WordPress Livemesh Addons for Beaver Builder plugin <= 3.9.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Livemesh Addons for Beaver Builder versions = 3.9.2...

6.4CVSS5.8AI score0.00223EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/27 9:12 a.m.9 views

WordPress Enable jQuery Migrate Helper plugin <= 1.4.1 - Missing Authorization to Authenticated (Subscriber+) jQuery Version Downgrade vulnerability

Missing Authorization to Authenticated Subscriber+ jQuery Version Downgrade vulnerability discovered by Chiao-Lin Yu Steven Meow - Trend Micro in WordPress Plugin Enable jQuery Migrate Helper versions = 1.4.1...

6.5CVSS5.8AI score0.00277EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/27 9:12 a.m.12 views

WordPress WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager plugin <= 2.3.5 - Authenticated (Author+) Remote Code Execution vulnerability

Authenticated Author+ Remote Code Execution vulnerability discovered by Win3 in WordPress Plugin WPCode versions = 2.3.5...

8.8CVSS5.8AI score0.01214EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2026/05/27 9:10 a.m.8 views

WordPress Firebase Support & Chat Management plugin <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation vulnerability

Missing Authorization to Authenticated Subscriber+ Privilege Escalation vulnerability discovered by Farrukh Ziyaev in WordPress Plugin Firebase Support & Chat Management versions = 3.1.1...

8.8CVSS5.8AI score0.00283EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/27 9:9 a.m.13 views

WordPress Login with NEAR plugin <= 0.3.3 - Authentication Bypass vulnerability

Authentication Bypass vulnerability discovered by g0wthr in WordPress Plugin Login with NEAR versions = 0.3.3...

8.1CVSS5.8AI score0.0039EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/27 9:5 a.m.13 views

WordPress Boost plugin <= 2.0.3 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Boost versions = 2.0.3...

9.8CVSS5.8AI score0.00573EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/27 8:48 a.m.29 views

CVE-2026-48968 WordPress Master Slider plugin <= 3.10.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Averta Master Slider allows DOM-Based XSS. This issue affects Master Slider: from n/a through 3.10.8...

6.5CVSS0.00182EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 8:48 a.m.9 views

CVE-2026-48968 WordPress Master Slider plugin <= 3.10.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Averta Master Slider allows DOM-Based XSS. This issue affects Master Slider: from n/a through 3.10.8...

6.5CVSS5.8AI score0.00182EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 8:48 a.m.18 views

CVE-2026-48968

The CVE-2026-48968 entry describes a DOM-based XSS vulnerability in the WordPress plugin Master Slider, affecting versions up to 3.10.8. The issue is caused by improper neutralization of input during web page generation. Impact is described as cross-site scripting with low to moderate implication...

6.5CVSS5.8AI score0.00182EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 8:47 a.m.27 views

CVE-2026-48877 WordPress GenerateBlocks plugin <= 2.1.0 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Tom GenerateBlocks allows Retrieve Embedded Sensitive Data. This issue affects GenerateBlocks: from n/a through 2.1.0...

6.5CVSS0.00298EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 8:47 a.m.8 views

CVE-2026-48877 WordPress GenerateBlocks plugin <= 2.1.0 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Tom GenerateBlocks allows Retrieve Embedded Sensitive Data. This issue affects GenerateBlocks: from n/a through 2.1.0...

6.5CVSS5.8AI score0.00298EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 8:47 a.m.18 views

CVE-2026-48877

CVE-2026-48877 affects WordPress GenerateBlocks plugin

6.5CVSS5.8AI score0.00298EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/27 8:47 a.m.12 views

WordPress Master Slider plugin <= 3.10.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin Master Slider versions = 3.10.8...

6.5CVSS5.8AI score0.00182EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/27 8:46 a.m.7 views

WordPress GenerateBlocks plugin <= 2.1.0 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Abu Hurayra in WordPress Plugin GenerateBlocks versions = 2.1.0...

6.5CVSS5.8AI score0.00298EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/27 8:40 a.m.8 views

CVE-2025-52747 WordPress Themebox - Digital Products Ecommerce theme <= 1.4.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jthemes Themebox - Digital Products Ecommerce allows Reflected XSS. This issue affects Themebox - Digital Products Ecommerce: from n/a through 1.4.2...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 8:40 a.m.13 views

CVE-2025-52747

CVE-2025-52747 affects Themebox - Digital Products Ecommerce (WordPress Themebox) up to version 1.4.2. The vulnerability is due to improper neutralization of input during web page generation causing Reflected XSS . CVSSv3.1 base score 7.1 (HIGH). No exploit details or remediation are provided in ...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 8:40 a.m.30 views

CVE-2025-52747 WordPress Themebox - Digital Products Ecommerce theme <= 1.4.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jthemes Themebox - Digital Products Ecommerce allows Reflected XSS. This issue affects Themebox - Digital Products Ecommerce: from n/a through 1.4.2...

7.1CVSS0.0018EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 8:35 a.m.17 views

CVE-2025-22741

CVE-2025-22741 concerns a Reflected Cross-Site Scripting in RiceTheme Felan Framework and the WordPress Felan Framework plugin (

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 8:35 a.m.6 views

CVE-2025-22741 WordPress Felan Framework plugin <= 1.1.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RiceTheme Felan Framework allows Reflected XSS. This issue affects Felan Framework: from n/a through 1.1.3...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
Rows per page
Query Builder