Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Cvelist
Cvelistadded 2 days ago26 views

CVE-2016-20076 WordPress Simple-Backup 2.7.11 Arbitrary File Deletion and Download

WordPress Simple-Backup 2.7.11 contains multiple vulnerabilities that allow unauthenticated attackers to delete arbitrary files and download sensitive files by manipulating the deletebackupfile and downloadbackupfile parameters in tools.php. Attackers can exploit insufficient input validation usi...

8.7CVSS0.00601EPSS
Exploits0References2
Wordfence Blog
Wordfence Blogadded 2026/05/20 10:4 p.m.6 views

How a Webmail Log File Became a Root-Level Backdoor

THREAT ANALYSIS May 2026 · Forensic Case Study A forensic breakdown of how an attacker turned CyberPanel's SnappyMail logging into a persistent webshell that survived every WordPress cleanup attempt. A WordPress site owner reported redirect malware on their site. They found that clicking anywhere...

6.2AI score
Exploits0
Positive Technologies
Positive Technologiesadded 2026/05/17 12:0 a.m.6 views

PT-2026-41552

Google Drive for WordPress 2.2 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by injecting directory traversal sequences in the file name parameter. Attackers can send POST requests to gdrive-ajaxs.php with the ajaxstype parameter set to del ...

8.7CVSS5.9AI score0.00641EPSS
Exploits0References4
CVE
CVEadded 2026/05/15 7:46 a.m.9 views

CVE-2026-6403

The Quick Playground plugin for WordPress (up to version 1.3.3) is vulnerable to a Path Traversal flaw. The root cause is insufficient validation in the qckply_zip_theme() function, which directly appends a user-controlled 'stylesheet' parameter to the theme root directory path without sanitizing...

7.5CVSS5.9AI score0.00811EPSS
Exploits0References11
NVD
NVDadded 2026/03/07 2:16 a.m.3 views

CVE-2026-3352

The Easy PHP Settings plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0.4 via the updatewpmemoryconstants method. This is due to insufficient input validation on the wpmemorylimit and wpmaxmemorylimit settings before writing them to wp-config.php...

7.2CVSS0.00374EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEVadded 2023/12/24 12:0 a.m.1 views

VulnCheck KEV: CVE-2021-24227

The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting the site. Using this attack vector, an attacker could leak important internal files like wp-config.php, which contains database credentials...

7.5CVSS7.1AI score0.05879EPSS
Exploits1References1
CVE
CVEadded 2021/06/21 7:18 p.m.77 views

CVE-2021-24367

CVE-2021-24367 affects the WordPress plugin WP Config File Editor up to version 1.7.1, which contains an Authenticated Stored Cross-Site Scripting (XSS) flaw. The vulnerability arises within the plugin’s admin-facing functionality; exploitation requires authentication (typically an admin). A PoC ...

5.4CVSS5.3AI score0.0062EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder