Lucene search
K
VulnrichmentRecent

162168 matches found

Vulnrichment
Vulnrichment
added 2026/06/17 1:40 p.m.7 views

CVE-2026-54815 WordPress Cargo Shipping Location for WooCommerce plugin <= 5.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cargo RD Cargo Shipping Location for WooCommerce allows Blind SQL Injection. This issue affects Cargo Shipping Location for WooCommerce: from n/a through 5.6...

9.3CVSS5.6AI score0.00236EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 1:37 p.m.7 views

CVE-2026-54816 WordPress Advanced Ads plugin <= 2.0.21 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Monetizemore Advanced Ads allows Remote Code Inclusion. This issue affects Advanced Ads: from n/a through 2.0.21...

7.5CVSS5.4AI score0.00292EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 1:36 p.m.7 views

CVE-2026-54817 WordPress MStore API plugin <= 4.18.4 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder MStore API allows Password Recovery Exploitation. This issue affects MStore API: from n/a through 4.18.4...

6.5CVSS5.2AI score0.00261EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 1:35 p.m.7 views

CVE-2026-54818 WordPress Slimstat Analytics plugin <= 5.4.11 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VeronaLabs Slimstat Analytics allows Blind SQL Injection. This issue affects Slimstat Analytics: from n/a through 5.4.11...

8.5CVSS5.6AI score0.00211EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 1:25 p.m.7 views

CVE-2026-54417 Integer Overflow in rxi/microtar mtar_next() Causes Infinite Loop DoS

An integer overflow in the mtarnext function in src/microtar.c in rxi microtar 0.1.0 allows a remote attacker to cause a denial of service uncontrolled CPU consumption / infinite loop via a crafted tar archive. mtarnext computes the offset to the next record as rounduph.size, 512 +...

8.7CVSS5.5AI score0.00417EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/17 1:16 p.m.7 views

CVE-2026-54819 WordPress Listdom plugin <= 5.4.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Webilia Inc. Listdom allows Blind SQL Injection. This issue affects Listdom: from n/a through 5.4.0...

9.3CVSS5.6AI score0.00236EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 1:15 p.m.7 views

CVE-2025-60230 WordPress The Barber Shop theme <= 1.9 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection. This issue affects The Barber Shop: from n/a through 1.9...

9.8CVSS5.3AI score0.00426EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 1:14 p.m.8 views

CVE-2026-10641 Out-of-bounds write in Bluetooth HFP Hands-Free CIND indicator parsing (cind_handle_values)

Zephyr's Bluetooth Classic Hands-Free Profile HFP Hands-Free role parser subsys/bluetooth/host/classic/hfphf.c contains an out-of-bounds write. During Service Level Connection setup the HF sends AT+CIND=? and parses the AG's +CIND: response in cindhandle, which assigns a per-entry counter index a...

7.1CVSS5.5AI score0.00282EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/17 1:12 p.m.8 views

CVE-2025-60229 WordPress Lagom theme <= 2.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Themeton Lagom allows Object Injection. This issue affects Lagom: from n/a through 2.0...

9.8CVSS5.2AI score0.00426EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 1:7 p.m.9 views

CVE-2026-49268 Apache Shiro: LDAP DN Injection in DefaultLdapRealm

A remote attacker can inject LDAP special characters into the Distinguished Name DN construction in DefaultLdapRealm class. User-supplied username input is directly concatenated into the LDAP DN template without any escaping of RFC 2253 special characters. This allows an attacker to manipulate th...

8.8CVSS5.3AI score0.00494EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.5 views

CVE-2026-52716 WordPress WorkScout-Core plugin <= 1.7.11 - Arbitrary File Deletion vulnerability

Unauthenticated Arbitrary File Deletion in WorkScout-Core = 1.7.11 versions...

6.5CVSS5.2AI score0.00351EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.5 views

CVE-2026-52707 WordPress Kastell theme <= 2.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Kastell = 2.0 versions...

8.1CVSS5.2AI score0.00428EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.7 views

CVE-2026-49108 WordPress Moderno theme < 1.43 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Moderno 1.43 versions...

9.8CVSS5.4AI score0.00304EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.7 views

CVE-2026-40757 WordPress Château theme <= 1.2.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Château = 1.2.1 versions...

8.1CVSS5.4AI score0.0025EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.9 views

CVE-2026-40756 WordPress Zoya theme <= 1.4 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Zoya = 1.4 versions...

8.1CVSS5.3AI score0.0025EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.7 views

CVE-2026-40752 WordPress Manufaktur Solutions theme <= 1.1.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Manufaktur Solutions = 1.1.1 versions...

8.1CVSS5.4AI score0.00308EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.8 views

CVE-2026-40738 WordPress Eldon theme <= 1.4.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Eldon = 1.4.1 versions...

8.1CVSS5.4AI score0.00308EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.6 views

CVE-2026-40720 WordPress Royal Elementor Addons Pro plugin < 1.7.1041 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Royal Elementor Addons Pro 1.7.1041 versions...

7.1CVSS5.2AI score0.00175EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.7 views

CVE-2026-40733 WordPress ShiftUp theme <= 1.3 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in ShiftUp = 1.3 versions...

8.1CVSS5.3AI score0.00308EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.12 views

CVE-2026-39590 WordPress Atomlab theme <= 2.4.5 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Atomlab = 2.4.5 versions...

8.1CVSS5.2AI score0.00338EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.7 views

CVE-2026-39576 WordPress SingleMalt theme <= 1.5 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in SingleMalt = 1.5 versions...

8.1CVSS5.4AI score0.00395EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.7 views

CVE-2026-39560 WordPress Hiroshi theme <= 1.5.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Hiroshi = 1.5.1 versions...

8.1CVSS5.4AI score0.00308EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.8 views

CVE-2026-39559 WordPress Uppercase theme < 1.2.2 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Uppercase 1.2.2 versions...

8.1CVSS5.2AI score0.00338EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.6 views

CVE-2026-39556 WordPress Konsept theme <= 1.9 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Konsept = 1.9 versions...

8.1CVSS5.3AI score0.00308EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.7 views

CVE-2026-39523 WordPress Solene Core plugin <= 2.3.2 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Solene Core = 2.3.2 versions...

8.1CVSS5.2AI score0.00338EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.8 views

CVE-2026-39442 WordPress PressMart theme <= 1.2.26 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in PressMart = 1.2.26 versions...

8.1CVSS5.3AI score0.00308EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.7 views

CVE-2026-39445 WordPress Alukas theme < 3.0.0 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Alukas 3.0.0 versions...

8.1CVSS5.4AI score0.00395EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.8 views

CVE-2025-69175 WordPress Line Agency theme <= 1.3.1 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Line Agency = 1.3.1 versions...

8.1CVSS5.2AI score0.00348EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.7 views

CVE-2025-69174 WordPress Etude theme <= 1.6 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Etude = 1.6 versions...

8.1CVSS5.2AI score0.00348EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.6 views

CVE-2025-69166 WordPress Gunslinger theme <= 1.7 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Gunslinger = 1.7 versions...

8.1CVSS5.2AI score0.00435EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.6 views

CVE-2025-69158 WordPress Granola theme <= 1.13 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Granola = 1.13 versions...

8.1CVSS5.2AI score0.00348EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.8 views

CVE-2025-69164 WordPress Skyward theme <= 1.10 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Skyward = 1.10 versions...

8.1CVSS5.8AI score0.00348EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.7 views

CVE-2025-69157 WordPress Gamic theme <= 1.15 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Gamic = 1.15 versions...

8.1CVSS5.2AI score0.00435EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.6 views

CVE-2025-69140 WordPress SweetDate Core plugin < 1.1.5 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in SweetDate Core 1.1.5 versions...

7.1CVSS5.1AI score0.0018EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.8 views

CVE-2025-69144 WordPress Preservation theme <= 1.10 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Preservation = 1.10 versions...

8.1CVSS5.8AI score0.00348EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.9 views

CVE-2025-69130 WordPress Entrepreneur - Booking for Small Businesses WordPress Theme theme <= 3.1.3 - PHP Object Injection vulnerability

Subscriber PHP Object Injection in Entrepreneur - Booking for Small Businesses WordPress Theme = 3.1.3 versions...

8.8CVSS5.4AI score0.00482EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.8 views

CVE-2025-69127 WordPress Plumbing theme <= 1.6 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Plumbing = 1.6 versions...

9.8CVSS5.4AI score0.00386EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.9 views

CVE-2025-69126 WordPress Fortius theme <= 2.3.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Fortius = 2.3.0 versions...

8.1CVSS5.2AI score0.00348EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.11 views

CVE-2025-69120 WordPress Dazzle theme <= 1.0.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Dazzle = 1.0.0 versions...

8.1CVSS5.1AI score0.00435EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.11 views

CVE-2025-69123 WordPress Snow Club theme <= 1.1 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Snow Club = 1.1 versions...

8.1CVSS5.2AI score0.00348EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.11 views

CVE-2025-69115 WordPress LuxMed | Medicine & Healthcare Doctor WordPress Theme theme <= 1.2.2 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme = 1.2.2 versions...

8.1CVSS5.2AI score0.00348EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.7 views

CVE-2025-69111 WordPress Reisen theme <= 1.4.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Reisen = 1.4.1 versions...

9.8CVSS5.3AI score0.00386EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.8 views

CVE-2025-69106 WordPress Imba theme <= 1.5.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Imba = 1.5.0 versions...

8.1CVSS5.2AI score0.00435EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.5 views

CVE-2025-68524 WordPress Avante theme < 3.0.5 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Avante 3.0.5 versions...

7.1CVSS5.1AI score0.0023EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.12 views

CVE-2025-59554 WordPress Advanced Ads – Tracking plugin < 3.0.7 - SQL Injection vulnerability

Unauthenticated SQL Injection in Advanced Ads – Tracking 3.0.7 versions...

9.3CVSS5.8AI score0.00383EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.7 views

CVE-2025-15657 WordPress School Management plugin <= 93.1.0 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in School Management = 93.1.0 versions...

5.3CVSS5.2AI score0.00228EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.7 views

CVE-2026-54193 WordPress Fusion Builder plugin <= 3.15.4 - Arbitrary File Deletion vulnerability

Contributor Arbitrary File Deletion in Fusion Builder = 3.15.4 versions...

7.7CVSS5.2AI score0.00337EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:32 p.m.6 views

CVE-2025-59872 HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability,

HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability, If the server is configured to execute code, then it may be possible to obtain command execution on the server by uploading a file known as a web shell, which allows you to execute arbitrary code or operating system command...

4.3CVSS6AI score0.00454EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:18 p.m.8 views

CVE-2026-11975 Stored Cross-Site Scripting (XSS) in SimplCommerce News Module Admin Interface

Stored cross-site scripting XSS in NewsItemApiController In SimplCommerce prior to commit 6142d3b5 allows an authenticated administrator to execute arbitrary JavaScript via the ShortContent and FullContent fields, which are stored without HTML sanitization and rendered unencoded via @Html.Raw...

6.2CVSS5.3AI score0.00256EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/17 12:17 p.m.8 views

CVE-2025-62340 HCL iControl was affected by Inadequate Session Timeout vulnerability

HCL iControl was affected by Inadequate Session Timeout vulnerability. The vulnerability involves a security risk where a web application fails to automatically terminate user sessions after a period of inactivity...

3.1CVSS5.2AI score0.00204EPSS
Exploits0References1
Total number of security vulnerabilities162168