Lucene search
K
VulnrichmentRecent

162703 matches found

Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.9 views

CVE-2026-34888 WordPress Bricksforge plugin <= 3.1.8.4 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Bricksforge = 3.1.8.4 versions...

7.5CVSS5.2AI score0.00303EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.8 views

CVE-2026-27410 WordPress Slimstat Analytics plugin < 5.4.0 - Deserialization of untrusted data vulnerability

Unauthenticated Deserialization of untrusted data in Slimstat Analytics 5.4.0 versions...

6.5CVSS5.2AI score0.00252EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.8 views

CVE-2026-27400 WordPress BookPro plugin <= 1.1.0 - Arbitrary File Deletion vulnerability

Unauthenticated Arbitrary File Deletion in BookPro = 1.1.0 versions...

8.6CVSS5.2AI score0.0054EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.7 views

CVE-2026-27041 WordPress Unlimited Elements for Elementor (Premium) plugin <= 2.0.6 - Arbitrary File Upload vulnerability

Contributor Arbitrary File Upload in Unlimited Elements for Elementor Premium = 2.0.6 versions...

9.9CVSS5.2AI score0.00319EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.4 views

CVE-2026-25446 WordPress WishList Member X plugin <= 3.29.0 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in WishList Member X = 3.29.0 versions...

9.9CVSS5.2AI score0.00434EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.8 views

CVE-2026-25439 WordPress Booknetic plugin <= 4.8.5 - Account Takeover vulnerability

Unauthenticated Broken Authentication in Booknetic = 4.8.5 versions...

8.1CVSS5.2AI score0.00322EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.11 views

CVE-2026-24611 WordPress MetForm Pro plugin <= 3.9.1 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in MetForm Pro = 3.9.1 versions...

9.1CVSS5.1AI score0.00437EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.7 views

CVE-2026-24610 WordPress MetForm Pro plugin <= 3.9.1 - Broken Access Control vulnerability

Subscriber Broken Access Control in MetForm Pro = 3.9.1 versions...

4.3CVSS5.2AI score0.00243EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.7 views

CVE-2026-24575 WordPress WishList Member X plugin <= 3.29.0 - Broken Access Control vulnerability

Subscriber Broken Access Control in WishList Member X = 3.29.0 versions...

4.3CVSS5.1AI score0.00259EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.7 views

CVE-2026-22343 WordPress WordPress Dating Theme theme <= 11.2.0 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in WordPress Dating Theme = 11.2.0 versions...

8.6CVSS5.1AI score0.00261EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.6 views

CVE-2026-22342 WordPress WordPress Dating Theme theme <= 11.2.0 - Cross Site Request Forgery (CSRF) to Account Takeover vulnerability

Unauthenticated Cross Site Request Forgery CSRF in WordPress Dating Theme = 11.2.0 versions...

8.8CVSS5.2AI score0.00184EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.8 views

CVE-2026-22339 WordPress WPJobster theme <= 6.3.5 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in WPJobster = 6.3.5 versions...

7.1CVSS5.2AI score0.0023EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.9 views

CVE-2026-22338 WordPress EcoBlue theme <= 1.15 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in EcoBlue = 1.15 versions...

8.1CVSS5.2AI score0.00338EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.9 views

CVE-2026-22335 WordPress WooCommerce Frontend Manager – Ultimate plugin < 6.7.7 - SQL Injection vulnerability

Subscriber SQL Injection in WooCommerce Frontend Manager – Ultimate 6.7.7 versions...

8.5CVSS5.9AI score0.00347EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.6 views

CVE-2026-22334 WordPress Woocommerce Book Price plugin <= 1.3 - Arbitrary File Download vulnerability

Subscriber Arbitrary File Download in Woocommerce Book Price = 1.3 versions...

7.5CVSS5.2AI score0.00467EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.11 views

CVE-2026-22332 WordPress Tutor LMS Pro plugin <= 3.9.6 - SQL Injection vulnerability

Unauthenticated SQL Injection in Tutor LMS Pro = 3.9.6 versions...

9.3CVSS5.8AI score0.00283EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.6 views

CVE-2026-22331 WordPress AutoParts theme <= 1.5.8 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in AutoParts = 1.5.8 versions...

8.1CVSS5.2AI score0.00363EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.7 views

CVE-2026-22330 WordPress Right Way theme <= 4.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Right Way = 4.0 versions...

8.1CVSS5.2AI score0.00363EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.6 views

CVE-2026-22329 WordPress Skillate theme <= 1.2.10 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Skillate = 1.2.10 versions...

7.1CVSS5.2AI score0.00186EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.7 views

CVE-2026-22328 WordPress Auto Repair theme <= 22.6 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Auto Repair = 22.6 versions...

7.1CVSS5.1AI score0.00244EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.19 views

CVE-2026-22327 WordPress Restaurt theme <= 1.0.4 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in Restaurt = 1.0.4 versions...

9.9CVSS5.2AI score0.00465EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.5 views

CVE-2026-22326 WordPress Reprizo theme <= 1.0.8 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Reprizo = 1.0.8 versions...

8.1CVSS5.2AI score0.00338EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.5 views

CVE-2026-22325 WordPress Promo theme <= 1.3.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Promo = 1.3.0 versions...

8.1CVSS5.2AI score0.00363EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.7 views

CVE-2026-9690 WordPress WP Media folder Addon plugin <= 4.0.1 - Arbitrary File Download vulnerability

Unauthenticated Arbitrary File Download in WP Media folder Addon = 4.0.1 versions...

7.5CVSS5.2AI score0.00467EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.8 views

CVE-2025-69179 WordPress Support Ticket Management System plugin <= 1.9 - Privilege Escalation vulnerability

Unauthenticated Privilege Escalation in Support Ticket Management System = 1.9 versions...

9.8CVSS5.2AI score0.0045EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.6 views

CVE-2025-69173 WordPress Tipsy theme <= 1.1 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Tipsy = 1.1 versions...

8.1CVSS5.1AI score0.00435EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.6 views

CVE-2025-69172 WordPress Resurs theme <= 1.3 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Resurs = 1.3 versions...

8.1CVSS5.2AI score0.00435EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.6 views

CVE-2025-69171 WordPress Orpheus theme <= 1.3 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Orpheus = 1.3 versions...

8.1CVSS5.1AI score0.00348EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.5 views

CVE-2025-69161 WordPress Snowy theme <= 1.13 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Snowy = 1.13 versions...

8.1CVSS5.2AI score0.00348EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.9 views

CVE-2025-69148 WordPress Quirky theme <= 1.23 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Quirky = 1.23 versions...

8.1CVSS5.2AI score0.00435EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.7 views

CVE-2025-69138 WordPress Genemy theme <= 1.6.6 - Privilege Escalation vulnerability

Subscriber Privilege Escalation in Genemy = 1.6.6 versions...

8.8CVSS5.1AI score0.00389EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.6 views

CVE-2025-69145 WordPress Gat theme <= 1.16 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Gat = 1.16 versions...

8.1CVSS5.2AI score0.00348EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.10 views

CVE-2025-69135 WordPress Events Schedule - WordPress Events Calendar Plugin plugin <= 2.7.2 - SQL Injection vulnerability

Subscriber SQL Injection in Events Schedule - WordPress Events Calendar Plugin = 2.7.2 versions...

8.5CVSS5.8AI score0.00342EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.7 views

CVE-2025-69129 WordPress WordPress & WooCommerce Scraper Plugin, Import Data from Any Site plugin <= 1.0.7 - Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site = 1.0.7 versions...

10CVSS5.2AI score0.00432EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.7 views

CVE-2025-69117 WordPress Ingenioso theme <= 1.14.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Ingenioso = 1.14.0 versions...

8.1CVSS5.2AI score0.00435EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.9 views

CVE-2025-69110 WordPress AirSupply theme <= 2.0.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in AirSupply = 2.0.0 versions...

8.1CVSS5.2AI score0.00435EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.8 views

CVE-2025-60223 WordPress WPBot Pro Wordpress Chatbot plugin <= 13.6.5 - Arbitrary File Deletion vulnerability

Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot = 13.6.5 versions...

7.7CVSS5.2AI score0.0045EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.6 views

CVE-2025-60218 WordPress PT Luxa Addons Plugin <= 1.2.2 - Arbitrary File Upload Vulnerability

Subscriber Arbitrary File Upload in PT Luxa Addons = 1.2.2 versions...

9.9CVSS5.2AI score0.00447EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.6 views

CVE-2025-60205 WordPress ThemeREX Addons plugin <= 2.36.1.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in ThemeREX Addons = 2.36.1.1 versions...

9.8CVSS5.8AI score0.00525EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.7 views

CVE-2025-59563 WordPress Sonaar theme <= 4.27.4 - Privilege Escalation vulnerability

Subscriber Privilege Escalation in Sonaar = 4.27.4 versions...

8.8CVSS5.2AI score0.00378EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.7 views

CVE-2025-59560 WordPress Sonaar theme <= 4.27.4 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Sonaar = 4.27.4 versions...

7.1CVSS5.2AI score0.0023EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.6 views

CVE-2025-58953 WordPress Joly theme <= 1.22.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Joly = 1.22.0 versions...

8.1CVSS5.2AI score0.00423EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.6 views

CVE-2025-58952 WordPress Neuronet theme < 1.14.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Neuronet 1.14.0 versions...

8.1CVSS5.2AI score0.00338EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.7 views

CVE-2024-49269 WordPress my flatonica theme <= 0.0.8 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in my flatonica = 0.0.8 versions...

7.1CVSS5.2AI score0.00241EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:30 a.m.7 views

CVE-2026-12165 Contest Gallery <= 30.0.2 - Authenticated (Author+) Privilege Escalation via 'RegistryUserRole' Parameter

The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 30.0.2 via the RegistryUserRole parameter. This is due to the plugin's admin menu being registered at the editposts...

8.8CVSS5.3AI score0.00408EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/17 9:30 a.m.9 views

CVE-2026-12115 Counter Box <= 2.0.13 - Authenticated (Administrator+) PHP Object Injection via Import

The Counter Box – Add Countdowns, Timers & Dynamic Counters to WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.13 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level...

6.6CVSS6.1AI score0.00535EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/17 9:0 a.m.8 views

CVE-2026-47340 Apache DolphinScheduler: An incorrect authorization vulnerability allows authenticated users to access alert instances associated with alert groups they do not have permission to access.

Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...

5.4AI score0.00433EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 8:57 a.m.7 views

CVE-2026-32967 Apache DolphinScheduler: The `/v2` experimental interface lacks permission checks

Incorrect Authorization vulnerability of /v2 experimental interface in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...

5.2AI score0.00337EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 8:56 a.m.7 views

CVE-2026-42357 Apache DolphinScheduler: Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access.

Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access. This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue...

5.2AI score0.00312EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 8:55 a.m.8 views

CVE-2026-41280 Apache DolphinScheduler: Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects

Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue...

5AI score0.00437EPSS
Exploits0References1
Total number of security vulnerabilities162703