Lucene search
+L
VulnrichmentRecent

163619 matches found

vulnrichment
vulnrichment
added 2026/06/15 8:17 p.m.10 views

CVE-2026-39492 WordPress WP Maps plugin <= 4.9.1 - SQL Injection vulnerability

Unauthenticated SQL Injection in WP Maps = 4.9.1 versions...

9.3CVSS5.7AI score0.00363EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2026/06/15 8:17 p.m.10 views

CVE-2026-39491 WordPress JupiterX Core plugin <= 4.14.1 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting XSS in JupiterX Core = 4.14.1 versions...

6.5CVSS5.1AI score0.00229EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 8:17 p.m.10 views

CVE-2026-39489 WordPress Download Monitor plugin <= 5.1.9 - Non-Arbitrary File Download vulnerability

Author Arbitrary File Download in Download Monitor = 5.1.9 versions...

4.4CVSS5.2AI score0.00337EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 8:17 p.m.9 views

CVE-2026-39481 WordPress Modula Image Gallery plugin <= 2.14.18 - PHP Object Injection vulnerability

Author PHP Object Injection in Modula Image Gallery = 2.14.18 versions...

7.2CVSS5.3AI score0.00446EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 8:17 p.m.8 views

CVE-2026-39480 WordPress Backup Migration plugin <= 2.1.1 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Backup Migration = 2.1.1 versions...

7.5CVSS5.2AI score0.00376EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 8:17 p.m.7 views

CVE-2026-39474 WordPress Post Duplicator plugin <= 3.0.10 - PHP Object Injection vulnerability

Contributor PHP Object Injection in Post Duplicator = 3.0.10 versions...

8.8CVSS5.3AI score0.00428EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 8:17 p.m.7 views

CVE-2026-39478 WordPress Anti-Malware Security and Brute-Force Firewall plugin <= 4.23.87 - PHP Object Injection vulnerability

Contributor PHP Object Injection in Anti-Malware Security and Brute-Force Firewall = 4.23.87 versions...

8.8CVSS5.3AI score0.00428EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 8:17 p.m.6 views

CVE-2026-39472 WordPress WooCommerce PDF Invoices & Packing Slips plugin < 5.9.0 - PHP Object Injection vulnerability

Shop manager PHP Object Injection in WooCommerce PDF Invoices & Packing Slips 5.9.0 versions...

7.2CVSS5.3AI score0.00446EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 8:17 p.m.7 views

CVE-2026-39471 WordPress ShortPixel Image Optimizer plugin <= 6.4.3 - PHP Object Injection vulnerability

Author PHP Object Injection in ShortPixel Image Optimizer = 6.4.3 versions...

7.2CVSS5.4AI score0.00446EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 8:17 p.m.8 views

CVE-2026-39470 WordPress WooCommerce Cart Abandonment Recovery plugin < 2.1.0 - Privilege Escalation vulnerability

Shop manager Privilege Escalation in WooCommerce Cart Abandonment Recovery 2.1.0 versions...

7.2CVSS5.2AI score0.00382EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 8:17 p.m.11 views

CVE-2026-39468 WordPress Meta Box – WordPress Custom Fields Framework plugin <= 5.11.1 - Arbitrary File Deletion vulnerability

Contributor Arbitrary File Deletion in Meta Box – WordPress Custom Fields Framework = 5.11.1 versions...

6.8CVSS5.2AI score0.00355EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 8:17 p.m.6 views

CVE-2026-39465 WordPress Responsive Slider by MetaSlider plugin <= 3.106.0 - Remote Code Execution (RCE) vulnerability

Editor Remote Code Execution RCE in Responsive Slider by MetaSlider = 3.106.0 versions...

9.1CVSS5.5AI score0.0068EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 8:17 p.m.7 views

CVE-2026-39463 WordPress ManageWP Worker plugin <= 4.9.31 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in ManageWP Worker = 4.9.31 versions...

7.1CVSS5.1AI score0.0023EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 8:17 p.m.7 views

CVE-2026-39451 WordPress WP Google Review Slider plugin <= 18.0 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in WP Google Review Slider = 18.0 versions...

6.3CVSS5.1AI score0.00175EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 8:17 p.m.8 views

CVE-2026-39450 WordPress FunnelKit Automations plugin <= 3.7.3 - Broken Authentication vulnerability

Subscriber Broken Authentication in FunnelKit Automations = 3.7.3 versions...

7.1CVSS5.2AI score0.00385EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 8:17 p.m.7 views

CVE-2026-39449 WordPress Contact Form to Any API plugin <= 3.0.3 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Contact Form to Any API = 3.0.3 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 8:17 p.m.11 views

CVE-2026-39447 WordPress Simply Schedule Appointments plugin <= 1.6.10.6 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Simply Schedule Appointments = 1.6.10.6 versions...

7.1CVSS5.1AI score0.00237EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 8:17 p.m.6 views

CVE-2026-39435 WordPress CformsII plugin <= 15.1.3 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in CformsII = 15.1.3 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 8:17 p.m.11 views

CVE-2026-39441 WordPress Feed KuantoKusta for WooCommerce – Free plugin <= 5.3 - SQL Injection vulnerability

Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free = 5.3 versions...

9.3CVSS5.7AI score0.00283EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 8:17 p.m.6 views

CVE-2026-39434 WordPress CTX Feed plugin <= 6.6.26 - PHP Object Injection vulnerability

Shop manager PHP Object Injection in CTX Feed = 6.6.26 versions...

7.2CVSS5.3AI score0.00446EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 8:17 p.m.10 views

CVE-2026-34902 WordPress WooCommerce Product Table Lite plugin <= 4.6.3 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in WooCommerce Product Table Lite = 4.6.3 versions...

7.1CVSS5.2AI score0.00175EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 8:17 p.m.6 views

CVE-2026-34901 WordPress iControlWP plugin <= 5.5.3 - Privilege Escalation vulnerability

Unauthenticated Privilege Escalation in iControlWP = 5.5.3 versions...

9.8CVSS5.2AI score0.00321EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 8:17 p.m.10 views

CVE-2026-34900 WordPress GiveWP plugin <= 4.14.2 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in GiveWP = 4.14.2 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 8:17 p.m.8 views

CVE-2026-34898 WordPress Event Tickets Manager for WooCommerce plugin <= 1.5.3 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Event Tickets Manager for WooCommerce = 1.5.3 versions...

7.5CVSS5.1AI score0.00246EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 8:17 p.m.21 views

CVE-2026-34892 WordPress Rank Math SEO plugin <= 1.0.271 - Broken Access Control vulnerability

Subscriber Broken Access Control in Rank Math SEO = 1.0.271 versions...

6.5CVSS5.1AI score0.00271EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 8:17 p.m.8 views

CVE-2026-34891 WordPress IDPay Payment Gateway for Woocommerce plugin <= 2.2.5 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in IDPay Payment Gateway for Woocommerce = 2.2.5 versions...

7.5CVSS5.2AI score0.00303EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 8:17 p.m.9 views

CVE-2026-34886 WordPress Simple Membership plugin <= 4.7.1 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Simple Membership = 4.7.1 versions...

7.5CVSS5.2AI score0.00251EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 8:17 p.m.12 views

CVE-2026-27407 WordPress AI Engine plugin <= 3.4.9 - Privilege Escalation vulnerability

Editor Privilege Escalation in AI Engine = 3.4.9 versions...

7.2CVSS5.2AI score0.00393EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 8:17 p.m.9 views

CVE-2026-27333 WordPress Paid Videochat Turnkey Site plugin <= 7.3.23 - Deserialization of untrusted data vulnerability

Unauthenticated Deserialization of untrusted data in Paid Videochat Turnkey Site = 7.3.23 versions...

8.1CVSS5.2AI score0.00317EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 8:17 p.m.9 views

CVE-2026-27089 WordPress WpTravelly plugin <= 2.1.7 - Bypass Vulnerability vulnerability

Unauthenticated Bypass Vulnerability in WpTravelly = 2.1.7 versions...

7.5CVSS5.2AI score0.00267EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 8:17 p.m.7 views

CVE-2026-27053 WordPress Broadcast Live Video plugin < 7.1.3 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Broadcast Live Video 7.1.3 versions...

9.8CVSS5.3AI score0.00386EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 8:17 p.m.7 views

CVE-2026-25440 WordPress Essential Addons for Elementor plugin < 6.6.0 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Essential Addons for Elementor 6.6.0 versions...

5.3CVSS5.1AI score0.00214EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 8:17 p.m.9 views

CVE-2026-25425 WordPress User Registration plugin <= 5.1.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in User Registration = 5.1.2 versions...

7.5CVSS5.2AI score0.00372EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 8:17 p.m.7 views

CVE-2026-24637 WordPress PowerPress Podcasting plugin <= 11.15.10 - SQL Injection vulnerability

Contributor SQL Injection in PowerPress Podcasting = 11.15.10 versions...

8.5CVSS5.7AI score0.00253EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 8:17 p.m.8 views

CVE-2026-9691 WordPress Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms = 1.1.1 versions...

9.8CVSS5.3AI score0.00476EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2026/06/15 8:17 p.m.7 views

CVE-2026-23970 WordPress Redirection for Contact Form 7 plugin <= 3.2.8 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Redirection for Contact Form 7 = 3.2.8 versions...

7.1CVSS5.1AI score0.00237EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 8:17 p.m.10 views

CVE-2025-69332 WordPress Bookify plugin <= 1.1.1 - Broken Access Control vulnerability

Subscriber Broken Access Control in Bookify = 1.1.1 versions...

6.5CVSS5.1AI score0.00326EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 8:17 p.m.8 views

CVE-2025-68851 WordPress Okay Toolkit plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Okay Toolkit = 2.3 versions...

7.1CVSS5.1AI score0.00186EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 8:17 p.m.8 views

CVE-2025-68872 WordPress Eli's WordCents adSense Widget with Analytics plugin <= 1.3.03.27 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Elis WordCents adSense Widget with Analytics = 1.3.03.27 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 8:17 p.m.7 views

CVE-2025-68840 WordPress iRobots.txt SEO plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in iRobots.txt SEO = 1.1.2 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 8:17 p.m.7 views

CVE-2025-68049 WordPress bunny.net plugin <= 2.3.6 - Broken Access Control vulnerability

Subscriber Broken Access Control in bunny.net = 2.3.6 versions...

6.3CVSS5.1AI score0.00242EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 8:17 p.m.8 views

CVE-2025-60175 WordPress PopAd Plugin <= 1.0.4 - Server Side Request Forgery (SSRF) Vulnerability

Administrator Server Side Request Forgery SSRF in PopAd = 1.0.4 versions...

4.4CVSS5.2AI score0.00168EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 8:17 p.m.8 views

CVE-2025-59133 WordPress Projectopia plugin <= 5.1.25.2 - Insecure Direct Object References (IDOR) vulnerability

Custom role Insecure Direct Object References IDOR in Projectopia = 5.1.25.2 versions...

7.5CVSS5.2AI score0.00287EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 8:13 p.m.17 views

CVE-2026-48709 OliveTin: ValidateArgumentType API Endpoint Missing Authentication Allows Action and Argument Enumeration

OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, The ValidateArgumentType RPC endpoint in service/internal/api/api.go does not perform any authentication or authorization checks. Unlike all other data-returning API endpoints, it does not cal...

3.7CVSS5.8AI score0.00328EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/06/15 7:59 p.m.12 views

CVE-2026-48708 OliveTin has a Concurrent Template Parsing Race Condition which Leads to Cross-Request Command Contamination

OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, the template engine uses a single shared text/template.Template instance tpl package-level variable in service/internal/tpl/templates.go across all goroutines. Every action execution calls...

7.5CVSS5.7AI score0.00401EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/06/15 7:56 p.m.9 views

CVE-2026-48124 Cursor Desktop sandbox escape via Claude hook configuration

Cursor is a code editor built for programming with AI. In versions prior to 3.0.0, the Cursor Desktop could execute workspace-defined Claude hook commands from .claude/settings.local.json without dedicated user approval. A malicious workspace or agent-created file could configure hooks that run...

8.5CVSS5.5AI score0.00144EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 7:47 p.m.6 views

CVE-2026-47261 Wasmtime: WASI path_open(TRUNCATE) bypasses `FilePerms::WRITE` host restriction

Wasmtime is a runtime for WebAssembly. In versions prior to 24.0.9, 36.0.10, and 44.0.2, when a filesystem preopen is given DirPerms::all and FilePerms::READ without FilePerms::WRITE, this access control mechanism can be bypassed via the wasip2 descriptor.open-at or wasip1 pathopen interfaces by...

7.5CVSS5.2AI score0.00357EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2026/06/15 7:34 p.m.6 views

CVE-2026-47825 Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies in certain situations

Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway Servers. Affected versions: Spring Cloud Gateway 3.1.x fix 3.1.13. Spring Cloud Gateway 4.1.x fix 4.1.13. Spri...

8.6CVSS5.2AI score0.00139EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 7:18 p.m.7 views

CVE-2026-48518 MultiJuicer: Login CSRF allows attacker to force victims into their team

MultiJuicer is used to run separate Juice Shop instances on a central kubernetes cluster without the need for local instances. In versions 8.0.0 through 10.0.0, the team join endpoint POST /multi-juicer/api/teams/team/join accepted requests with any Content-Type, including text/plain. Because tha...

4.3CVSS5.1AI score0.00172EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/06/15 7:15 p.m.6 views

CVE-2026-52718 Gstreamer1-plugins-bad-free: gstreamer: denial of service via av1 tile_list_obu parser byte/bit confusion

A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gstav1parserparsetilelistobu function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into opening a special...

6.5CVSS5.3AI score0.0031EPSS
Exploits0References5
Total number of security vulnerabilities163619