Lucene search
K
VulnrichmentRecent

161068 matches found

Vulnrichment
Vulnrichment
added last week9 views

CVE-2026-57362 WordPress ChatBot plugin <= 8.3.2 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in ChatBot = 8.3.2 versions...

7.1CVSS5.8AI score0.00191EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week12 views

CVE-2026-57361 WordPress Survey Maker plugin <= 5.2.2.5 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Survey Maker = 5.2.2.5 versions...

7.1CVSS5.8AI score0.00191EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week8 views

CVE-2026-57360 WordPress eCommerce Product Catalog plugin <= 3.5.4 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in eCommerce Product Catalog = 3.5.4 versions...

7.1CVSS5.8AI score0.00191EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week9 views

CVE-2026-57359 WordPress ReviewX plugin <= 2.3.10 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in ReviewX = 2.3.10 versions...

7.1CVSS5.8AI score0.00191EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week8 views

CVE-2026-57358 WordPress Customize My Account for WooCommerce plugin <= 4.3.9 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Customize My Account for WooCommerce = 4.3.9 versions...

7.1CVSS5.8AI score0.00191EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week8 views

CVE-2026-57357 WordPress Search Atlas SEO plugin <= 2.6.6 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Search Atlas SEO = 2.6.6 versions...

7.1CVSS5.8AI score0.00191EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week8 views

CVE-2026-57356 WordPress MC Woocommerce Wishlist plugin <= 1.9.19 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in MC Woocommerce Wishlist = 1.9.19 versions...

7.1CVSS5.8AI score0.00191EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week10 views

CVE-2026-57355 WordPress Classified Listing plugin <= 5.4.2 - Broken Access Control vulnerability

Subscriber Broken Access Control in Classified Listing = 5.4.2 versions...

6.5CVSS5.8AI score0.00299EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week8 views

CVE-2026-57354 WordPress JetReviews plugin <= 3.0.0.1 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting XSS in JetReviews = 3.0.0.1 versions...

6.5CVSS5.8AI score0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week8 views

CVE-2026-57353 WordPress Link Whisper Premium plugin <= 2.9.0 - Broken Access Control vulnerability

Subscriber Broken Access Control in Link Whisper Premium = 2.9.0 versions...

6.5CVSS5.8AI score0.00299EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week9 views

CVE-2026-57352 WordPress ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce plugin <= 2.2.0 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce = 2.2.0 versions...

4.8CVSS5.8AI score0.0021EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week8 views

CVE-2026-57351 WordPress HandL UTM Grabber plugin <= 2.9.2 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in HandL UTM Grabber = 2.9.2 versions...

7.1CVSS5.8AI score0.00191EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week9 views

CVE-2026-57350 WordPress WP Debugging plugin <= 2.12.2 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in WP Debugging = 2.12.2 versions...

7.1CVSS5.8AI score0.00191EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week9 views

CVE-2026-57348 WordPress Paid Member Subscriptions plugin <= 3.0.4 - Server Side Request Forgery (SSRF) vulnerability

Unauthenticated Server Side Request Forgery SSRF in Paid Member Subscriptions = 3.0.4 versions...

7.2CVSS5.8AI score0.00203EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week9 views

CVE-2026-57347 WordPress Hotel Booking Lite plugin <= 6.0.3 - Sensitive Data Exposure vulnerability

Subscriber Sensitive Data Exposure in Hotel Booking Lite = 6.0.3 versions...

6.5CVSS5.8AI score0.00371EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week9 views

CVE-2026-57345 WordPress Internal Links Manager plugin <= 3.0.3 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Internal Links Manager = 3.0.3 versions...

7.1CVSS5.8AI score0.00191EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week8 views

CVE-2026-57344 WordPress Classified Listing plugin <= 5.4.2 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Classified Listing = 5.4.2 versions...

7.1CVSS5.8AI score0.00191EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week9 views

CVE-2026-57343 WordPress Real Estate 7 theme <= 3.5.9 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Real Estate 7 = 3.5.9 versions...

7.1CVSS5.8AI score0.00191EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week10 views

CVE-2026-57342 WordPress ShortPixel Adaptive Images plugin <= 3.11.3 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting XSS in ShortPixel Adaptive Images = 3.11.3 versions...

6.5CVSS5.8AI score0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week9 views

CVE-2026-49779 WordPress Tax Exempt for WooCommerce plugin <= 1.9.3 - Path Traversal vulnerability

Customer Path Traversal in Tax Exempt for WooCommerce = 1.9.3 versions...

6.5CVSS5.8AI score0.00343EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week8 views

CVE-2026-42382 WordPress Audrey theme <= 1.5 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Audrey = 1.5 versions...

8.1CVSS5.8AI score0.00303EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week9 views

CVE-2026-39448 WordPress NOWPayments for WooCommerce plugin <= 1.4.0 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in NOWPayments for WooCommerce = 1.4.0 versions...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week8 views

CVE-2026-27436 WordPress Five Star Business Profile and Schema plugin <= 2.3.19 - Arbitrary Code Execution vulnerability

Editor Arbitrary Code Execution in Five Star Business Profile and Schema = 2.3.19 versions...

9.1CVSS5.9AI score0.00397EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week6 views

CVE-2026-27430 WordPress TheFox theme <= 3.9.76 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in TheFox = 3.9.76 versions...

7.1CVSS5.8AI score0.00191EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week9 views

CVE-2026-27433 WordPress Motors theme <= 5.6.80 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Motors = 5.6.80 versions...

6.5CVSS5.8AI score0.00253EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week6 views

CVE-2026-27426 WordPress Automotive Car Dealership Business theme <= 13.3.3 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Automotive Car Dealership Business = 13.3.3 versions...

7.1CVSS5.8AI score0.00191EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week5 views

CVE-2026-27425 WordPress Automotive Listings plugin <= 18.6 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Automotive Listings = 18.6 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week7 views

CVE-2026-27419 WordPress Zegen theme <= 1.1.9 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in Zegen = 1.1.9 versions...

9.9CVSS5.8AI score0.00362EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week6 views

CVE-2026-27414 WordPress Werkstatt theme <= 4.8.3 - PHP Object Injection vulnerability

Contributor PHP Object Injection in Werkstatt = 4.8.3 versions...

8.8CVSS5.8AI score0.00288EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week7 views

CVE-2026-27412 WordPress Pearl - Corporate Business theme <= 3.4.10 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Pearl - Corporate Business = 3.4.10 versions...

8.1CVSS5.8AI score0.00282EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week6 views

CVE-2026-27408 WordPress NativeChurch theme <= 4.8.8.2 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in NativeChurch = 4.8.8.2 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week8 views

CVE-2026-27404 WordPress LMS theme <= 9.7 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in LMS = 9.7 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week9 views

CVE-2026-27060 WordPress ARMember Premium plugin <= 7.0 - PHP Object Injection vulnerability

Contributor PHP Object Injection in ARMember Premium = 7.0 versions...

8.8CVSS5.8AI score0.00288EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week9 views

CVE-2025-69156 WordPress Kids Zone - Children WordPress Theme theme <= 5.4 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Kids Zone - Children WordPress Theme = 5.4 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week9 views

CVE-2025-69155 WordPress Fitness Zone WordPress Theme theme <= 5.7 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Fitness Zone WordPress Theme = 5.7 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week7 views

CVE-2025-69154 WordPress SpaLab | Beauty Salon WordPress Theme theme <= 6.7 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in SpaLab | Beauty Salon WordPress Theme = 6.7 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week7 views

CVE-2025-69153 WordPress Trendy Travel theme <= 6.7 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Trendy Travel = 6.7 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week8 views

CVE-2025-69152 WordPress Artale | Wedding Photography WordPress theme <= 2.2.2 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Artale | Wedding Photography WordPress = 2.2.2 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week8 views

CVE-2025-69134 WordPress OpenAI Chatbot for WordPress – Helper plugin <= 1.1.4 - Arbitrary Content Deletion vulnerability

Unauthenticated Arbitrary Content Deletion in OpenAI Chatbot for WordPress – Helper = 1.1.4 versions...

7.5CVSS5.8AI score0.003EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week8 views

CVE-2025-69133 WordPress Tourmaster plugin <= 5.4.5 - Local File Inclusion vulnerability

Subscriber Local File Inclusion in Tourmaster = 5.4.5 versions...

7.5CVSS5.8AI score0.004EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week9 views

CVE-2025-69132 WordPress Corpkit theme <= 1.0.5 - Sensitive Data Exposure vulnerability

Subscriber Sensitive Data Exposure in Corpkit = 1.0.5 versions...

6.5CVSS5.8AI score0.00355EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week8 views

CVE-2025-69094 WordPress Unicamp theme <= 2.2.2 - SQL Injection vulnerability

Subscriber SQL Injection in Unicamp = 2.2.2 versions...

8.5CVSS5.8AI score0.00278EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week11 views

CVE-2025-66076 WordPress Woostify Sites Library plugin <= 1.6.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Woostify Sites Library = 1.6.2 versions...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week9 views

CVE-2025-58902 WordPress Lighthouse theme <= 1.2.12 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Lighthouse = 1.2.12 versions...

8.1CVSS5.9AI score0.00282EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week8 views

CVE-2026-11946 GetEndpoints Memory Exhaustion in open62541

An unauthenticated remote attacker can exhaust server memory via the GetEndpoints Discovery Service in open62541. The endpointUrl field of GetEndpointsRequest is not validated for length. An attacker can declare an arbitrarily large string up to 4.09 GB via the UInt32 length field delivered acros...

7.5CVSS5.8AI score0.00386EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added last week9 views

CVE-2026-54431 Improper Data Validation in liboauth2

In liboauth2 the Demonstrating Proof-of-Possession DPoP verifier accepts a proof whose JSON Web Key jwk header contains private key material. RFC 9449 section 4.3 step 7 requires the verifier to reject such a proof but oauth2tokenverify function returns success for a malformed DPoP proof that...

5.1CVSS5.8AI score0.00128EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added last week8 views

CVE-2026-54430 Server-Site Request Forgery in liboauth2

liboauth2 is vulnerable to Server-Side Request Forgery in oauth2josejwksawsalbresolve function. The AWS ALB verifier reads both signer and kid from the unverified JWT header. If signer matches the configured ARN, kid is appended to albbaseurl without URL encoding or path sanitization, and the HTT...

5.1CVSS5.9AI score0.00121EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added last week10 views

CVE-2026-8441 WP Review Slider Pro <= 12.7.2 - Unauthenticated SQL Injection via 'notinstring' Parameter

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'notinstring' parameter of the wprploadmorerevs AJAX action in versions up to, and including, 12.7.2. The parameter is read via $POST'notinstring' and passed through sanitizetextfield — which strips HTML and...

7.5CVSS6AI score0.00374EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added last week10 views

CVE-2026-13369 Ninja Forms - File Uploads <= 3.3.29 - Unauthenticated Arbitrary File Read via File Upload Field 'files[].data.file_path' Parameter

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to Arbitrary File Read via the attachfiles function in versions up to, and including, 3.3.29. This is due to the getfilesforattachment function accepting a raw attacker-controlled 'files' array when the process method returns early...

7.5CVSS6AI score0.00522EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added last week9 views

CVE-2026-13251 Perfmatters <= 2.6.4 - Unauthenticated Arbitrary File Read via 's' Parameter

The Perfmatters plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.4 via the 's' parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information...

7.5CVSS5.9AI score0.0082EPSS
Exploits0References3
Total number of security vulnerabilities161068