Lucene search
K

370190 matches found

CVE
CVE
added 2026/07/01 5:22 a.m.18 views

CVE-2026-12579

Technical details (affected products, root cause, remediation) are not publicly available in the provided documents. Monitor for updates from vendors and CVE/NVD entries.

7.4CVSS5.8AI score0.00273EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 4:32 a.m.11 views

CVE-2026-11380

The CVE-2026-11380 entry concerns the WordPress plugin JetWidgets For Elementor. Affected: JetWidgets For Elementor (WordPress) versions up to and including 1.0.21. Vulnerability: Stored Cross-Site Scripting due to insufficient output escaping and missing server-side validation of the Animated Bo...

6.4CVSS5.9AI score0.00156EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:32 a.m.16 views

CVE-2026-11988

CVE-2026-11988 affects LearnPress

6.5CVSS5.8AI score0.00275EPSS
Exploits0References8
CVE
CVE
added 2026/07/01 4:32 a.m.23 views

CVE-2026-6070

The WP-BusinessDirectory WordPress plugin (versions up to and including 4.0.1) is vulnerable to unauthenticated arbitrary file deletion via path traversal. The issue stems from insufficient path validation in the remove() method of JBusinessDirectoryControllerUpload. The task=upload.remove endpoi...

9.1CVSS5.8AI score0.00409EPSS
Exploits0References5
CVE
CVE
added 2026/07/01 4:32 a.m.11 views

CVE-2026-12127

WPForms – Easy Form Builder for WordPress (WordPress plugin WPForms Lite) versions up to 1.10.2 are vulnerable to CRLF header injection in outgoing notification emails. The root cause is improper neutralization of CRLF sequences: get_reply_to_address() expands the Reply-To display name with conte...

5.3CVSS5.9AI score0.00343EPSS
Exploits0References11
CVE
CVE
added 2026/07/01 4:32 a.m.11 views

CVE-2026-12113

The WordPress plugin Appointment Booking Calendar (versions

4.3CVSS5.8AI score0.00228EPSS
Exploits0References8
CVE
CVE
added 2026/07/01 4:32 a.m.14 views

CVE-2026-2387

The CVE-2026-2387 entry concerns the WordPress Event Organiser plugin (versions up to and including 3.12.9). The vulnerability is a Stored Cross-Site Scripting flaw in the eo_events shortcode: attacker-controlled no_events content is rendered in event list templates without output escaping, allow...

6.4CVSS5.9AI score0.00156EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:32 a.m.18 views

CVE-2026-11981

The CVE-2026-11981 entry concerns the WordPress GiveWP plugin (affected: versions up to 4.15.3) with a Cross-Site Request Forgery vulnerability due to missing nonce validation in give_set_notification_status_handler(). This allows unauthenticated attackers to disable donation email notifications ...

4.3CVSS5.6AI score0.00154EPSS
Exploits0References9
CVE
CVE
added 2026/07/01 4:32 a.m.18 views

CVE-2026-7517

The CVE-2026-7517 entry concerns the Custom Payment Gateways for WooCommerce WordPress plugin. It is vulnerable to Stored Cross-Site Scripting via the alg_wc_cpg_input_fields parameter in all versions up to 2.1.0 due to insufficient input sanitization and output escaping. Exploitation is possible...

7.2CVSS5.9AI score0.00247EPSS
Exploits0References8
CVE
CVE
added 2026/07/01 4:2 a.m.13 views

CVE-2026-55407

Technical details for CVE-2026-55407 are not publicly available in the provided documents. No affected products, impact, or remediation are disclosed. Monitor for updates and additional connected sources.

Exploits0References8
CVE
CVE
added 2026/07/01 3:59 a.m.14 views

CVE-2026-58519

CVE-2026-58519 describes an Stored XSS in The Wikimedia Foundation MediaWiki Cargo Extension caused by improper neutralization of input during web page generation. Affected software is MediaWiki Cargo Extension prior to version 3.9.1. The connected sources confirm the vulnerability and its scope ...

6.9CVSS5.8AI score0.00134EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/01 3:52 a.m.19 views

CVE-2026-58518

The CVE-2026-58518 entry describes a CSRF vulnerability in the MediaWiki RedirectManager Extension prior to version 1.3.3. The affected component is the RedirectManager Extension for MediaWiki; the documented impact is Cross-Site Request Forgery, but no exploitation details, specific vulnerable f...

6.9CVSS5.8AI score0.00088EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/01 3:43 a.m.13 views

CVE-2026-12135

The CVE-2026-12135 entry concerns the FV Flowplayer Video Player plugin for WordPress. Affected versions are all releases up to 7.5.51.7212, where a Stored Cross-Site Scripting vulnerability exists in the video_player shortcode align attribute due to insufficient input sanitization and output esc...

6.4CVSS5.9AI score0.00205EPSS
Exploits0References6
CVE
CVE
added 2026/07/01 3:43 a.m.13 views

CVE-2026-12090

The Taskbuilder WordPress plugin (Taskbuilder – Project Management & Task Management Tool With Kanban Board) is affected by a generic SQL Injection via the wppm_proj_filter parameter in all versions up to 5.0.8. The root cause is insufficient escaping of the user-supplied parameter and an inadequ...

6.5CVSS5.9AI score0.00319EPSS
Exploits0References9
CVE
CVE
added 2026/07/01 3:43 a.m.17 views

CVE-2026-12923

The Youtube Showcase plugin for WordPress (up to version 4.0.3) is vulnerable to an Arbitrary Function Call via the 'path' parameter in the emd_delete_file() AJAX handler (includes/common-functions.php). A user-supplied value is sanitized, has its trailing '_PLUGIN_DIR' stripped, and is then invo...

7.5CVSS5.9AI score0.00319EPSS
Exploits0References5
CVE
CVE
added 2026/07/01 3:43 a.m.17 views

CVE-2026-12902

Kadence Blocks — Page Builder Toolkit for Gutenberg Editor (WordPress) contains an authorization bypass in all versions up to 3.7.7. Authenticated attackers with contributor-level access can create arbitrary Media Library attachments by downloading remote images into the uploads directory via wp_...

4.3CVSS5.9AI score0.00272EPSS
Exploits0References10
CVE
CVE
added 2026/07/01 3:43 a.m.17 views

CVE-2026-13015

The CVE-2026-13015 entry applies to the WordPress plugin “Wp Google Places Review Slider” (versions up to and including 18.1). The vulnerability is a Reflected Cross-Site Scripting (XSS) in admin/partials/googlecrawl_dfs.php via the 'place' GET parameter. The value from $_GET['place'] is URL-deco...

6.1CVSS5.9AI score0.00211EPSS
Exploits0References5
CVE
CVE
added 2026/07/01 3:43 a.m.23 views

CVE-2026-12110

CVE-2026-12110 relates to the WordPress plugin Taskbuilder – Project Management & Task Management Tool With Kanban Board. All versions up to 5.0.8 are affected by a generic SQL Injection in the task_search parameter caused by insufficient escaping and lack of proper query preparation. This allows...

6.5CVSS5.8AI score0.00328EPSS
Exploits0References11
CVE
CVE
added 2026/07/01 3:43 a.m.18 views

CVE-2026-9107

The CVE-2026-9107 entry concerns the Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin. A Stored Cross-Site Scripting vulnerability exists via the meta[kaliforms_field_components] parameter in all versions up to 2.4.13, caused by insufficient input sanitization and output escapin...

6.4CVSS5.9AI score0.00241EPSS
Exploits0References10
CVE
CVE
added 2026/07/01 3:43 a.m.13 views

CVE-2026-13443

The CVE-2026-13443 entry concerns the WordPress plugin Tutor LMS (eLearning and online course solution). Affected: all versions up to and including 3.9.13. Issue: Stored Cross-Site Scripting via the Lesson Attachment Title due to insufficient input sanitization and output escaping. Impact: authen...

6.4CVSS5.9AI score0.00206EPSS
Exploits0References8
Rows per page
Query Builder