Lucene search
K

371466 matches found

CVE
CVE
added 2026/07/02 11:14 a.m.20 views

CVE-2026-27060

CVE-2026-27060 details (connected documents) : A PHP Object Injection vulnerability affects the WordPress ARMember Premium plugin (<= 7.0). The root cause is PHP Object Injection in ARMember Premium

8.8CVSS5.8AI score0.00288EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:14 a.m.11 views

CVE-2025-69156

CVE-2025-69156 details unauthenticated Cross Site Scripting in the WordPress Kids Zone – Children WordPress Theme, affected Versions

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:14 a.m.14 views

CVE-2025-69155

CVE-2025-69155 affects the Fitness Zone WordPress Theme up to version 5.7. It is described as an unauthenticated Cross Site Scripting (XSS) vulnerability in the theme, with CVSS v3.1 base score 7.1 (HIGH). Attack vector: NETWORK; Attack complexity: LOW; Privileges required: NONE; User interaction...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:14 a.m.16 views

CVE-2025-69154

CVE-2025-69154 affects the SpaLab | Beauty Salon WordPress Theme up to version 6.7. It is an unauthenticated Cross-Site Scripting (XSS) vulnerability in the theme. The CVSS v3.1 base score is 7.1 (HIGH) with network attack, no privileges required, user interaction required, and low impacts to con...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:14 a.m.13 views

CVE-2025-69153

Mode C: CVE-2025-69153 affects the WordPress Trendy Travel theme (≤ 6.7). The issue is an unauthenticated reflected XSS in the Trendy Travel theme, enabling injection of script via user interaction. Impact is listed as low for confidentiality, integrity, and availability, with a CVSS ~7.1 (NETWOR...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:14 a.m.14 views

CVE-2025-69152

CVE-2025-69152 affects the Artale | Wedding Photography WordPress theme (versions

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:14 a.m.16 views

CVE-2025-69134

CVE-2025-69134: WordPress OpenAI Chatbot for WordPress – Helper plugin

7.5CVSS5.8AI score0.003EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:14 a.m.21 views

CVE-2025-69133

CVE-2025-69133 affects the WordPress Tourmaster plugin versions

7.5CVSS5.8AI score0.004EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:14 a.m.13 views

CVE-2025-69132

Technical details about CVE-2025-69132 are not publicly available in the provided documents. Please monitor sources for updates regarding affected product versions, root cause, impact, and remediation.

6.5CVSS5.8AI score0.00355EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:14 a.m.16 views

CVE-2025-69094

CVE-2025-69094 affects the WordPress Unicamp theme (versions

8.5CVSS5.8AI score0.00278EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:14 a.m.10 views

CVE-2025-66076

The CVE concerns WordPress Woostify Sites Library plugin (versions ≤ 1.6.2) with an Unauthenticated Broken Access Control vulnerability. The connected documents confirm the affected product and issue type but do not provide a remediation version or explicit exploit details. No further technical s...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:14 a.m.18 views

CVE-2025-58902

CVE-2025-58902 affects the WordPress Lighthouse theme (versions <= 1.2.12). It is an unauthenticated Local File Inclusion (LFI) vulnerability in Lighthouse

8.1CVSS5.8AI score0.00282EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 10:54 a.m.17 views

CVE-2026-11946

CVE-2026-11946 affects open62541 (1.4.0–1.4.16, 1.5.0–1.5.4, master). An unauthenticated remote attacker can exhaust server memory through GetEndpoints by sending an oversized endpointUrl in GetEndpointsRequest; length is not validated, allowing ~4.09 GB strings split across chunks, buffered in R...

7.5CVSS5.8AI score0.00386EPSS
Exploits0References3
CVE
CVE
added 2026/07/02 10:30 a.m.22 views

CVE-2026-54431

CVE-2026-54431 affects the liboauth2 DPoP verifier. The bug allows a DPoP proof whose JWK header embeds private key material to be accepted, violating RFC 9449 section 4.3 step 7, because the function oauth2_token_verify() returns success for a malformed DPoP proof that embeds the private EC key ...

5.1CVSS5.8AI score0.00128EPSS
Exploits0References3
CVE
CVE
added 2026/07/02 10:30 a.m.20 views

CVE-2026-54430

liboauth2 is affected by a Server-Side Request Forgery in the oauth2_jose_jwks_aws_alb_resolve() function. The AWS ALB verifier reads signer and kid from the unverified JWT header; if the signer matches the configured ARN, the kid is appended to alb_base_url without URL encoding or path sanitizat...

5.1CVSS5.8AI score0.00121EPSS
Exploits0References3
CVE
CVE
added 2026/07/02 9:32 a.m.18 views

CVE-2026-13369

CVE-2026-13369 affects the WordPress plugin Ninja Forms - File Uploads (versions up to 3.3.29). The vulnerability stems from the function chain around attach_files() → get_files_for_attachment() where a client-controlled raw files array is accepted when the process() method exits early due to a u...

7.5CVSS5.9AI score0.00522EPSS
Exploits0References4
CVE
CVE
added 2026/07/02 9:32 a.m.20 views

CVE-2026-8441

WP Review Slider Pro for WordPress is affected up to v12.7.2 by an unauthenticated SQL injection via the wprp_load_more_revs AJAX action. The notinstring parameter is read from $_POST, sanitized only with sanitize_text_field(), and concatenated into an unquoted numeric clause (AND id NOT IN (...)...

7.5CVSS6AI score0.00374EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 9:32 a.m.17 views

CVE-2026-13251

The CVE-2026-13251 entry concerns the WordPress Perfmatters plugin (

7.5CVSS5.9AI score0.0082EPSS
Exploits0References3
CVE
CVE
added 2026/07/02 9:32 a.m.25 views

CVE-2026-9145

The CVE-2026-9145 entry describes an Arbitrary File Copy vulnerability in the Database for Contact Form 7, WPforms, and Elementor forms plugin for WordPress (≤ 1.5.1). The flaw is in the Contact Form Entries handler, which uses the raw_value from Elementor Pro’s Form_Record for upload-type fields...

6.5CVSS6AI score0.00372EPSS
Exploits0References5
CVE
CVE
added 2026/07/02 8:42 a.m.14 views

CVE-2026-8482

StormShield Network Security versions affected: 4.3.0–4.3.41, 4.8.0–4.8.15, and 5.0.0–5.0.5. A disclosed information-leak vulnerability arises when administration commands are executed via the CLI tool. If an attacker gains SSH access to the firewall (in SSH multiuser mode), they may obtain sensi...

4.3CVSS5.8AI score0.00212EPSS
Exploits0References1
Rows per page
Query Builder