Lucene search
K

368753 matches found

CVE
CVE
added 4 days ago9 views

CVE-2025-69152

CVE-2025-69152 affects the Artale | Wedding Photography WordPress theme (versions

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
CVE
CVE
added 4 days ago12 views

CVE-2025-69134

CVE-2025-69134: WordPress OpenAI Chatbot for WordPress – Helper plugin

7.5CVSS5.8AI score0.003EPSS
Exploits0References1
CVE
CVE
added 4 days ago15 views

CVE-2025-69133

CVE-2025-69133 affects the WordPress Tourmaster plugin versions

7.5CVSS5.8AI score0.004EPSS
Exploits0References1
CVE
CVE
added 4 days ago10 views

CVE-2025-69132

Technical details about CVE-2025-69132 are not publicly available in the provided documents. Please monitor sources for updates regarding affected product versions, root cause, impact, and remediation.

6.5CVSS5.8AI score0.00355EPSS
Exploits0References1
CVE
CVE
added 4 days ago12 views

CVE-2025-69094

CVE-2025-69094 affects the WordPress Unicamp theme (versions

8.5CVSS5.8AI score0.00278EPSS
Exploits0References1
CVE
CVE
added 4 days ago9 views

CVE-2025-66076

The CVE concerns WordPress Woostify Sites Library plugin (versions ≤ 1.6.2) with an Unauthenticated Broken Access Control vulnerability. The connected documents confirm the affected product and issue type but do not provide a remediation version or explicit exploit details. No further technical s...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References1
CVE
CVE
added 4 days ago12 views

CVE-2025-58902

CVE-2025-58902 affects the WordPress Lighthouse theme (versions <= 1.2.12). It is an unauthenticated Local File Inclusion (LFI) vulnerability in Lighthouse

8.1CVSS5.8AI score0.00282EPSS
Exploits0References1
CVE
CVE
added 4 days ago10 views

CVE-2026-11946

CVE-2026-11946 affects open62541 (1.4.0–1.4.16, 1.5.0–1.5.4, master). An unauthenticated remote attacker can exhaust server memory through GetEndpoints by sending an oversized endpointUrl in GetEndpointsRequest; length is not validated, allowing ~4.09 GB strings split across chunks, buffered in R...

7.5CVSS5.8AI score0.00386EPSS
Exploits0References3
CVE
CVE
added 4 days ago13 views

CVE-2026-54431

CVE-2026-54431 affects the liboauth2 DPoP verifier. The bug allows a DPoP proof whose JWK header embeds private key material to be accepted, violating RFC 9449 section 4.3 step 7, because the function oauth2_token_verify() returns success for a malformed DPoP proof that embeds the private EC key ...

5.1CVSS5.8AI score0.00128EPSS
Exploits0References3
CVE
CVE
added 4 days ago14 views

CVE-2026-54430

liboauth2 is affected by a Server-Side Request Forgery in the oauth2_jose_jwks_aws_alb_resolve() function. The AWS ALB verifier reads signer and kid from the unverified JWT header; if the signer matches the configured ARN, the kid is appended to alb_base_url without URL encoding or path sanitizat...

5.1CVSS5.8AI score0.00121EPSS
Exploits0References3
CVE
CVE
added 4 days ago14 views

CVE-2026-13369

CVE-2026-13369 affects the WordPress plugin Ninja Forms - File Uploads (versions up to 3.3.29). The vulnerability stems from the function chain around attach_files() → get_files_for_attachment() where a client-controlled raw files array is accepted when the process() method exits early due to a u...

7.5CVSS5.9AI score0.00522EPSS
Exploits0References4
CVE
CVE
added 4 days ago17 views

CVE-2026-8441

WP Review Slider Pro for WordPress is affected up to v12.7.2 by an unauthenticated SQL injection via the wprp_load_more_revs AJAX action. The notinstring parameter is read from $_POST, sanitized only with sanitize_text_field(), and concatenated into an unquoted numeric clause (AND id NOT IN (...)...

7.5CVSS6AI score0.00374EPSS
Exploits0References2
CVE
CVE
added 4 days ago13 views

CVE-2026-13251

The CVE-2026-13251 entry concerns the WordPress Perfmatters plugin (

7.5CVSS5.9AI score0.0082EPSS
Exploits0References3
CVE
CVE
added 4 days ago18 views

CVE-2026-9145

The CVE-2026-9145 entry describes an Arbitrary File Copy vulnerability in the Database for Contact Form 7, WPforms, and Elementor forms plugin for WordPress (≤ 1.5.1). The flaw is in the Contact Form Entries handler, which uses the raw_value from Elementor Pro’s Form_Record for upload-type fields...

6.5CVSS6AI score0.00372EPSS
Exploits0References5
CVE
CVE
added 4 days ago10 views

CVE-2026-8482

StormShield Network Security versions affected: 4.3.0–4.3.41, 4.8.0–4.8.15, and 5.0.0–5.0.5. A disclosed information-leak vulnerability arises when administration commands are executed via the CLI tool. If an attacker gains SSH access to the firewall (in SSH multiuser mode), they may obtain sensi...

4.3CVSS5.8AI score0.00212EPSS
Exploits0References1
CVE
CVE
added 4 days ago12 views

CVE-2026-14029

The Groundhogg WordPress plugin (versions up to and including 4.5.8) is affected by a generic SQL Injection via the 'select' parameter. The root cause is insufficient escaping and inadequate preparation of the underlying SQL query, allowing an authenticated attacker with a custom Groundhogg role ...

6.5CVSS5.8AI score0.00441EPSS
Exploits0References10
CVE
CVE
added 4 days ago9 views

CVE-2026-10104

The Product Video Gallery for Woocommerce plugin (WordPress) is affected up to version 1.5.1.8 by a Stored Cross-Site Scripting flaw in the custom_thumbnail parameter, caused by insufficient input sanitization and output escaping. Exploitation requires shop manager-level access or higher (authent...

4.4CVSS5.9AI score0.00263EPSS
Exploits1References8
CVE
CVE
added 4 days ago10 views

CVE-2026-13252

The CVE-2026-13252 entry concerns the WordPress plugin RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator. Affected: the plugin’s handling of the aspectRatio attribute allows Stored Cross-Site Scripting due to insufficient input sanitization and output es...

6.4CVSS5.9AI score0.00274EPSS
Exploits0References6
CVE
CVE
added 4 days ago13 views

CVE-2026-12472

The CVE-2026-12472 entry concerns the Kirki – Freeform Page Builder, Website Builder & Customizer WordPress plugin. It states an authorization bypass in all versions up to 6.0.11, enabling unauthenticated attackers to send arbitrary HTML-injected emails via the site’s mail server, potentially phi...

5.3CVSS5.9AI score0.00283EPSS
Exploits0References6
CVE
CVE
added 4 days ago14 views

CVE-2026-11896

The CVE-2026-11896 entry describes a flaw in the WordPress plugin “My Calendar – Accessible Event Manager” (versions up to 3.7.14). The root cause is missing validation on a user-controlled key used by the vcal parameter, enabling Insecure Direct Object Reference. This allows unauthenticated atta...

5.3CVSS5.8AI score0.00313EPSS
Exploits0References14
Rows per page
Query Builder