Busca de CVEs

365.395 resultados
CVE-2026-9709HIGHThemeco Cornerstone < 7.8.9 (Premium, bundled with X Theme) - Subscriber+ Arbitrary User Meta DisclosureEPSS 0.2%CVE-2026-10753LOWSite Kit by Google < 1.176.0 - Editor+ Email Reporting Settings UpdateEPSS 0.2%CVE-2026-10749HIGHPost Duplicator < 3.0.15 - Contributor+ PHP Object Injection via customMetaDataEPSS 0.3%CVE-2026-10735HIGHShapedPlugin Multiple Pro Plugins - Backdoor via Compromised Vendor Update ServerEPSS 0.4%CVE-2026-10531MEDIUMAI Share & Summarize < 2.0.4 - Contributor+ Stored XSS via title_style Shortcode AttributeEPSS 0.1%CVE-2026-13006HIGHIncomplete protection against CVE-2025-11226EPSS 0.1%CVE-2026-8690MEDIUMRentMy Real-Time Rental Management Plugin <= 4.0.4.1 - Missing Authorization to Unauthenticated Settings Update via rentmy_cdn_request AJAX ActionEPSS 0.3%CVE-2026-9178HIGHWP Forms Connector <= 1.8 - Missing Authorization to Unauthenticated Information Exposure via 'user/list' REST EndpointEPSS 0.3%CVE-2026-11997MEDIUMBulk SEO Image <= 1.1 - Cross-Site Request Forgery to Settings UpdateEPSS 0.1%CVE-2026-8622MEDIUMImage Sizes on Demand <= 1.3 - Reflected Cross-Site Scripting via PHP_SELF Server VariableEPSS 0.2%CVE-2026-9612MEDIUMWhatsOrder <= 1.0.1 - Unauthenticated Sensitive Information Exposure via Predictable Invoice File URLsEPSS 0.3%CVE-2026-8688MEDIUMAdvance Nav Menu Manager <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Nav Menu Item Modification via anmm_save_menu_data AJAX ActionEPSS 0.2%CVE-2026-9620MEDIUMWP Latest Posts <= 5.0.11 - Authenticated (Author+) Stored Cross-Site Scripting via Post Content Image src AttributeEPSS 0.2%CVE-2026-8865MEDIUMAvalon23 Products Filter for WooCommerce <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode AttributesEPSS 0.2%CVE-2026-8896MEDIUMMIR blocks and shortcodes <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode AttributesEPSS 0.2%CVE-2026-9183MEDIUM24liveblog <= 2.2 - Authenticated (Contributor+) Exposure of Sensitive Information via Block Editor Script LocalizationEPSS 0.2%CVE-2026-12416CRITICALInvoice Generator <= 1.0.0 - Unauthenticated Account Takeover via Weak Password Reset Validation via 'reset_user_id' ParameterEPSS 0.4%CVE-2026-12417CRITICALSignUp & SignIn <= 1.0.0 - Unauthenticated Privilege Escalation via Weak Password Reset Validation via 'reset_activation_code' Leading to Account TakeoverEPSS 0.5%CVE-2026-9643HIGHWP Meta SEO <= 4.5.18 - Unauthenticated Stored Cross-Site Scripting via REQUEST_URI in 404 LoggingEPSS 0.2%CVE-2026-9172MEDIUMDevs Accounting <= 1.2.0 - Missing Authorization to Unauthenticated Account Deletion via /delete-account/ REST EndpointEPSS 0.2%