5.4

CVSS3.1

CVE-2026-22490 - WordPress Bulk Landing Page Creator for WordPress LPagery plugin <= 2.4.9 - Broken Access Control v…

Missing Authorization vulnerability in niklaslindemann Bulk Landing Page Creator for WordPress LPagery lpagery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Landing Page Creator for WordPress LPagery: from n/a through <= 2.4.9.

πŸ“… Published: Jan. 8, 2026, 4:24 p.m. πŸ”„ Last Modified: April 25, 2026, 1:58 a.m.

4.3

CVSS3.1

CVE-2026-22492 - WordPress Docket Cache plugin <= 24.07.04 - Broken Access Control vulnerability

Missing Authorization vulnerability in Nawawi Jamili Docket Cache docket-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Docket Cache: from n/a through <= 24.07.04.

πŸ“… Published: Jan. 8, 2026, 4:23 p.m. πŸ”„ Last Modified: April 25, 2026, 1:58 a.m.

5.4

CVSS3.1

CVE-2026-22517 - WordPress GA4WP: Google Analytics for WordPress plugin <= 2.10.0 - Broken Access Control vulnerabil…

Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress ga-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4WP: Google Analytics for WordPress: from n/a through <= 2.10.0.

πŸ“… Published: Jan. 8, 2026, 4:22 p.m. πŸ”„ Last Modified: April 25, 2026, 1:57 a.m.

6.1

CVSS3.1

CVE-2026-0671 - Multiple stored i18n/message-key XSSes in UploadWizard

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki - UploadWizard extension allows Cross-Site Scripting (XSS).This issue affects MediaWiki - UploadWizard extension: 1.45, 1.44, 1.43, 1.39.

πŸ“… Published: Jan. 8, 2026, 4:21 p.m. πŸ”„ Last Modified: April 18, 2026, 7:45 a.m.

6.5

CVSS3.1

CVE-2026-22518 - WordPress X Addons for Elementor plugin <= 1.0.23 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pencilwp X Addons for Elementor x-addons-elementor allows DOM-Based XSS.This issue affects X Addons for Elementor: from n/a through <= 1.0.23.

πŸ“… Published: Jan. 8, 2026, 4:21 p.m. πŸ”„ Last Modified: April 23, 2026, 3:36 p.m.

6.5

CVSS3.1

CVE-2026-22519 - WordPress MediaPress plugin <= 1.6.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddyDev MediaPress mediapress allows Stored XSS.This issue affects MediaPress: from n/a through <= 1.6.2.

πŸ“… Published: Jan. 8, 2026, 4:19 p.m. πŸ”„ Last Modified: April 23, 2026, 3:36 p.m.

7.5

CVSS3.1

CVE-2026-22521 - WordPress Handmade Framework plugin <= 3.9 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in G5Theme Handmade Framework handmade-framework allows PHP Local File Inclusion.This issue affects Handmade Framework: from n/a through <= 3.9.

πŸ“… Published: Jan. 8, 2026, 4:18 p.m. πŸ”„ Last Modified: April 23, 2026, 3:36 p.m.

9

CVSS3.1

CVE-2025-59468 -

This vulnerability allows a Backup Administrator to perform remote code execution (RCE) as the postgres user by sending a malicious password parameter.

πŸ“… Published: Jan. 8, 2026, 4:18 p.m. πŸ”„ Last Modified: Feb. 26, 2026, 3:04 p.m.

7.8

CVSS3.1

CVE-2025-55125 -

This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as root by creating a malicious backup configuration file.

πŸ“… Published: Jan. 8, 2026, 4:18 p.m. πŸ”„ Last Modified: Jan. 12, 2026, 4:44 p.m.

9

CVSS3.1

CVE-2025-59469 -

This vulnerability allows a Backup or Tape Operator to write files as root.

πŸ“… Published: Jan. 8, 2026, 4:18 p.m. πŸ”„ Last Modified: Feb. 26, 2026, 3:04 p.m.
Total resulsts: 348478
Page 2152 of 34,848
Β« previous page Β» next page
Filters