108042+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.
Unauthenticated Cross Site Scripting (XSS) in Modula - PRO <= 2.10.8 versions.
Unauthenticated Cross Site Scripting (XSS) in WPAdverts <= 2.3.1 versions.
Unauthenticated Cross Site Scripting (XSS) in ChatBot <= 8.3.2 versions.
Unauthenticated Cross Site Scripting (XSS) in Survey Maker <= 5.2.2.5 versions.
Unauthenticated Cross Site Scripting (XSS) in eCommerce Product Catalog <= 3.5.4 versions.
Unauthenticated Cross Site Scripting (XSS) in ReviewX <= 2.3.10 versions.
Unauthenticated Cross Site Scripting (XSS) in Customize My Account for WooCommerce <= 4.3.9 versions.
Unauthenticated Cross Site Scripting (XSS) in Search Atlas SEO <= 2.6.6 versions.
Unauthenticated Cross Site Scripting (XSS) in MC Woocommerce Wishlist <= 1.9.19 versions.
Subscriber Broken Access Control in Classified Listing <= 5.4.2 versions.
Subscriber Cross Site Scripting (XSS) in JetReviews <= 3.0.0.1 versions.
Subscriber Broken Access Control in Link Whisper Premium <= 2.9.0 versions.
Unauthenticated Broken Authentication in ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce <= 2.2.0 versions.
Unauthenticated Cross Site Scripting (XSS) in HandL UTM Grabber <= 2.9.2 versions.
Unauthenticated Cross Site Scripting (XSS) in WP Debugging <= 2.12.2 versions.
Unauthenticated Cross Site Scripting (XSS) in WPeMatico RSS Feed Fetcher <= 2.8.17 versions.
Unauthenticated Server Side Request Forgery (SSRF) in Paid Member Subscriptions <= 3.0.4 versions.
Subscriber Sensitive Data Exposure in Hotel Booking Lite <= 6.0.3 versions.
Unauthenticated Cross Site Scripting (XSS) in Internal Links Manager <= 3.0.3 versions.
Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.4.2 versions.
Unauthenticated Cross Site Scripting (XSS) in Real Estate 7 <= 3.5.9 versions.
Subscriber Cross Site Scripting (XSS) in ShortPixel Adaptive Images <= 3.11.3 versions.
Deserialization of Untrusted Data vulnerability in Themify Themify Popup allows Object Injection. This issue affects Themify Popup: from n/a through 1.4.3.
Customer Path Traversal in Tax Exempt for WooCommerce <= 1.9.3 versions.
Unauthenticated Local File Inclusion in Audrey <= 1.5 versions.
Unauthenticated Broken Access Control in NOWPayments for WooCommerce <= 1.4.0 versions.
Editor Arbitrary Code Execution in Five Star Business Profile and Schema <= 2.3.19 versions.
Unauthenticated Broken Access Control in Motors <= 5.6.80 versions.
Unauthenticated Cross Site Scripting (XSS) in TheFox <= 3.9.76 versions.
Unauthenticated Cross Site Scripting (XSS) in Automotive Car Dealership Business <= 13.3.3 versions.
Unauthenticated Cross Site Scripting (XSS) in Automotive Listings <= 18.6 versions.
Subscriber Arbitrary File Upload in Zegen <= 1.1.9 versions.
Contributor PHP Object Injection in Werkstatt <= 4.8.3 versions.
Unauthenticated Local File Inclusion in Pearl - Corporate Business <= 3.4.10 versions.
Unauthenticated Cross Site Scripting (XSS) in NativeChurch <= 4.8.8.2 versions.
Unauthenticated Cross Site Scripting (XSS) in LMS <= 9.7 versions.
Unauthenticated Cross Site Scripting (XSS) in Kids Life | Children School WordPress <= 5.2 versions.
Contributor PHP Object Injection in ARMember Premium <= 7.0 versions.
u5CMS through v12.8.8 is vulnerable to reflected XSS via the ‘thanks’ parameter in multiple form components
An unauthenticated remote attacker can exhaust server memory via the GetEndpoints Discovery Service in open62541. The endpointUrl field of GetEndpointsRequest is not validated for length. …
Unauthenticated Cross Site Scripting (XSS) in Kids Zone - Children WordPress Theme <= 5.4 versions.
Unauthenticated Cross Site Scripting (XSS) in Fitness Zone WordPress Theme <= 5.7 versions.
Unauthenticated Cross Site Scripting (XSS) in SpaLab | Beauty Salon WordPress Theme <= 6.7 versions.
Unauthenticated Cross Site Scripting (XSS) in Trendy Travel <= 6.7 versions.
Unauthenticated Cross Site Scripting (XSS) in Artale | Wedding Photography WordPress <= 2.2.2 versions.
Unauthenticated Arbitrary Content Deletion in OpenAI Chatbot for WordPress – Helper <= 1.1.4 versions.
Subscriber Local File Inclusion in Tourmaster <= 5.4.5 versions.
Subscriber Sensitive Data Exposure in Corpkit <= 1.0.5 versions.
Subscriber SQL Injection in Unicamp <= 2.2.2 versions.
Unauthenticated Broken Access Control in Woostify Sites Library <= 1.6.2 versions.
Free website and port scanning — find vulnerabilities before attackers do.