CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/05/22 7:50 a.m.•7 views

CVE-2026-8684

Vulnrichment•added 2026/05/22 7:50 a.m.•8 views

Exploits0References9

CVE-2026-8684 MotoPress Hotel Booking <= 6.0.1 - Missing Authorization to Unauthenticated Arbitrary Booking Notes Modification via mphb_update_booking_notes AJAX Action

EUVD•added 2026/05/22 7:50 a.m.•9 views

EUVD-2026-31417

EUVD•added 2026/05/22 7:50 a.m.•10 views

EUVD-2026-31415

The Widget Context plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.3. This is due to missing or incorrect nonce validation on the savewidgetcontextsettings function. This makes it possible for unauthenticated attackers to modify widget...

4.3CVSS5.7AI score0.00168EPSS

EUVD•added 2026/05/22 7:50 a.m.•14 views

EUVD-2026-31414

The Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it...

4.3CVSS5.8AI score0.00225EPSS

NVD•added 2026/05/22 5:16 a.m.•12 views

CVE-2026-4070

The Alfie – Feed Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the alfiemanage function which handles feed deletion via the 'delete' GET parameter. This makes it possible for...

4.3CVSS0.00164EPSS

NVD•added 2026/05/22 5:16 a.m.•13 views

CVE-2026-7249

The Location Weather plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the splwupdateblockoptions and lwpcleanweathertransients functions in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with...

4.3CVSS0.00248EPSS

NVD•added 2026/05/22 5:16 a.m.•15 views

CVE-2026-3481

The WP Blockade plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcode' parameter in all versions up to and including 0.9.14. This is due to insufficient input sanitization and output escaping in the rendershortcodepreview function. The function receives user inpu...

6.1CVSS0.00249EPSS

ATTACKERKB•added 2026/05/22 4:29 a.m.•13 views

CVE-2026-4070

4.3CVSS5.9AI score0.00164EPSS

EUVD•added 2026/05/22 4:29 a.m.•10 views

EUVD-2026-31411

4.3CVSS5.9AI score0.00164EPSS

Cvelist•added 2026/05/22 4:29 a.m.•34 views

CVE-2026-3481 WP Blockade <= 0.9.14 - Reflected Cross-Site Scripting via 'shortcode' Parameter

6.1CVSS0.00249EPSS

CVE•added 2026/05/22 4:29 a.m.•21 views

CVE-2026-3481

The CVE-2026-3481 entry concerns the WP Blockade WordPress plugin (versions

6.1CVSS6AI score0.00249EPSS

ATTACKERKB•added 2026/05/22 3:39 a.m.•4 views

CVE-2026-7249

4.3CVSS5.8AI score0.00248EPSS

Exploits0References7

EUVD•added 2026/05/22 3:39 a.m.•14 views

EUVD-2026-31404

4.3CVSS5.8AI score0.00248EPSS

Positive Technologies•added 2026/05/22 12:0 a.m.•15 views

PT-2026-42723

Name of the Vulnerable Software and Affected Versions WP Blockade versions prior to 0.9.15 Description The plugin is subject to Reflected Cross-Site Scripting, a flaw where an application includes untrusted data in a web page without proper validation, allowing attackers to execute scripts in the...

6.1CVSS5.9AI score0.00249EPSS

Exploits0References10

Positive Technologies•added 2026/05/22 12:0 a.m.•11 views

PT-2026-42738

CNNVD•added 2026/05/22 12:0 a.m.•7 views

Exploits0References9

WordPress plugin Alfie – Feed Plugin 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00164EPSS