CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

61 matches found

Patchstack•added 2026/02/02 4:28 a.m.•5 views

WordPress CubeWP plugin <= 1.1.27 - Unauthenticated Information Exposure vulnerability

Unauthenticated Information Exposure vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin CubeWP versions = 1.1.27...

5.3CVSS5.9AI score0.00069EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/01/30 5:52 a.m.•4 views

WordPress CubeWP plugin <= 1.1.27 - Unauthenticated Post Disclosure in class-cubewp-search-ajax-hooks.php vulnerability

Unauthenticated Post Disclosure in class-cubewp-search-ajax-hooks.php vulnerability discovered by stealthcopter in WordPress Plugin CubeWP versions = 1.1.27...

4.3CVSS5.9AI score0.00068EPSS

Exploits0References1Affected Software1

NVD•added 2026/01/25 3:15 a.m.•3 views

CVE-2025-6461

The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the search feature in class-cubewp-search-ajax-hooks.php due to insufficient restrictions on which posts can be included. This makes it...

4.3CVSS0.00068EPSS

Exploits0References2

ATTACKERKB•added 2026/01/25 2:22 a.m.•3 views

CVE-2025-6461

4.3CVSS5.9AI score0.00068EPSS

Exploits0References3

EUVD•added 2026/01/25 2:22 a.m.•4 views

EUVD-2026-4642

4.3CVSS5.6AI score0.00068EPSS

Exploits0References3

RedhatCVE•added 2026/01/18 8:3 a.m.•4 views

CVE-2025-12129

The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the /cubewp-posts/v1/query-new and /cubewp-posts/v1/query REST API endpoints due to insufficient restrictions on which posts can be include...

5.3CVSS6.2AI score0.00069EPSS

Exploits0References1

Cvelist•added 2026/01/17 7:27 a.m.•20 views

CVE-2025-12129 CubeWP – All-in-One Dynamic Content Framework <= 1.1.27 - Unauthenticated Information Exposure

5.3CVSS0.00069EPSS

Exploits0References2

Positive Technologies•added 2026/01/17 12:0 a.m.•2 views

PT-2026-3353

5.3CVSS6.2AI score0.00069EPSS

Exploits0References3

EUVD•added 2025/12/30 12:32 a.m.•1 views

EUVD-2025-205673

Missing Authorization vulnerability in Emraan Cheema CubeWP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CubeWP: from n/a through 1.1.27...

7.5CVSS6.5AI score0.00039EPSS

Exploits0References2

NVD•added 2025/12/30 12:15 a.m.•1 views

CVE-2025-68036

Missing Authorization vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CubeWP: from n/a through = 1.1.27...

7.5CVSS0.00039EPSS

Exploits0References1

CNNVD•added 2025/12/30 12:0 a.m.•1 views

WordPress plugin CubeWP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

7.5CVSS5.8AI score0.00039EPSS

Exploits0References2

Cvelist•added 2025/12/29 11:26 p.m.•24 views

CVE-2025-68036 WordPress CubeWP plugin <= 1.1.27 - Broken Access Control vulnerability

Missing Authorization vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CubeWP: from n/a through = 1.1.27...

7.5CVSS0.00039EPSS

Exploits0References1

Positive Technologies•added 2025/12/29 12:0 a.m.•1 views

PT-2025-53813

Name of the Vulnerable Software and Affected Versions CubeWP versions through 1.1.27 Description A missing authorization issue exists in CubeWP, allowing access to functionality that is not properly restricted by Access Control Lists ACLs. This could allow unauthorized access to certain features ...

7.5CVSS6.5AI score0.00039EPSS

Exploits0References6

Patchstack•added 2025/12/26 7:16 a.m.•3 views

WordPress CubeWP plugin <= 1.1.27 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by MD ISMAIL in WordPress Plugin CubeWP versions = 1.1.27...

7.5CVSS6.7AI score0.00039EPSS

Exploits0Affected Software1

RedhatCVE•added 2025/11/12 12:6 p.m.•4 views

CVE-2025-12788

The Hydra Booking — Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to missing payment verification to unauthenticated payment bypass in all versions up to, and including, 1.1.27. This is due to the plugin accepting client-controlled payment confirmation data in the...

5.3CVSS5.9AI score0.00155EPSS

Exploits0References1

RedhatCVE•added 2025/11/12 12:6 p.m.•2 views

CVE-2025-12787

The Hydra Booking — Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to unauthorized booking cancellation in all versions up to, and including, 1.1.27. This is due to the plugin's "tfhbmeetingformsubmitcallback" function using insufficiently random values to generate...

5.3CVSS6.1AI score0.00123EPSS

Exploits0References1

NVD•added 2025/11/11 11:15 a.m.•2 views

CVE-2025-12787

5.3CVSS0.00123EPSS

Exploits0References2

NVD•added 2025/11/11 11:15 a.m.•2 views

CVE-2025-12788

5.3CVSS0.00155EPSS

Exploits0References2

Cvelist•added 2025/11/11 11:3 a.m.•4 views

CVE-2025-12788 Hydra Booking – All in One Appointment Booking System | Appointment Scheduling, Booking Calendar & WooCommerce Bookings <= 1.1.27 - Missing Payment Verification to Unauthenticated Payment Bypass

5.3CVSS0.00155EPSS

Exploits0References2

Vulnrichment•added 2025/11/11 11:3 a.m.•2 views

5.3CVSS5.6AI score0.00155EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by