CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

112 matches found

ATTACKERKB•added 2026/03/21 3:26 a.m.•2 views

CVE-2026-1253

The Group Chat & Video Chat by AtomChat plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'atomchatupdateauthajax' and 'atomchatupdatelayoutajax' functions in all versions up to, and including, 1.1.7. This makes it possible for...

5.3CVSS5.8AI score0.00084EPSS

Exploits0References4

CVE•added 2026/02/25 9:26 a.m.•8 views

CVE-2025-14742

CVE-2025-14742 : The WP Recipe Maker plugin for WordPress is vulnerable to unauthorized data access due to a missing capability check on the ajax_search_recipes and ajax_get_recipe functions in all versions up to and including 10.2.3. This allows authenticated attackers with Subscriber-level acce...

4.3CVSS5.4AI score0.00047EPSS

Exploits0References6

RedhatCVE•added 2026/01/09 9:56 a.m.•10 views

CVE-2020-12077

The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPress does not correctly implement AJAX functions with nonces or capability checks, leading to remote code execution...

8.8CVSS7.5AI score0.51405EPSS

Exploits3References1

RedhatCVE•added 2026/01/07 9:18 a.m.•4 views

CVE-2025-1681

The Cardealer theme for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check and missing filename sanitization on the demo theme scheme AJAX functions in versions up to, and including, 1.6.4. This makes it possible for authenticated...

5.4CVSS6.6AI score0.00082EPSS

Exploits0References1

RedhatCVE•added 2025/11/12 12:6 p.m.•6 views

CVE-2025-12953

The Classified Listing – AI-Powered Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the "rtclajaxaddlistingtype", "rtclajaxupdatelistingtype", and "rtclajaxdeletelistingtype" function in all...

4.3CVSS5AI score0.00038EPSS

Exploits0References1

EUVD•added 2025/11/11 12:30 p.m.•2 views

EUVD-2025-84361

4.3CVSS4.6AI score0.00038EPSS

Exploits0References3

Vulnrichment•added 2025/10/24 8:23 a.m.•2 views

CVE-2025-11887 Supervisor <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update

The Supervisor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX functions in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update...

4.3CVSS4.8AI score0.00036EPSS

Exploits0References2

Positive Technologies•added 2025/10/11 12:0 a.m.•3 views

PT-2025-41649

Name of the Vulnerable Software and Affected Versions WPC Smart Wishlist for WooCommerce plugin for WordPress versions up to and including 5.0.3 Description The software is susceptible to an Insecure Direct Object Reference issue in several wishlist AJAX functions. This is due to a lack of...

5.3CVSS6.5AI score0.00067EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-25694

Malware in sbrugna...

8.1CVSS8AI score0.00294EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2013-0742

Malware in sbrugna...

5CVSS6.1AI score0.00585EPSS

Exploits1References7