CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/03/20 4:22 p.m.•18 views

CVE-2025-59383 Media Streaming Add-on

6.9CVSS0.00318EPSS

EUVD•added 2026/03/13 9:31 p.m.•4 views

EUVD-2026-12023

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Liton Arefin Master Addons for Elementor master-addons allows DOM-Based XSS.This issue affects Master Addons for Elementor: from n/a through = 2.1.3...

5.8AI score0.00186EPSS

EUVD•added 2026/03/13 9:31 p.m.•4 views

EUVD-2026-11870

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons shopbuilder allows Retrieve Embedded Sensitive Data.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through =...

5.8AI score0.00251EPSS

Cvelist•added 2026/03/13 11:42 a.m.•30 views

CVE-2026-32462 WordPress Master Addons for Elementor plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability

5.9CVSS0.00186EPSS

ATTACKERKB•added 2026/03/13 11:42 a.m.•3 views

CVE-2026-32457

Missing Authorization vulnerability in Wombat Plugins Advanced Product Fields Product Addons for WooCommerce advanced-product-fields-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Product Fields Product Addons for WooCommerce:...

5.8AI score0.00174EPSS

ATTACKERKB•added 2026/03/13 11:42 a.m.•2 views

CVE-2026-32429

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Noor Alam Magical Addons For Elementor magical-addons-for-elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through = 1.4.1...

5.8AI score0.00161EPSS

CVE•added 2026/03/13 11:42 a.m.•11 views

CVE-2026-32372

CVE-2026-32372 concerns RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons (plugin) with versions up to and including 3.2.4. The issue is described as Exposure of Sensitive System Information to an Unauthorized Control Sphere, allowing retrieval of embedded sensitive data. The provide...

5.3CVSS5.8AI score0.00251EPSS

Positive Technologies•added 2026/03/13 12:0 a.m.•5 views

PT-2026-25304

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themefic Ultimate Addons for Contact Form 7 ultimate-addons-for-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for Contact...

5.8AI score0.00137EPSS

Cvelist•added 2026/03/11 7:36 a.m.•29 views

CVE-2026-2917 Happy Addons for Elementor <= 3.21.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Post Duplication via 'post_id' Parameter

The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the haduplicatething admin action handler. This is due to the canclone method only checking currentusercan'editposts' a general capability without...

5.4CVSS0.00193EPSS

Exploits0References6

RedhatCVE•added 2026/03/11 7:8 a.m.•4 views

CVE-2026-1920

The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ExtensionController::updateitempermissionscheck' function in all versions up to, and including, 1.0.16. This...

RedhatCVE•added 2026/03/11 7:8 a.m.•3 views

CVE-2026-0953

The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.9.5 via the Social Login addon. This is due to the plugin failing to verify that the email provided in the authentication request matches the email from the validated OAuth token...

9.8CVSS5.8AI score0.00655EPSS

Patchstack•added 2026/03/10 9:38 p.m.•4 views

WordPress Booktics plugin <= 1.0.16 - Missing Authorization to Addon Plugin Installation vulnerability

Missing Authorization to Addon Plugin Installation vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin Booktics versions = 1.0.16...

Exploits0References1Affected Software1

EUVD•added 2026/03/10 6:31 p.m.•3 views

EUVD-2026-10468

EUVD•added 2026/03/10 6:31 p.m.•3 views

Exploits0References4

EUVD-2026-10473

9.8CVSS5.8AI score0.00655EPSS

NVD•added 2026/03/10 5:32 p.m.•3 views

CVE-2026-1920

5.3CVSS0.00232EPSS

Cvelist•added 2026/03/10 2:21 a.m.•26 views

CVE-2026-1920 Booktics <= 1.0.16 - Missing Authorization to Addon Plugin Installation

5.3CVSS0.00232EPSS

Vulnrichment•added 2026/03/10 2:21 a.m.•1 views

CVE-2026-1920 Booktics <= 1.0.16 - Missing Authorization to Addon Plugin Installation

CVE•added 2026/03/10 2:21 a.m.•8 views

CVE-2026-1920

CVE-2026-1920 affects the WordPress plugin Booktics (Booking Calendar for Appointments and Service Businesses) up to version 1.0.16. The root cause is a missing capability check in Extension_Controller::update_item_permissions_check, allowing unauthenticated attackers to install addon plugins and...

Positive Technologies•added 2026/03/10 12:0 a.m.•2 views

PT-2026-24175

The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'Extension Controller::update item permissions check' function in all versions up to, and including, 1.0.16. Thi...