CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 5 hours ago•6 views

EUVD-2019-20199

WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to gain unauthorized access by exploiting the social media login form functionality. Attackers can submit a POST request to the admin-ajax.php endpoint with the...

9.8CVSS5.9AI score

NVD•added 4 days ago•10 views

CVE-2026-9187

The Abandoned Contact Form 7 plugin for WordPress is vulnerable to unauthorized arbitrary post deletion in versions up to, and including, 2.2. This is due to a missing capability check and missing nonce validation in the actionremoveabandoned function, which is registered to both the...

5.3CVSS0.00228EPSS

CVE•added 4 days ago•6 views

CVE-2026-9187

The Abandoned Contact Form 7 plugin for WordPress (

5.3CVSS5.5AI score0.00228EPSS

Positive Technologies•added 4 days ago•8 views

PT-2026-49620

The Abandoned Contact Form 7 plugin for WordPress is vulnerable to unauthorized arbitrary post deletion in versions up to, and including, 2.2. This is due to a missing capability check and missing nonce validation in the action remove abandoned function, which is registered to both the wp ajax...

5.3CVSS5.5AI score0.00228EPSS

Vulnrichment•added 5 days ago•4 views

CVE-2016-20068 WordPress Booking Calendar Contact Form 1.0.23 SQL Injection

WordPress Booking Calendar Contact Form version 1.0.23 contains an unauthenticated blind SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send requests to the admin-ajax.php endpoint wit...

8.8CVSS6.2AI score0.00302EPSS

CVE•added 5 days ago•5 views

CVE-2016-20068

The CVE-2016-20068 entry details an unauthenticated blind SQL injection in WordPress Booking Calendar Contact Form 1.0.23. The vulnerability is triggered via admin-ajax.php with action set to dex_bccf_calendar_ajaxevent, using a crafted value in the id parameter to extract sensitive database info...

8.8CVSS6.3AI score0.00302EPSS

Cvelist•added 5 days ago•29 views

CVE-2016-20068 WordPress Booking Calendar Contact Form 1.0.23 SQL Injection

8.8CVSS0.00302EPSS

EUVD•added 5 days ago•3 views

EUVD-2016-10897

8.8CVSS6.2AI score0.00302EPSS

Cvelist•added 5 days ago•29 views

CVE-2016-20070 WordPress Booking Calendar Contact Form 1.0.23 Privilege Escalation Stored XSS

WordPress Booking Calendar Contact Form 1.0.23 contains privilege escalation and stored cross-site scripting vulnerabilities that allow authenticated users to modify plugin options and inject malicious scripts by failing to verify user privileges and sanitize input parameters. Attackers with...

6.4CVSS0.00231EPSS

CVE•added 5 days ago•4 views

CVE-2016-20070

CVE-2016-20070 affects WordPress plug‑in Booking Calendar Contact Form 1.0.23 . The vulnerability comprises a privilege escalation and a stored XSS flaw that allows authenticated, subscriber‑level users to modify plugin options and inject XSS payloads. Payloads can be supplied via parameters such...

6.4CVSS5.3AI score0.00231EPSS

EUVD•added 5 days ago•7 views

EUVD-2026-36697

The WP Go Maps WordPress plugin before 10.0.10 does not properly enforce the marker approval filter on the admin-ajax fallback for its datatables route, allowing unauthenticated visitors to retrieve marker records that the site owner has not approved for public display, including their title,...

5.3CVSS5.3AI score0.00192EPSS

Vulnrichment•added 5 days ago•6 views

CVE-2026-8385 WP Go Maps < 10.0.10 - Unauthenticated Sensitive Information Disclosure via Datatables AJAX Fallback

5.2AI score0.00192EPSS

Cvelist•added 5 days ago•35 views

CVE-2026-8385 WP Go Maps < 10.0.10 - Unauthenticated Sensitive Information Disclosure via Datatables AJAX Fallback

0.00192EPSS

Positive Technologies•added 5 days ago•8 views

PT-2026-49206

8.8CVSS6.2AI score0.00302EPSS

RedhatCVE•added 2026/06/10 8:59 a.m.•7 views

CVE-2026-11603

The Product Filter Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via 'argsfilterFormArray' Parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS5.7AI score0.00205EPSS

NVD•added 2026/06/09 1:16 p.m.•10 views

CVE-2017-20244

Wow Forms WordPress Plugin version 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to read arbitrary database information by exploiting an unescaped POST parameter. Attackers can inject SQL code through the 'mwpformid' parameter in requests to the admin-ajax.php...

8.8CVSS0.0027EPSS

NVD•added 2026/06/09 1:16 p.m.•6 views

CVE-2017-20245

Wow Viral Signups 2.1 WordPress plugin contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by exploiting the unescaped 'idsignup' POST parameter. Attackers can send crafted requests to the admin-ajax.php endpoint with malicious SQL payload...

8.8CVSS0.0027EPSS

NVD•added 2026/06/09 1:16 p.m.•6 views

CVE-2016-20065

Product Catalog 8 1.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the selectedCategory parameter. Attackers can submit POST requests to the admin-ajax.php endpoint with the...

8.8CVSS0.0027EPSS

Vulnrichment•added 2026/06/09 11:48 a.m.•7 views

CVE-2017-20245 Wow Viral Signups 2.1 WordPress Plugin SQL Injection

8.8CVSS5.8AI score0.0027EPSS