CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5193 matches found

Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit - Broken Access Control

The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the installoractivateaddonplugins function and a weak nonce hash in all...

9.8CVSS5.8AI score0.1952EPSS

Exploits0References3

WPVulnDB•added 3 days ago•4 views

DearFlip – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer <= 2.4.28 - Missing Authorization

Description The DearFlip – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.4.28. This makes it possible for authenticated attackers, with contributor-leve...

4.3CVSS5.8AI score0.00028EPSS

Exploits0References1

NVD•added 6 days ago•5 views

CVE-2025-12714

The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the updatesiteeditorhomepage function in all versions up to, and including, 1.0.271. This makes it possible for unauthenticated attackers to...

5.3CVSS0.00057EPSS

Exploits0References6

ATTACKERKB•added 6 days ago•4 views

CVE-2025-12714

5.3CVSS5.8AI score0.00057EPSS

Exploits0References7

Cvelist•added 6 days ago•25 views

CVE-2025-12714 Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.271 - Missing Authorization to Unauthenticated Homepage Settings Modification

5.3CVSS0.00057EPSS

Exploits0References6

EUVD•added 6 days ago•5 views

EUVD-2025-209984

5.3CVSS5.8AI score0.00057EPSS

Exploits0References6

Positive Technologies•added 6 days ago•4 views

PT-2026-44796

The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the update site editor homepage function in all versions up to, and including, 1.0.271. This makes it possible for unauthenticated attackers to...

5.3CVSS5.8AI score0.00057EPSS

Exploits0References7

CVE•added last week•6 views

CVE-2026-8689

The CVE concerns the Visualizer: Tables and Charts Manager for WordPress plugin (WordPress) with versions up to 3.11.14. Root cause: missing capability checks on renderChartPages() and uploadData(), enabling certain AJAX actions (wp_ajax_visualizer-create-chart, wp_ajax_visualizer-edit-chart, and...

4.3CVSS5.9AI score0.00034EPSS

Exploits0References8

SUSE CVE•added last week•3 views

SUSE CVE-2026-45932

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix tcx/netkit detach permissions when prog fd isn't given This commit fixes a security issue where BPFPROGDETACH on tcx or netkit devices could be executed by any user when no program fd was provided, bypassing permission...

5.8AI score0.00011EPSS

Exploits0References3

EUVD•added 2026/05/28 12:30 a.m.•7 views

EUVD-2026-32678

The Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the sendtestemail function in all versions up to, and including, 3.4.7. This makes it possible for authenticated...

4.3CVSS5.9AI score0.0001EPSS

Exploits0References3

ATTACKERKB•added 2026/05/27 11:26 p.m.•7 views

CVE-2026-4888

4.3CVSS5.9AI score0.0001EPSS

Exploits0References3

Vulnrichment•added 2026/05/27 11:26 p.m.•4 views

CVE-2026-4888 Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder <= 3.4.7 - Missing Authorization to Authenticated (Subscriber+) Email Sending

4.3CVSS5.9AI score0.0001EPSS

Exploits0References2

EUVD•added 2026/05/27 3:33 p.m.•2 views

EUVD-2026-32216

5.8AI score0.00011EPSS

Exploits0References4

NVD•added 2026/05/27 2:17 p.m.•2 views

CVE-2026-45932

7.3CVSS0.00011EPSS

Exploits0References3

OSV•added 2026/05/27 2:17 p.m.•1 views

UBUNTU-CVE-2026-45932

7.3CVSS5.7AI score0.00011EPSS

Exploits0References3

NVD•added 2026/05/27 8:16 a.m.•10 views

CVE-2026-3279

The Enable jQuery Migrate Helper plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the downgradejqueryversion function in all versions up to, and including, 1.4.1. This is due to the function only verifying a nonce without checking user...

6.5CVSS0.00032EPSS

Exploits0References5

NVD•added 2026/05/27 8:16 a.m.•7 views

CVE-2026-3895

The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lvcaadminajax AJAX action in all versions up to, and including, 3.9.4 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce b...

6.4CVSS0.0003EPSS

Exploits0References4

NVD•added 2026/05/27 7:16 a.m.•8 views

CVE-2026-9014

The WP Promoter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetstats function in versions up to, and including, 1.3. The function is hooked to both the wpajaxwpp-resetstats and wpajaxnoprivwpp-resetstats actions and contains n...

5.3CVSS0.0007EPSS

Exploits0References3

Cvelist•added 2026/05/27 6:46 a.m.•45 views

CVE-2026-3279 Enable jQuery Migrate Helper <= 1.4.1 - Missing Authorization to Authenticated (Subscriber+) jQuery Version Downgrade

6.5CVSS0.00032EPSS

Exploits0References5

Vulnrichment•added 2026/05/27 6:46 a.m.•4 views

CVE-2026-3279 Enable jQuery Migrate Helper <= 1.4.1 - Missing Authorization to Authenticated (Subscriber+) jQuery Version Downgrade

6.5CVSS5.8AI score0.00032EPSS

Exploits0References5

Rows per page