CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/05/15 7:46 a.m.•17 views

EUVD-2026-30515

6.5CVSS5.8AI score0.00262EPSS

NVD•added 2026/05/15 7:16 a.m.•19 views

CVE-2026-4094

The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the 'adminhead' function in all versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with Contributor-lev...

8.1CVSS0.00273EPSS

Positive Technologies•added 2026/05/15 12:0 a.m.•10 views

PT-2026-41268

Name of the Vulnerable Software and Affected Versions FOX – Currency Switcher Professional for WooCommerce versions prior to 1.4.6 Description The plugin is susceptible to unauthorized data loss because the admin head function lacks a proper capability check. Authenticated users with...

8.1CVSS5.8AI score0.00273EPSS

Exploits0References8

NVD•added 2026/05/13 2:17 p.m.•5 views

CVE-2026-4609

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the pminviteuser function in all versions up to, and including, 5.9.8.4. This makes it possible for authenticated attackers, with Subscriber-level...

7.1CVSS0.00219EPSS

EUVD•added 2026/05/13 1:27 p.m.•41 views

EUVD-2026-29954

7.1CVSS5.8AI score0.00219EPSS

ATTACKERKB•added 2026/05/13 1:27 p.m.•3 views

CVE-2026-4609

7.1CVSS5.8AI score0.00219EPSS

Exploits0References5

NVD•added 2026/05/13 1:1 p.m.•6 views

CVE-2026-2515

The Hostinger Reach – AI-Powered Email Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handleajaxaction' function in all versions up to, and including, 1.3.8. This makes it possible for authenticated...

5.3CVSS0.00252EPSS

Vulnrichment•added 2026/05/13 8:26 a.m.•3 views

CVE-2026-2515 Hostinger Reach <= 1.3.8 - Missing Authorization to Authenticated (Subscriber+) Integration API Key Update

ATTACKERKB•added 2026/05/13 8:26 a.m.•6 views

CVE-2026-2515

Cvelist•added 2026/05/13 8:26 a.m.•36 views

Exploits0References5

CVE-2026-2515 Hostinger Reach <= 1.3.8 - Missing Authorization to Authenticated (Subscriber+) Integration API Key Update

5.3CVSS0.00252EPSS

CVE•added 2026/05/13 8:26 a.m.•11 views

CVE-2026-2515

The Hostinger Reach plugin for WordPress (v

EUVD•added 2026/05/13 8:26 a.m.•6 views

EUVD-2026-29918

NVD•added 2026/05/13 6:16 a.m.•5 views

CVE-2025-14033

The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getticketcontentcallback' function in all versions up to, and including, 1.3.0. This makes it possible for unauthenticated attackers to view any...

5.3CVSS0.00256EPSS

CVE•added 2026/05/13 5:29 a.m.•9 views

CVE-2025-14033

CVE-2025-14033 affects the WordPress plugin “ilGhera Support System for WooCommerce” (woocommerce integration) with versions up to and including 1.3.0. The vulnerability is a missing capability check in get_ticket_content_callback, allowing unauthenticated attackers to read any support ticket con...

5.3CVSS5.8AI score0.00256EPSS

ATTACKERKB•added 2026/05/13 5:29 a.m.•5 views

CVE-2025-14033

5.3CVSS5.8AI score0.00256EPSS

Exploits0References7

Cvelist•added 2026/05/13 5:29 a.m.•44 views

CVE-2025-14033 ilGhera Support System for WooCommerce <= 1.3.0 - Missing Authorization to Unauthenticated Sensitive Information Exposure

5.3CVSS0.00256EPSS

EUVD•added 2026/05/13 5:29 a.m.•17 views

EUVD-2025-209822

5.3CVSS5.8AI score0.00256EPSS