CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/02/04 8:25 a.m.•3 views

CVE-2025-15507 Magic Import Document Extractor <= 1.0.5 - Missing Authorization to Unauthenticated Plugin License Status Modification

The Magic Import Document Extractor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxsyncusage function in all versions up to, and including, 1.0.5. This makes it possible for unauthenticated attackers to modify the plugin's...

5.3CVSS5.8AI score0.00307EPSS

Positive Technologies•added 2026/02/04 12:0 a.m.•4 views

PT-2026-6011

Name of the Vulnerable Software and Affected Versions WebPurify Profanity Filter versions up to and including 4.0.2 Description The WebPurify Profanity Filter plugin for WordPress has a flaw that allows unauthorized modification of data. This is due to a missing capability check on the webpurify...

6.5CVSS5.4AI score0.00309EPSS

RedhatCVE•added 2026/02/01 9:18 a.m.•7 views

CVE-2026-1431

The Booking Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wpbcajaxWPBCFLEXTIMELINENAV function in all versions up to, and including, 10.14.13. This makes it possible for unauthenticated attackers to retrieve booking information...

5.3CVSS5.9AI score0.00264EPSS

Exploits0References1

RedhatCVE•added 2026/02/01 3:14 a.m.•8 views

CVE-2025-15510

The NEX-Forms – Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5ExportForms class constructor in all versions up to, and including, 9.1.8. This makes it possible for unauthenticated attackers to export form configuration...

NVD•added 2026/01/31 5:16 a.m.•10 views

Exploits0References1

CVE-2026-1431

5.3CVSS0.00264EPSS

EUVD•added 2026/01/31 4:35 a.m.•5 views

EUVD-2026-5082

5.3CVSS5.9AI score0.00264EPSS

NVD•added 2026/01/31 2:16 a.m.•3 views

CVE-2025-15510

5.3CVSS0.00285EPSS

Cvelist•added 2026/01/31 1:23 a.m.•28 views

CVE-2025-15510 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.8 - Missing Authorization to Unauthenticated Sensitive Information Exposure

5.3CVSS0.00285EPSS

ATTACKERKB•added 2026/01/31 1:23 a.m.•4 views

CVE-2025-15510

EUVD•added 2026/01/31 1:23 a.m.•5 views

EUVD-2025-206597

Positive Technologies•added 2026/01/31 12:0 a.m.•5 views

PT-2026-5500

The NEX-Forms – Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5 Export Forms class constructor in all versions up to, and including, 9.1.8. This makes it possible for unauthenticated attackers to export form...

RedhatCVE•added 2026/01/29 3:18 p.m.•10 views

CVE-2025-15511

The Rupantorpay plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handlewebhook function in all versions up to, and including, 2.0.0. This makes it possible for unauthenticated attackers to modify WooCommerce order statuses by sending...

5.3CVSS5.9AI score0.00205EPSS

Exploits0References1

ATTACKERKB•added 2026/01/28 11:23 a.m.•3 views

CVE-2026-1280

The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfmsendfileinemail' AJAX action in all versions up to, and including, 23.5. This makes it possible for unauthenticated attackers to share arbitrary uploaded files v...

7.5CVSS5.8AI score0.00292EPSS

EUVD•added 2026/01/28 11:23 a.m.•9 views

EUVD-2026-4892

7.5CVSS5.8AI score0.00292EPSS

CVE•added 2026/01/28 6:43 a.m.•11 views

CVE-2026-0832

CVE-2026-0832 concerns the WordPress plugin New User Approve. The vulnerability arises from a missing capability check on multiple REST API endpoints, affecting all versions up to and including 3.2.2. This allows unauthenticated attackers to approve or deny user accounts, access sensitive user da...

7.3CVSS5.9AI score0.00323EPSS

Exploits0References7

Positive Technologies•added 2026/01/28 12:0 a.m.•6 views

PT-2026-5090

The Rupantorpay plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle webhook function in all versions up to, and including, 2.0.0. This makes it possible for unauthenticated attackers to modify WooCommerce order statuses by sendin...

5.3CVSS5.9AI score0.00205EPSS

Positive Technologies•added 2026/01/28 12:0 a.m.•4 views

PT-2026-5093

The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfm send file in email' AJAX action in all versions up to, and including, 23.5. This makes it possible for unauthenticated attackers to share arbitrary uploaded fil...

7.5CVSS5.8AI score0.00292EPSS

Vulnrichment•added 2026/01/27 6:44 a.m.•4 views

CVE-2025-14971 Link Invoice Payment for WooCommerce <= 2.8.0 - Missing Authorization to Unauthenticated Arbitrary Partial Payment Creation/Cancellation

The Link Invoice Payment for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createPartialPayment and cancelPartialPayment functions in all versions up to, and including, 2.8.0. This makes it possible for unauthenticated...

5.3CVSS5.9AI score0.00297EPSS

ATTACKERKB•added 2026/01/27 6:44 a.m.•4 views

CVE-2025-14971

5.3CVSS5.9AI score0.00297EPSS