CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5230 matches found

Positive Technologies•added 2026/01/20 12:0 a.m.•5 views

PT-2026-3533

The Custom Fonts – Host Your Fonts Locally plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'BCF Google Fonts Compatibility' class constructor function in all versions up to, and including, 2.1.16. This makes it possible for unauthenticated...

5.3CVSS5.5AI score0.00232EPSS

Exploits0References4

Positive Technologies•added 2026/01/20 12:0 a.m.•7 views

PT-2026-3572

The Creator LMS – The LMS for Creators, Coaches, and Trainers plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check in the get items permissions check function in all versions up to, and including, 1.1.12...

8.8CVSS5.7AI score0.00271EPSS

Exploits0References3

Positive Technologies•added 2026/01/20 12:0 a.m.•4 views

PT-2026-3574

Name of the Vulnerable Software and Affected Versions Tutor LMS versions prior to 3.9.5 Description The Tutor LMS plugin for WordPress allows authenticated attackers with subscriber-level access or higher to delete arbitrary attachments on a site. This is due to a missing capability check within...

5.4CVSS5.5AI score0.00247EPSS

Exploits0References5

RedhatCVE•added 2026/01/18 5:26 a.m.•14 views

CVE-2025-12168

The Phrase TMS Integration for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxdeletelog' AJAX endpoint in all versions up to, and including, 4.7.5. This makes it possible for authenticated attackers, with...

4.3CVSS5AI score0.00161EPSS

Exploits0References1

RedhatCVE•added 2026/01/18 5:26 a.m.•4 views

CVE-2025-12825

The User Registration Using Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getcf7formdata' function in all versions up to, and including, 2.5. This makes it possible for unauthenticated attackers to retrieve form settings...

5.3CVSS5.3AI score0.00535EPSS

Exploits0References1

RedhatCVE•added 2026/01/18 2:26 a.m.•6 views

CVE-2025-14450

The Wallet System for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'changewalletfundrequeststatuscallback' function in all versions up to, and including, 2.7.2. This makes it possible for authenticated attackers, with...

6.5CVSS5.1AI score0.00214EPSS

Exploits0References1

RedhatCVE•added 2026/01/17 7:15 a.m.•5 views

CVE-2026-0942

The Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clearOrderLogs function in all versions up to, and including, 5.1.5. This makes it possible for unauthenticated...

5.3CVSS5.9AI score0.0029EPSS

Exploits0References1

RedhatCVE•added 2026/01/17 5:22 a.m.•10 views

CVE-2025-14384

The All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /aioseo/v1/ai/credits REST route in all versions up to, and including, 4.9.2. This makes it possible for...

4.3CVSS5AI score0.00226EPSS

Exploits0References1

NVD•added 2026/01/17 5:16 a.m.•7 views

CVE-2025-14029

The Community Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxadmineventapproval function in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to approve arbitrary events via t...

5.3CVSS0.0024EPSS

Exploits0References5

ATTACKERKB•added 2026/01/17 4:34 a.m.•2 views

CVE-2025-12825

5.3CVSS5.4AI score0.00535EPSS

Exploits0References3

CVE•added 2026/01/17 4:34 a.m.•23 views

CVE-2025-12825

CVE-2025-12825 affects the WordPress plugin User Registration Using Contact Form 7. The issue is a missing capability check in get_cf7_form_data across all versions up to and including 2.5, enabling unauthorized data access (including Facebook app secrets) by unauthenticated users. Connected sour...

5.3CVSS5AI score0.00535EPSS

Exploits0References2

Cvelist•added 2026/01/17 4:34 a.m.•24 views

CVE-2025-12825 User Registration Using Contact Form 7 <= 2.5 - Authenticated (Subscriber+) Information Exposure

5.3CVSS0.00535EPSS

Exploits0References2

CVE•added 2026/01/17 4:34 a.m.•12 views

CVE-2025-12168

CVE-2025-12168: The Phrase TMS Integration for WordPress plugin (WordPress) contains a missing capability check on the wp_ajax_delete_log endpoint, allowing authenticated users with Subscriber+ access to delete log files. Affected: Phrase TMS Integration for WordPress

4.3CVSS4.7AI score0.00161EPSS

Exploits0References2

EUVD•added 2026/01/17 4:34 a.m.•4 views

EUVD-2026-3154

4.3CVSS4.6AI score0.00161EPSS

Exploits0References3

ATTACKERKB•added 2026/01/17 4:34 a.m.•2 views

CVE-2025-14029

5.3CVSS5.6AI score0.0024EPSS

Exploits0References6

EUVD•added 2026/01/17 4:34 a.m.•4 views

EUVD-2026-3151

5.3CVSS5AI score0.0024EPSS

Exploits0References6

NVD•added 2026/01/17 3:16 a.m.•5 views

CVE-2025-14450

6.5CVSS0.00214EPSS

Exploits0References4

EUVD•added 2026/01/17 2:22 a.m.•5 views

EUVD-2026-3163

6.5CVSS4.7AI score0.00214EPSS

Exploits0References5

ATTACKERKB•added 2026/01/17 2:22 a.m.•3 views

CVE-2025-14450

6.5CVSS5.4AI score0.00214EPSS

Exploits0References5

Positive Technologies•added 2026/01/17 12:0 a.m.•6 views

PT-2026-3339

The Wallet System for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'change wallet fund request status callback' function in all versions up to, and including, 2.7.2. This makes it possible for authenticated attackers,...

6.5CVSS5.1AI score0.00214EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by