CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/05/27 5:31 a.m.•30 views

CVE-2026-8911 WP AutoBuzz <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'googleAccount' Parameter

The WP AutoBuzz plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web script...

6.1CVSS0.00145EPSS

EUVD•added 2026/05/27 5:31 a.m.•17 views

EUVD-2026-32071

6.1CVSS5.7AI score0.00145EPSS

CVE•added 2026/05/27 5:31 a.m.•18 views

CVE-2026-8903

The CVE concerns the WordPress plugin “Two-factor authentication (formerly IP Vault)” up to version 2.1. It is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation in ipv_save_changes. This allows unauthenticated attackers to modify the plugin’s firewall and two-f...

4.3CVSS5.7AI score0.00139EPSS

EUVD•added 2026/05/27 5:31 a.m.•12 views

EUVD-2026-32068

The GoStats for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the gostatsmanage function. This makes it possible for unauthenticated attackers to update the plugin's...

Vulnrichment•added 2026/05/27 5:31 a.m.•10 views

CVE-2026-8943 GoStats for WordPress <= 1.4 - Cross-Site Request Forgery via gostats_manage() Function

ATTACKERKB•added 2026/05/27 5:31 a.m.•7 views

CVE-2026-8943

Vulnrichment•added 2026/05/27 5:31 a.m.•11 views

CVE-2026-8941 CDN Linker lite <= 1.3.1 - Cross-Site Request Forgery to Plugin Settings Update

The CDN Linker lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the ossdloffoptions function. This makes it possible for unauthenticated attackers to update the plugin's settings ...

ATTACKERKB•added 2026/05/27 5:31 a.m.•8 views

CVE-2026-8941

Cvelist•added 2026/05/27 5:31 a.m.•30 views

CVE-2026-8943 GoStats for WordPress <= 1.4 - Cross-Site Request Forgery via gostats_manage() Function

4.3CVSS0.0014EPSS

EUVD•added 2026/05/27 5:31 a.m.•10 views

EUVD-2026-32067

CVE•added 2026/05/27 5:31 a.m.•17 views

CVE-2026-8943

GoStats for WordPress plugin for WordPress is vulnerable to Cross‑Site Request Forgery in all versions up to 1.4 due to missing or incorrect nonce validation in gostats_manage(). This allows unauthenticated attackers to modify settings (gostats_siteid, gostats_server) via forged requests if a sit...

Cvelist•added 2026/05/27 5:31 a.m.•31 views

CVE-2026-8941 CDN Linker lite <= 1.3.1 - Cross-Site Request Forgery to Plugin Settings Update

4.3CVSS0.0014EPSS

CVE•added 2026/05/27 5:31 a.m.•18 views

CVE-2026-8941

The CVE concerns the WordPress plugin CDN Linker lite (

EUVD•added 2026/05/27 5:31 a.m.•9 views

EUVD-2026-32060

The auto making JSON-LD plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the amJLcertification function. This makes it possible for unauthenticated attackers to update the plugin's...

ATTACKERKB•added 2026/05/27 5:31 a.m.•7 views

CVE-2026-8939

The Search Simple Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the searchsimplefieldsoptions function in functionsadmin.php. This makes it possible for unauthenticated attacke...

Vulnrichment•added 2026/05/27 5:31 a.m.•7 views

CVE-2026-8938 auto making JSON-LD <= 4.5.3 - Cross-Site Request Forgery to Plugin Certification Settings via Nonce Validation Bypass

CVE•added 2026/05/27 5:31 a.m.•17 views

CVE-2026-8938

The CVE-2026-8938 entry concerns the WordPress plugin “auto making JSON-LD” (versions