CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

WPVulnDB•added 3 days ago•4 views

DearFlip – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer <= 2.4.28 - Missing Authorization

Description The DearFlip – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.4.28. This makes it possible for authenticated attackers, with contributor-leve...

4.3CVSS5.8AI score0.00028EPSS

Exploits0References1

NVD•added 6 days ago•5 views

CVE-2025-12714

The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the updatesiteeditorhomepage function in all versions up to, and including, 1.0.271. This makes it possible for unauthenticated attackers to...

5.3CVSS0.00057EPSS

Exploits0References6

ATTACKERKB•added 6 days ago•4 views

CVE-2025-12714

5.3CVSS5.8AI score0.00057EPSS

Exploits0References7

Cvelist•added 6 days ago•25 views

CVE-2025-12714 Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.271 - Missing Authorization to Unauthenticated Homepage Settings Modification

5.3CVSS0.00057EPSS

Exploits0References6

EUVD•added 6 days ago•5 views

EUVD-2025-209984

5.3CVSS5.8AI score0.00057EPSS

Exploits0References6

Vulnrichment•added 2026/05/27 11:26 p.m.•4 views

CVE-2026-4888 Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder <= 3.4.7 - Missing Authorization to Authenticated (Subscriber+) Email Sending

The Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the sendtestemail function in all versions up to, and including, 3.4.7. This makes it possible for authenticated...

4.3CVSS5.9AI score0.0001EPSS

ATTACKERKB•added 2026/05/27 11:26 p.m.•8 views

CVE-2026-4888

4.3CVSS5.9AI score0.0001EPSS

NVD•added 2026/05/27 8:16 a.m.•10 views

CVE-2026-3279

The Enable jQuery Migrate Helper plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the downgradejqueryversion function in all versions up to, and including, 1.4.1. This is due to the function only verifying a nonce without checking user...

6.5CVSS0.00032EPSS

Exploits0References5

NVD•added 2026/05/27 7:16 a.m.•8 views

CVE-2026-9014

The WP Promoter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetstats function in versions up to, and including, 1.3. The function is hooked to both the wpajaxwpp-resetstats and wpajaxnoprivwpp-resetstats actions and contains n...

5.3CVSS0.0007EPSS

Cvelist•added 2026/05/27 6:46 a.m.•45 views

CVE-2026-3279 Enable jQuery Migrate Helper <= 1.4.1 - Missing Authorization to Authenticated (Subscriber+) jQuery Version Downgrade

6.5CVSS0.00032EPSS

Exploits0References5

Vulnrichment•added 2026/05/27 6:46 a.m.•4 views

CVE-2026-3279 Enable jQuery Migrate Helper <= 1.4.1 - Missing Authorization to Authenticated (Subscriber+) jQuery Version Downgrade

6.5CVSS5.8AI score0.00032EPSS

Exploits0References5

Positive Technologies•added 2026/05/27 12:0 a.m.•7 views

PT-2026-43539

The WP Promoter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reset stats function in versions up to, and including, 1.3. The function is hooked to both the wp ajax wpp-reset stats and wp ajax nopriv wpp-reset stats actions and...

5.3CVSS5.8AI score0.0007EPSS

Exploits0References4

RedhatCVE•added 2026/05/26 8:14 p.m.•9 views

CVE-2026-6897

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember\Features\TeamAccounts::savesettings' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated attackers, with...

EUVD•added 2026/05/23 4:27 a.m.•8 views

Exploits0References1

EUVD-2026-31525

ATTACKERKB•added 2026/05/23 4:27 a.m.•8 views

CVE-2026-6897

EUVD•added 2026/05/23 4:27 a.m.•9 views

EUVD-2026-31523

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember3Hooks::generateapikey' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated attackers, with...

RedhatCVE•added 2026/05/22 8:12 p.m.•8 views

CVE-2026-4843

The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the processajaxrestoreaction function in all versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS5.8AI score0.0001EPSS

Exploits0References1

EUVD•added 2026/05/21 7:29 p.m.•8 views

EUVD-2026-31333

4.3CVSS5.8AI score0.0001EPSS

CVE•added 2026/05/21 7:29 p.m.•8 views

CVE-2026-4843

The CVE-2026-4843 entry concerns the WordPress plugin “GSheet For Woo Importer.” All versions up to 2.3.1 are affected by a missing capability check in process_ajax_restore_action(), enabling authenticated users with Subscriber-level access or higher to delete the plugin’s Google Sheets API token...

4.3CVSS5.8AI score0.0001EPSS