CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8659 matches found

ATTACKERKB•added 2026/05/20 1:25 a.m.•10 views

CVE-2026-6391

The Sentence To SEO keywords, description and tags plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the createadminpage function. This makes it possible for unauthenticated attackers...

6.1CVSS5.7AI score0.0002EPSS

Exploits0References10

Cvelist•added 2026/05/20 1:25 a.m.•33 views

CVE-2026-6391 Sentence To SEO (keywords, description and tags) <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Page Parameters

6.1CVSS0.0002EPSS

Exploits0References9

EUVD•added 2026/05/20 1:25 a.m.•11 views

EUVD-2026-31028

The BLOGCHAT Chat System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious...

6.1CVSS5.7AI score0.0002EPSS

Exploits0References9

EUVD•added 2026/05/20 1:25 a.m.•10 views

EUVD-2026-31031

6.1CVSS5.7AI score0.0002EPSS

Exploits0References9

Vulnrichment•added 2026/05/20 1:25 a.m.•5 views

CVE-2026-8420 BLOGCHAT Chat System <= 1.3.6.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Update

6.1CVSS5.7AI score0.0002EPSS

Exploits0References9

Vulnrichment•added 2026/05/20 1:25 a.m.•6 views

CVE-2026-6391 Sentence To SEO (keywords, description and tags) <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Page Parameters

6.1CVSS5.7AI score0.0002EPSS

Exploits0References9

CVE•added 2026/05/20 1:25 a.m.•11 views

CVE-2026-8420

The BLOGCHAT Chat System WordPress plugin (versions up to and including 1.3.6.3) is affected by a Cross-Site Request Forgery vulnerability due to missing or incorrect nonce validation on a function. This enables unauthenticated attackers to update settings and inject malicious web scripts via a f...

6.1CVSS5.7AI score0.0002EPSS

Exploits0References9

CVE•added 2026/05/20 1:25 a.m.•11 views

CVE-2026-6391

The WordPress plugin Sentence To SEO (keywords, description and tags)

6.1CVSS5.7AI score0.0002EPSS

Exploits0References9

EUVD•added 2026/05/20 1:25 a.m.•8 views

EUVD-2026-31029

The TypeSquare Webfonts for ConoHa plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS5.7AI score0.0003EPSS

Exploits0References4

Vulnrichment•added 2026/05/20 1:25 a.m.•4 views

CVE-2026-8610 TypeSquare Webfonts for ConoHa <= 2.0.4 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Modification via 'fontThemeUseType' Parameter

4.3CVSS5.7AI score0.0003EPSS

Exploits0References4

CVE•added 2026/05/20 1:25 a.m.•11 views

CVE-2026-8423

The JaviBola Custom Theme Test plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in all versions up to and including 2.0.5 due to missing/incorrect nonce validation on the options page. This allows unauthenticated attackers to change the site’s active theme by modifying the ...

4.3CVSS5.7AI score0.00007EPSS

Exploits0References7

ATTACKERKB•added 2026/05/20 1:25 a.m.•4 views

CVE-2026-6452

The Bigfishgames Syndicate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the bigfishgamessyndicatesubmenu function. This makes it possible for unauthenticated attackers to reset...

4.3CVSS5.7AI score0.00014EPSS

Exploits0References6

EUVD•added 2026/05/20 1:25 a.m.•7 views

EUVD-2026-31025

The JaviBola Custom Theme Test plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation on the options page. This makes it possible for unauthenticated attackers to change the site's active...

4.3CVSS5.7AI score0.00007EPSS

Exploits0References7

CVE•added 2026/05/20 1:25 a.m.•15 views

CVE-2026-6452

The CVE-2026-6452 entry describes a Cross-Site Request Forgery in the WordPress plugin Bigfishgames Syndicate (versions

4.3CVSS5.7AI score0.00014EPSS

Exploits0References5

Cvelist•added 2026/05/20 1:25 a.m.•38 views

CVE-2026-6452 Bigfishgames Syndicate <= 1.2 - Cross-Site Request Forgery to Settings Reset and Update

4.3CVSS0.00014EPSS

Exploits0References5

Cvelist•added 2026/05/20 1:25 a.m.•36 views

CVE-2026-8423 JaviBola Custom Theme Test <= 2.0.5 - Cross-Site Request Forgery

4.3CVSS0.00007EPSS

Exploits0References7

EUVD•added 2026/05/20 1:25 a.m.•10 views

EUVD-2026-31021

4.3CVSS5.7AI score0.00014EPSS

Exploits0References5

Cvelist•added 2026/05/20 1:25 a.m.•36 views

CVE-2026-8418 Games Catalog <= 1.2.0 - Cross-Site Request Forgery to Arbitrary Game/Post Deletion

The Games Catalog plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the gccrud function which handles the delete action action=delete via a GET request without any wpverifynonce /...

4.3CVSS0.00016EPSS

Exploits0References7

ATTACKERKB•added 2026/05/20 1:25 a.m.•4 views

CVE-2026-8418

4.3CVSS5.9AI score0.00016EPSS

Exploits0References8

Vulnrichment•added 2026/05/20 1:25 a.m.•6 views

CVE-2026-8418 Games Catalog <= 1.2.0 - Cross-Site Request Forgery to Arbitrary Game/Post Deletion

4.3CVSS5.9AI score0.00016EPSS

Exploits0References7

Rows per page