CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/05/12 9:16 a.m.•11 views

CVE-2026-2993

The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4.17 due to insufficient escaping on user supplied parameters and lack of sufficient preparation on the existing SQL query in the getListForTbl function. This makes...

7.5CVSS0.00171EPSS

Exploits0References19

OSV•added 2026/05/12 8:52 a.m.•2 views

BIT-PGBOUNCER-2026-6665 PgBouncer buffer overflow in SCRAM

The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM server-final-message with a long nonce can trigger a stack overflow...

9.8CVSS6AI score0.00022EPSS

Exploits0References2

Vulnrichment•added 2026/05/12 7:48 a.m.•3 views

CVE-2026-6710 Skysa Text Ticker App <= 1.4 - Cross-Site Request Forgery to Settings Modification via 'Save Settings' Form

The Skysa Text Ticker App plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the SkysaAppsAdminAppPage function. This makes it possible for unauthenticated attackers to trick a site...

CVE•added 2026/05/12 7:48 a.m.•14 views

CVE-2026-6710

The Skysa Text Ticker App WordPress plugin (versions

ATTACKERKB•added 2026/05/12 7:48 a.m.•5 views

CVE-2026-6710

ATTACKERKB•added 2026/05/12 7:48 a.m.•3 views

Exploits0References6

CVE-2026-5693

5.3CVSS5.9AI score0.0005EPSS

Cvelist•added 2026/05/12 7:48 a.m.•33 views

CVE-2026-5693 Smart Appointment & Booking <= 1.0.8 - Missing Authorization to Unauthenticated Arbitrary Booking Cancellation

5.3CVSS0.0005EPSS

CVE•added 2026/05/12 7:48 a.m.•13 views

CVE-2026-5693

CVE-2026-5693: The WordPress plugin Smart Appointment & Booking (versions ≤ 1.0.8) is vulnerable to unauthorized data modification due to a missing capability check and a faulty nonce validation in saab_cancel_booking(). The nonce check uses AND (&&) instead of OR (||), allowing unauthenticated a...

5.3CVSS5.9AI score0.0005EPSS

Vulnrichment•added 2026/05/12 7:48 a.m.•4 views

CVE-2026-5693 Smart Appointment & Booking <= 1.0.8 - Missing Authorization to Unauthenticated Arbitrary Booking Cancellation

5.3CVSS5.9AI score0.0005EPSS

CVE•added 2026/05/12 7:48 a.m.•14 views

CVE-2026-6932

CVE-2026-6932 affects the WordPress plugin WooCommerce Minimum Weight (versions

4.3CVSS5.7AI score0.00028EPSS

ATTACKERKB•added 2026/05/12 7:48 a.m.•7 views

CVE-2026-6932

The Woo Commerce Minimum Weight plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.0.1. This is due to missing nonce verification on the settings update handler in edit-weight.php. This makes it possible for unauthenticated attackers to modify t...

4.3CVSS5.7AI score0.00028EPSS

Exploits0References6

Cvelist•added 2026/05/12 7:48 a.m.•32 views

CVE-2026-6709 Coinbase Commerce for Contact Form 7 <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) API Key Modification via 'cccf7_api_key' Parameter

The Coinbase Commerce for Contact Form 7 plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.1.2. This is due to a missing capability check and missing nonce verification in the savesettings function, which is registered on the adminpostcccf7savesettings...

4.3CVSS0.00041EPSS

Exploits0References7

Vulnrichment•added 2026/05/12 7:48 a.m.•6 views

CVE-2026-6709 Coinbase Commerce for Contact Form 7 <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) API Key Modification via 'cccf7_api_key' Parameter

4.3CVSS5.8AI score0.00041EPSS

Exploits0References7

Vulnrichment•added 2026/05/12 7:48 a.m.•5 views

CVE-2026-7616 Zawgyi Embed <= 2.1.1 - Cross-Site Request Forgery via 'zawgyi_forceCSS' Parameter

The Zawgyi Embed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the zawgyiadminpage function. This makes it possible for unauthenticated attackers to update the plugin's...

ATTACKERKB•added 2026/05/12 7:48 a.m.•5 views

CVE-2026-7561

The Tm – WordPress Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicio...

6.1CVSS5.7AI score0.00017EPSS

Exploits0References8

CVE•added 2026/05/12 7:48 a.m.•9 views

CVE-2026-7616

The CVE-2026-7616 entry concerns the WordPress Zawgyi Embed plugin (versions up to 2.1.1). The root cause is missing or incorrect nonce validation in the zawgyi_adminpage function, enabling Cross-Site Request Forgery. This allows unauthenticated attackers to modify the plugin’s zawgyi_forceCSS se...

Cvelist•added 2026/05/12 7:48 a.m.•36 views

CVE-2026-7561 Tm – WordPress Redirection <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1CVSS0.00017EPSS

Exploits0References7

Cvelist•added 2026/05/12 7:48 a.m.•39 views

CVE-2026-7616 Zawgyi Embed <= 2.1.1 - Cross-Site Request Forgery via 'zawgyi_forceCSS' Parameter

4.3CVSS0.00015EPSS