CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4373 matches found

RedhatCVE•added 2026/02/15 7:10 a.m.•5 views

CVE-2026-1987

The Scheduler Widget plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.1.6. This is due to the schedulerwidgetajaxsaveevent function lacking proper authorization checks and ownership verification when updating events. This makes it...

5.4CVSS5.5AI score0.00064EPSS

Exploits0References1

NVD•added 2026/02/14 12:15 p.m.•2 views

CVE-2026-2312

The Media Library Folders plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 8.3.6 via the deletemaxgalleriamedia and maxgalleriarenameimage functions due to missing validation on a user controlled key. This makes it possible for...

4.3CVSS0.00013EPSS

Exploits0References2

Vulnrichment•added 2026/02/14 11:24 a.m.•1 views

CVE-2026-2312 Media Library Folders <= 8.3.6 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Attachment Deletion and Rename

4.3CVSS5.5AI score0.00013EPSS

Exploits0References2

Cvelist•added 2026/02/14 11:24 a.m.•20 views

CVE-2026-2312 Media Library Folders <= 8.3.6 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Attachment Deletion and Rename

4.3CVSS0.00013EPSS

Exploits0References2

CVE•added 2026/02/14 11:24 a.m.•4 views

CVE-2026-2312

WordPress Plugin Media Library Folders

4.3CVSS5.5AI score0.00013EPSS

Exploits0References2

NVD•added 2026/02/14 7:16 a.m.•3 views

CVE-2026-1987

5.4CVSS0.00064EPSS

Exploits0References6

Vulnrichment•added 2026/02/14 6:42 a.m.•3 views

CVE-2026-1987 Scheduler Widget <= 0.1.6 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Event Modification

5.4CVSS5.6AI score0.00064EPSS

Exploits0References6

CVE•added 2026/02/14 6:42 a.m.•15 views

CVE-2026-1987

The PatchStack entry identifies a vulnerability in WordPress Scheduler Widget plugin (versions

5.4CVSS5.5AI score0.00064EPSS

Exploits0References6

ATTACKERKB•added 2026/02/14 6:42 a.m.•3 views

CVE-2026-1987

5.4CVSS5.5AI score0.00064EPSS

Exploits0References7

Cvelist•added 2026/02/14 6:42 a.m.•28 views

CVE-2026-1987 Scheduler Widget <= 0.1.6 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Event Modification

5.4CVSS0.00064EPSS

Exploits0References6

NVD•added 2026/02/14 4:15 a.m.•3 views

CVE-2025-14608

The WP Last Modified Info plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.5. This is due to the plugin not validating a user's access to a post before modifying its metadata in the 'bulksave' AJAX action. This makes it possible for...

5.3CVSS0.00045EPSS

Exploits0References5

Vulnrichment•added 2026/02/14 3:25 a.m.•1 views

CVE-2025-14608 WP Last Modified Info <= 1.9.5 - Insecure Direct Object Reference to Authenticated (Author+) Post Metadata Modification

5.3CVSS5.7AI score0.00045EPSS

Exploits0References5

CVE•added 2026/02/14 3:25 a.m.•12 views

CVE-2025-14608

CVE-2025-14608 — WP Last Modified Info (WordPress plugin) affects WP Last Modified Info versions

5.3CVSS5.7AI score0.00045EPSS

Exploits0References5

Cvelist•added 2026/02/14 3:25 a.m.•21 views

CVE-2025-14608 WP Last Modified Info <= 1.9.5 - Insecure Direct Object Reference to Authenticated (Author+) Post Metadata Modification

5.3CVSS0.00045EPSS

Exploits0References5

Positive Technologies•added 2026/02/14 12:0 a.m.•5 views

PT-2026-8047

5.3CVSS5.7AI score0.00045EPSS

Exploits0References6

CNNVD•added 2026/02/14 12:0 a.m.•4 views

WordPress plugin Scheduler Widget 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.4CVSS5.8AI score0.00064EPSS

Exploits0References6

Patchstack•added 2026/02/13 11:55 p.m.•4 views

WordPress Media Library Folders plugin <= 8.3.6 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Attachment Deletion and Rename vulnerability

Insecure Direct Object Reference to Authenticated Author+ Arbitrary Attachment Deletion and Rename vulnerability discovered by shivanandsnaidu - naidu computers in WordPress Plugin Media Library Folders versions = 8.3.6...

4.3CVSS5.5AI score0.00013EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/02/13 10:56 p.m.•3 views

WordPress Scheduler Widget plugin <= 0.1.6 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Event Modification vulnerability

Insecure Direct Object Reference to Authenticated Subscriber+ Arbitrary Event Modification vulnerability discovered by MD. TAREQ AHAMED JONY itztrq - Knight Squad in WordPress Plugin Scheduler Widget versions = 0.1.6...

5.4CVSS5.5AI score0.00064EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/02/13 9:58 p.m.•7 views

WordPress WP Last Modified Info plugin <= 1.9.5 - Insecure Direct Object Reference to Authenticated (Author+) Post Metadata Modification vulnerability

Insecure Direct Object Reference to Authenticated Author+ Post Metadata Modification vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin WP Last Modified Info versions = 1.9.5...

5.3CVSS5.4AI score0.00045EPSS

Exploits0References1Affected Software1

CVE•added 2026/02/11 7:54 a.m.•5 views

CVE-2025-10912

CVE-2025-10912 describes an authorization bypass in TemizlikYolda (Saastech Cleaning and Internet Services Inc.) where an attacker can manipulate user-controlled variables to bypass access controls. The CVSS v3.1 base metrics indicate: AV:N, AC:L, PR:L, UI:N, S:U, C:N, I:L, A:L, with a base score...

5.4CVSS5.4AI score0.00053EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by