CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1736 matches found

Export WP Page to Static HTML <= 4.3.4 - Cookie Exposure

Export WP Page to Static HTML & PDF WordPress plugin = 4.3.4 contains a sensitive information exposure caused by publicly exposed cookies.txt files with authentication cookies, letting unauthenticated attackers access sensitive authentication data, exploit requires site administrator to trigger...

9.8CVSS5.6AI score0.01954EPSS

Exploits0References2

Nuclei•added yesterday•8 views

Giga Messenger WordPress - Cross-Site Scripting

Giga Messenger WordPress plugin = 2.3.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

6.1CVSS7.2AI score0.00561EPSS

Exploits1References2

Nuclei•added yesterday•15 views

WordPress Themify Builder < 7.5.8 - Open Redirect

The Themify Builder WordPress plugin before version 7.5.8 contains an open redirect vulnerability. The plugin does not validate the tbredirectfail parameter before redirecting users to its value, which could allow attackers to redirect users to malicious websites. id: CVE-2024-3032 info: name:...

6.1CVSS5.8AI score0.00823EPSS

Exploits2References2

Cvelist•added 2 days ago•32 views

CVE-2026-57656 WordPress Hester Core plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability

Author Cross Site Scripting XSS in Hester Core = 1.1.8 versions...

5.9CVSS0.0014EPSS

Exploits0References1

CVE•added 2 days ago•10 views

CVE-2026-57653

CVE-2026-57653 describes a SQL Injection vulnerability in the WordPress plugin WP Job Portal (versions

8.5CVSS5.8AI score0.00211EPSS

Exploits0References1

Cvelist•added 2 days ago•30 views

CVE-2026-57652 WordPress JS Help Desk plugin <= 3.1.0 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in JS Help Desk = 3.1.0 versions...

5.3CVSS0.00187EPSS

Exploits0References1

CVE•added 2 days ago•4 views

CVE-2026-57313

CVE-2026-57313 concerns a Subscriber XSS vulnerability in the WordPress plugin SureCart up to version 4.2.2 . The public records describe an XSS issue affecting subscribers, but do not provide concrete exploit scenarios, affected subcomponents, or a detailed root cause beyond the general class of...

6.5CVSS5.8AI score0.00211EPSS

Exploits0References1

CVE•added 2 days ago•10 views

CVE-2026-56067

CVE-2026-56067 affects WordPress JetSmartFilters plugin versions up to and including 3.8.3. The vulnerability is an unauthenticated SQL Injection in JetSmartFilters (plugin/WP integration). The root cause, as stated in the sources, is a SQL injection flaw that can be exploited without authenticat...

9.3CVSS5.8AI score0.00236EPSS

Exploits0References1

CVE•added 2 days ago•8 views

CVE-2026-56039

The provided connected sources confirm a vulnerability in the WordPress Quick Interest Slider plugin, version

7.1CVSS5.8AI score0.0018EPSS

Exploits0References1

CVE•added 2 days ago•8 views

CVE-2026-24547

The vulnerability CVE-2026-24547 affects the WordPress SiteGround Email Marketing plugin (versions up to and including 1.7.5). It is described as Unauthenticated Broken Access Control, indicating that an attacker could access restricted functionality or data without authentication. The CVSS v3.1 ...

5.3CVSS5.8AI score0.00214EPSS

Exploits0References1

CVE•added 4 days ago•9 views

CVE-2026-57298

CVE-2026-57298: A CSRF in the Jenkins Contrast Continuous Application Security Plugin (version 3.11 and earlier) allows an attacker to cause Jenkins to access an attacker-specified URL using attacker-specified username, API key, and service key. Affected: Jenkins Contrast Continuous Application S...

5.4CVSS5.8AI score0.00101EPSS

Exploits0References1

Patchstack•added 5 days ago•6 views

WordPress Uncanny Automator plugin <= 7.3.1.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by VanTastic in WordPress Plugin Uncanny Automator versions = 7.3.1.2...

8.1CVSS5.9AI score0.00317EPSS

Exploits0Affected Software1

Patchstack•added 6 days ago•8 views

WordPress Branda - White Label & Branding, Free Login Page Customizer plugin <= 3.4.29 - Unauthenticated Privilege Escalation via Account Takeover vulnerability

WordPress Branda - White Label & Branding, Free Login Page Customizer plugin = 3.4.29 - Unauthenticated Privilege Escalation via Account Takeover vulnerability discovered by thevietronin - GalaxyOne in WordPress Plugin Branda versions = 3.4.29...

9.8CVSS5.8AI score0.00625EPSS

Exploits1References1Affected Software1

Patchstack•added 2026/06/17 4:48 p.m.•17 views

WordPress Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More plugin <= 3.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Meher Sudhakar Abbireddi in WordPress Plugin Orbit Fox by ThemeIsle versions = 3.0.6...

4.4CVSS5.2AI score0.00203EPSS

Exploits0References1Affected Software1

CVE•added 2026/06/17 9:51 a.m.•17 views

CVE-2026-54196

Technical details are not publicly provided in the supplied documents. Monitor for updates on affected versions, impact, and fixes.

6.8CVSS5.2AI score0.00211EPSS

Exploits0References1

CVE•added 2026/06/15 8:19 p.m.•16 views

CVE-2026-52692

Affected software: WordPress Affiliates Manager plugin (WordPress)

7.5CVSS5.2AI score0.00238EPSS

Exploits0References1