CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6235 matches found

CVE•added 2026/03/23 10:25 p.m.•14 views

CVE-2026-4066

The CVE concerns the Smart Custom Fields plugin for WordPress (affected: all versions up to and including 5.0.6). A missing capability check in relational_posts_search() allows authenticated users with Contributor-level access or higher to read private and draft posts from other authors via the s...

4.3CVSS5.8AI score0.00289EPSS

Exploits0References5

Vulnrichment•added 2026/03/23 10:25 p.m.•3 views

CVE-2026-4066 Smart Custom Fields <= 5.0.6 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Relational Post Search

The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relationalpostssearch function in all versions up to, and including, 5.0.6. This makes it possible for authenticated attackers, with Contributor-level access and abov...

4.3CVSS5.8AI score0.00289EPSS

Exploits0References5

Patchstack•added 2026/03/23 7:51 p.m.•5 views

WordPress WP Posts Re-order plugin <= 1.0 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin WP Posts Re-order versions = 1.0...

4.3CVSS5.8AI score0.0014EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/03/23 7:11 p.m.•6 views

WordPress Weaver Show Posts plugin <= 1.8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Additional Classes to Wrap Posts' Widget Setting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'Additional Classes to Wrap Posts' Widget Setting vulnerability discovered by Muqsith Barru - TCC in WordPress Plugin Weaver Show Posts versions = 1.8.1...

4.4CVSS5.8AI score0.00203EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/03/23 4:31 p.m.•7 views

WordPress Show Posts list plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Show Posts list versions = 1.1.0...

6.4CVSS5.8AI score0.00235EPSS

Exploits0References1Affected Software1

Circl•added 2026/03/23 4:13 p.m.•3 views

CVE-2026-21732

creationtimestamp| type| source ---|---|--- 2026-03-23 16:13:34+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhqhcjhvsc2n 2026-03-23 16:14:01+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhqhddhk452s...

9.6CVSS5.8AI score0.00288EPSS

Exploits0References2

Circl•added 2026/03/23 2:38 p.m.•2 views

CVE-2026-33351

creationtimestamp| type| source ---|---|--- 2026-03-23 14:38:32+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhqbylbqeg2k 2026-03-23 15:03:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhqdfezibg2u 2026-03-29 19:40:09+00:00| seen|...

9.1CVSS5.7AI score0.00431EPSS

Exploits1References3

Circl•added 2026/03/23 2:8 p.m.•4 views

CVE-2026-3635

creationtimestamp| type| source ---|---|--- 2026-03-23 14:08:43+00:00| seen| https://bsky.app/profile/ulisesgascon.com/post/3mhqadbkbw22i 2026-03-23 14:10:58+00:00| seen| https://bsky.app/profile/ulisesgascon.com/post/3mhqahaep2k2i 2026-03-23 16:03:12+00:00| seen|...

6.1CVSS5.7AI score0.0012EPSS

Exploits0References3

Circl•added 2026/03/23 11:20 a.m.•2 views

CVE-2026-32968

creationtimestamp| type| source ---|---|--- 2026-03-23 11:20:00+00:00| seen| https://infosec.exchange/users/certvde/statuses/116278217950836584 2026-03-23 11:20:05+00:00| seen| https://bsky.app/profile/certvde.infosec.exchange.ap.brid.gy/post/3mhpwvnutx3d2 2026-03-23 11:20:27+00:00| seen|...

9.8CVSS5.8AI score0.00546EPSS

Exploits0References10

Circl•added 2026/03/23 11:20 a.m.•3 views

CVE-2026-32969

7.5CVSS5.8AI score0.00443EPSS

Exploits0References8

Circl•added 2026/03/23 6:18 a.m.•2 views

CVE-2026-4599

creationtimestamp| type| source ---|---|--- 2026-03-23 06:18:36+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhpg2nrlsg2s 2026-03-23 06:44:51+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhphjlw4wc2v 2026-03-23 10:30:27+00:00| seen|...

9.3CVSS5.8AI score0.00345EPSS

Exploits1References4

Circl•added 2026/03/23 4:17 a.m.•4 views

CVE-2026-4606

creationtimestamp| type| source ---|---|--- 2026-03-23 04:17:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhp7cm3x7o2d 2026-03-23 04:30:28+00:00| seen| https://infosec.exchange/users/offseq/statuses/116276607585520950 2026-03-23 04:30:30+00:00| seen|...

10CVSS5.8AI score0.00298EPSS

Exploits0References6

Circl•added 2026/03/23 12:0 a.m.•3 views

CVE-2026-2580

creationtimestamp| type| source ---|---|--- 2026-03-23 00:00:39+00:00| seen| https://infosec.exchange/users/offseq/statuses/116275546574992774 2026-03-23 00:00:41+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mhoqwucgs226 2026-03-23 00:45:01+00:00| seen|...

7.5CVSS5.8AI score0.00444EPSS

Exploits0References5

Positive Technologies•added 2026/03/23 12:0 a.m.•6 views

PT-2026-27252

The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relational posts search function in all versions up to, and including, 5.0.6. This makes it possible for authenticated attackers, with Contributor-level access and...

4.3CVSS5.8AI score0.00289EPSS

Exploits0References7

CNNVD•added 2026/03/23 12:0 a.m.•5 views

WordPress plugin Smart Custom Fields 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00289EPSS

Exploits0References5

Circl•added 2026/03/22 11:8 p.m.•14 views

CVE-2026-33648

creationtimestamp| type| source ---|---|--- 2026-03-22 23:08:45+00:00| published-proof-of-concept| https://github.com/WWBN/AVideo/security/advisories/GHSA-5m4q-5cvx-36mw 2026-03-23 19:23:24+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhqrvxr6772u 2026-03-23 19:40:56+00:0...

8.8CVSS5.7AI score0.00612EPSS

Exploits1References7

Circl•added 2026/03/22 2:33 a.m.•4 views

CVE-2026-4457

creationtimestamp| type| source ---|---|--- 2026-03-22 02:33:57+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhmizz6v2y2s 2026-03-22 02:34:36+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhmj36tprk2c 2026-03-24 01:00:00+00:00| seen|...

8.8CVSS5.7AI score0.00306EPSS

Exploits0References3

Circl•added 2026/03/22 2:33 a.m.•2 views

CVE-2026-4456

creationtimestamp| type| source ---|---|--- 2026-03-22 02:33:49+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhmizrvolb2n 2026-03-22 02:34:29+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhmj2xueev2s 2026-03-24 01:00:00+00:00| seen|...

8.8CVSS5.7AI score0.00253EPSS

Exploits0References3

Circl•added 2026/03/21 11:18 p.m.•5 views

CVE-2026-3629

creationtimestamp| type| source ---|---|--- 2026-03-21 23:18:13+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhm63zbpdo2h 2026-03-21 23:54:22+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhma4nxwhe2z 2026-03-22 01:44:18+00:00| seen|...

8.1CVSS5.7AI score0.00418EPSS

Exploits1References6

Circl•added 2026/03/21 9:0 p.m.•3 views

CVE-2026-32056

creationtimestamp| type| source ---|---|--- 2026-03-21 21:00:38+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhlwfz3aoi2x 2026-03-21 22:00:46+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhlzrjirtz25 2026-03-21 22:16:23+00:00| seen|...

9.8CVSS5.8AI score0.00559EPSS

Exploits0References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by