CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

316 matches found

Ads Pro Plugin <= 4.88 - Unauthenticated SQL Injection

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the 'aid' parameter in all versions up to, and including, 4.88 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

7.5CVSS7.3AI score0.2154EPSS

Exploits0References3

Nuclei•added 6 hours ago•23 views

Ads Pro Plugin <= 4.89 - Local File Inclusion

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.89 via the 'bsatemplate' parameter of the bsapreviewcallback function. This makes it possible for unauthenticated attackers to includ...

9.8CVSS6.4AI score0.16513EPSS

Exploits1References2

GithubExploit•added 2 days ago•51 views

Exploit for CVE-2026-8732

WP Maps Pro Unauthenticated Stored Cross-Site Scripting CVE-2...

9.8CVSS5.9AI score0.00074EPSS

Exploits5

GithubExploit•added 5 days ago•85 views

Exploit for CVE-2026-8732

CVE-2026-8732 - WP Maps Pro &checktemp=false' 3. Login via...

9.8CVSS5.8AI score0.00074EPSS

Exploits5

EUVD•added 6 days ago•4 views

EUVD-2026-33327

The WP Travel Pro plugin for WordPress is vulnerable to arbitrary user deletion via the /wp-json/wp-travel/v1/travel-guide/userid REST API endpoint in all versions up to, and including, 10.6.0. This is due to the checkpermission callback unconditionally returning true and the Database::delete...

9.1CVSS5.9AI score0.00038EPSS

Exploits0References2

Patchstack•added 6 days ago•12 views

WordPress WP Maps Pro plugin <= 6.0.4 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by David Brown in WordPress Plugin Advanced Google Maps versions = 6.0.4...

9.8CVSS5.8AI score0.00074EPSS

Exploits5References1Affected Software1

ATTACKERKB•added 2026/05/14 8:24 a.m.•5 views

CVE-2026-6514

The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.1.2 via the popupsubmit. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to...

7.5CVSS5.9AI score0.00084EPSS

Exploits0References3

VulnCheck KEV•added 2026/05/04 12:0 a.m.•5 views

VulnCheck KEV: CVE-2025-5339

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘bsaproid’ parameter in all versions up to, and including, 4.89 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

7.5CVSS5.9AI score0.00326EPSS

In wildExploits0References2

Patchstack•added 2026/04/08 12:7 p.m.•1 views

WordPress Blocksy Companion Pro plugin < 2.1.29 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Blocksy Companion Pro versions 2.1.29...

6AI score

Exploits0Affected Software1

Vulnrichment•added 2026/04/08 8:30 a.m.•0 views

CVE-2026-39704 WordPress Precious Metals Automated Product Pricing – Pro plugin <= 4.0.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in nfusionsolutions Precious Metals Automated Product Pricing – Pro precious-metals-automated-product-pricing-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Precious Metals Automated Product Pricing – Pro: from n/...

5.3CVSS5.1AI score0.0004EPSS

Exploits0References1

RedhatCVE•added 2026/03/26 2:58 p.m.•2 views

CVE-2026-4038

The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call that can lead to privilege escalation due to a missing capability check on the 'aiomaticcallaifunctionrealtime' function in all versions up to, and including, 2.7.5. This makes it possible for unauthenticated attackers ...

9.8CVSS5.9AI score0.00109EPSS

Exploits0References1

Positive Technologies•added 2026/03/26 12:0 a.m.•1 views

PT-2026-28198

Name of the Vulnerable Software and Affected Versions Amelia Booking plugin for WordPress versions up to 9.1.2 Description The Amelia Booking plugin for WordPress is susceptible to Insecure Direct Object References. The plugin allows user-controlled access to objects, potentially enabling a user ...

8.8CVSS5.8AI score0.00061EPSS

Exploits0References10

Cvelist•added 2026/03/25 4:14 p.m.•24 views

CVE-2026-25406 WordPress Tutor LMS Pro plugin <= 3.9.4 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeum Tutor LMS Pro tutor-pro allows Authentication Abuse.This issue affects Tutor LMS Pro: from n/a through = 3.9.4...

8.1CVSS0.001EPSS

Exploits0References1

EUVD•added 2026/03/18 6:31 p.m.•3 views

EUVD-2026-12841

The Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eventtype’ parameter in all versions up to, and including, 3.8.0 due to insufficient input sanitization and...

7.2CVSS6AI score0.00122EPSS

Exploits0References4

Cvelist•added 2026/03/18 3:28 p.m.•19 views

CVE-2026-3090 Post SMTP <= 3.8.0 - Unauthenticated Stored Cross-Site Scripting via 'event_type'

7.2CVSS0.00122EPSS

Exploits0References3

Cvelist•added 2026/03/05 5:53 a.m.•26 views

CVE-2026-27396 WordPress Directory Pro plugin <= 2.5.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in e-plugins Directory Pro directory-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directory Pro: from n/a through = 2.5.6...

7.3CVSS0.00054EPSS

Exploits0References1

Vulnrichment•added 2026/03/05 5:53 a.m.•0 views

CVE-2026-27361 WordPress Responsive Posts Carousel Pro plugin <= 15.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in WebCodingPlace Responsive Posts Carousel Pro responsive-posts-carousel-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Posts Carousel Pro: from n/a through = 15.1...

7.5CVSS5.8AI score0.00047EPSS

Exploits0References1

Patchstack•added 2026/02/26 11:47 a.m.•3 views

WordPress Ultimate Learning Pro plugin <= 3.9.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin Ultimate Learning Pro versions = 3.9.1...

7.1CVSS5.9AI score0.00045EPSS

Exploits0Affected Software1

Patchstack•added 2026/02/20 8:12 a.m.•2 views

WordPress Ads Pro plugin <= 5.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Ads Pro versions = 5.0...

5.4CVSS5.4AI score0.00053EPSS

Exploits0Affected Software1

CVE•added 2026/02/19 8:27 a.m.•5 views

CVE-2026-25388

CVE-2026-25388 denotes a Missing Authorization vulnerability in the WordPress Ads Pro plugin (ap-plugin-scripteo), affecting Ads Pro: from n/a through <= 5.0. Connected sources confirm a broken access control/unauthorized access risk but do not reveal concrete exploit vectors, affected version...

5.4CVSS5.4AI score0.00053EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by