CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

323 matches found

EUVD•added 2026/03/18 6:31 p.m.•6 views

EUVD-2026-12841

The Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eventtype’ parameter in all versions up to, and including, 3.8.0 due to insufficient input sanitization and...

7.2CVSS6AI score0.00229EPSS

Exploits0References4

Cvelist•added 2026/03/18 3:28 p.m.•21 views

CVE-2026-3090 Post SMTP <= 3.8.0 - Unauthenticated Stored Cross-Site Scripting via 'event_type'

7.2CVSS0.00229EPSS

Exploits0References3

Cvelist•added 2026/03/05 5:53 a.m.•28 views

CVE-2026-27396 WordPress Directory Pro plugin <= 2.5.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in e-plugins Directory Pro directory-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directory Pro: from n/a through = 2.5.6...

7.3CVSS0.00219EPSS

Exploits0References1

Vulnrichment•added 2026/03/05 5:53 a.m.•3 views

CVE-2026-27361 WordPress Responsive Posts Carousel Pro plugin <= 15.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in WebCodingPlace Responsive Posts Carousel Pro responsive-posts-carousel-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Posts Carousel Pro: from n/a through = 15.1...

7.5CVSS5.8AI score0.00312EPSS

Exploits0References1

Patchstack•added 2026/02/26 11:47 a.m.•4 views

WordPress Ultimate Learning Pro plugin <= 3.9.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin Ultimate Learning Pro versions = 3.9.1...

7.1CVSS5.9AI score0.00146EPSS

Exploits0Affected Software1

Patchstack•added 2026/02/20 8:12 a.m.•4 views

WordPress Ads Pro plugin <= 5.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Ads Pro versions = 5.0...

5.4CVSS5.4AI score0.00209EPSS

Exploits0Affected Software1

CVE•added 2026/02/19 8:27 a.m.•9 views

CVE-2026-25388

CVE-2026-25388 denotes a Missing Authorization vulnerability in the WordPress Ads Pro plugin (ap-plugin-scripteo), affecting Ads Pro: from n/a through <= 5.0. Connected sources confirm a broken access control/unauthorized access risk but do not reveal concrete exploit vectors, affected version...

5.4CVSS5.4AI score0.00209EPSS

Exploits0References1

Cvelist•added 2026/02/19 8:27 a.m.•30 views

CVE-2026-25388 WordPress Ads Pro plugin <= 5.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in scripteo Ads Pro ap-plugin-scripteo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ads Pro: from n/a through = 5.0...

5.4CVSS0.00209EPSS

Exploits0References1

RedhatCVE•added 2026/02/15 1:19 a.m.•11 views

CVE-2026-1844

The PixelYourSite PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pysTrafficSource' parameter and the 'pyslandingpage' parameter in all versions up to, and including, 12.4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS5.7AI score0.00283EPSS

Exploits1References1

ATTACKERKB•added 2026/01/17 2:22 a.m.•4 views

CVE-2025-12002

The Feeds for YouTube Pro plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.6.0 via the 'sbycheckwpsubmit' AJAX action. This is due to insufficient sanitization of user-supplied data and the use of that data in a file operation. This makes it possib...

5.9CVSS5.6AI score0.00384EPSS

Exploits0References8

RedhatCVE•added 2026/01/07 9:13 a.m.•5 views

CVE-2024-2237

The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Global Badge module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

6.4CVSS5.8AI score0.00423EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:13 a.m.•6 views

CVE-2024-2000

The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'navigationdots' parameter of the Multi Scroll Widget in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.8AI score0.00423EPSS

Exploits0References1

Vulnrichment•added 2026/01/05 4:50 p.m.•3 views

CVE-2025-39561 WordPress LoginWP - Pro Plugin <= 4.0.8.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Marketing Fire, LLC LoginWP - Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LoginWP - Pro: from n/a through 4.0.8.5...

6.5CVSS5.2AI score0.00196EPSS

Exploits0References1

Patchstack•added 2025/12/31 12:0 a.m.•5 views

WordPress Ads Pro plugin <= 4.89 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Ads Pro versions = 4.89...

7.5CVSS5.9AI score0.00327EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2025/12/18 7:22 a.m.•3 views

CVE-2025-64213 WordPress MasterStudy LMS Pro plugin < 4.7.16 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Retrieve Embedded Sensitive Data.This issue affects MasterStudy LMS Pro: from n/a through 4.7.16...

7.5CVSS6.5AI score0.00303EPSS

Exploits0References1

CVE•added 2025/12/16 8:12 a.m.•5 views

CVE-2025-64243

CVE-2025-64243 concerns the WordPress plugin Directory Pro (versions

4.3CVSS6.6AI score0.00185EPSS

Exploits0References1

EUVD•added 2025/12/16 5:25 a.m.•5 views

EUVD-2025-203498

The Dokan Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /dokan/v1/wholesale/register REST API endpoint in all versions up to, and including, 4.1.3. This makes it possible for unauthenticated attackers to enumerate users and retrieve...

5.3CVSS4.7AI score0.00205EPSS

Exploits0References3

Positive Technologies•added 2025/12/16 12:0 a.m.•4 views

PT-2025-51371

Name of the Vulnerable Software and Affected Versions Dokan Pro versions through 4.1.3 Description The Dokan Pro plugin for WordPress has a flaw that allows unauthorized access to data. This is due to a missing capability check on the /dokan/v1/wholesale/register API endpoint. An unauthenticated...

5.3CVSS6.2AI score0.00205EPSS

Exploits0References4

CVE•added 2025/12/09 2:14 p.m.•7 views

CVE-2025-67562

CVE-2025-67562 involves a Missing Authorization vulnerability in Image Caption Hover Pro (image-caption-hover-pro), where Access Control is incorrectly configured, potentially allowing access to restricted resources. Affected: Image Caption Hover Pro versions

5.4CVSS6.6AI score0.00227EPSS

Exploits0References1

CVE•added 2025/11/25 4:38 a.m.•18 views

CVE-2025-13559

Affected software: WordPress EduKart Pro plugin (versions up to 1.0.3). Root cause: The function edukart_pro_register_user_front_end does not restrict permissible registration roles, enabling an unauthenticated user to register as an administrator. Impact: Privilege escalation to full administrat...

9.8CVSS5.7AI score0.00294EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by