CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

64 matches found

EUVD-2026-37861

The SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 4.3.6 due to insufficient input sanitization and output escaping. Thi...

6.1CVSS5.5AI score

Exploits0References5

CVE•added 7 hours ago•10 views

CVE-2026-12137

The CVE concerns the WordPress plugin SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager. It is vulnerable to a Reflected Cross-Site Scripting (XSS) via the tab parameter in all versions up to and including 4.3.6, caused by insufficient input sanitization...

6.1CVSS5.5AI score

Exploits0References4

NVD•added 8 hours ago•4 views

CVE-2026-11360

The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 'sortdirection' parameter in all versions up to, and including, 4.0.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS

Exploits0References14

EUVD•added 9 hours ago•6 views

EUVD-2026-37844

4.9CVSS5.8AI score

Exploits0References14

RedhatCVE•added 2026/06/05 7:42 p.m.•5 views

CVE-2025-14767

The WPC Badge Management for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the wpcbmbestseller shortcode in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for...

5.5CVSS5.7AI score0.00207EPSS

Exploits0References1

EUVD•added 2026/05/13 7:44 a.m.•13 views

EUVD-2025-209823

5.5CVSS6AI score0.00207EPSS

Exploits0References4

ATTACKERKB•added 2026/05/13 7:44 a.m.•3 views

CVE-2025-14767

5.5CVSS6AI score0.00207EPSS

Exploits0References5

Positive Technologies•added 2026/05/13 12:0 a.m.•6 views

PT-2026-40581

The WPC Badge Management for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the wpcbm best seller shortcode in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for...

5.5CVSS6AI score0.00207EPSS

Exploits0References4

GithubExploit•added 2026/04/18 9:25 a.m.•99 views

Exploit for CVE-2026-1937

CVE-2026-1937 YayMail = 4.3.2 - Missing Authorization to A...

7.2CVSS6.1AI score0.00411EPSS

Exploits1

RedhatCVE•added 2026/02/20 7:22 a.m.•7 views

CVE-2025-12975

The CTX Feed – WooCommerce Product Feed Manager plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the woofeedplugininstalling function in all versions up to, and including, 6.6.11. This makes it possible for authenticated...

7.2CVSS6.1AI score0.00821EPSS

Exploits0References1

RedhatCVE•added 2026/02/19 7:28 a.m.•3 views

CVE-2026-1938

The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized license key deletion due to a missing authorization check on the /yaymail-license/v1/license/delete REST endpoint in versions up to, and including, 4.3.2. This makes it possible for authenticated...

5.3CVSS5.5AI score0.00307EPSS

Exploits0References1

RedhatCVE•added 2026/02/19 7:28 a.m.•5 views

CVE-2026-1937

The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the yaymailimportstate AJAX action in all versions up to, and including, 4.3.2. This makes it possible for...

9.8CVSS5.7AI score0.00411EPSS

Exploits1References1

NVD•added 2026/02/19 7:17 a.m.•8 views

CVE-2025-12975

7.2CVSS0.00821EPSS

Exploits0References3

Cvelist•added 2026/02/19 4:36 a.m.•27 views

CVE-2025-12975 CTX Feed – WooCommerce Product Feed Manager <= 6.6.11 - Missing Authorization to Authenticated (Shop Manager+) Arbitrary Plugin Installation

7.2CVSS0.00821EPSS

Exploits0References3

Vulnrichment•added 2026/02/19 4:36 a.m.•3 views

CVE-2025-12975 CTX Feed – WooCommerce Product Feed Manager <= 6.6.11 - Missing Authorization to Authenticated (Shop Manager+) Arbitrary Plugin Installation

7.2CVSS6.2AI score0.00821EPSS

Exploits0References3

NVD•added 2026/02/18 8:16 a.m.•6 views

CVE-2026-1831

The YayMail - WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized plugin installation and activation due to missing capability checks on the 'yaymailinstallyaysmtp' AJAX action and /yaymail/v1/addons/activate REST endpoint in all versions up to, and including, 4.3.2...

2.7CVSS0.00293EPSS

Exploits0References5

ATTACKERKB•added 2026/02/18 7:25 a.m.•5 views

CVE-2026-1831

2.7CVSS5.5AI score0.00293EPSS

Exploits0References6

CVE•added 2026/02/18 7:25 a.m.•16 views

CVE-2026-1831

CVE-2026-1831 (YayMail) is a WordPress plugin vulnerability affecting YayMail – WooCommerce Email Customizer. Wordfence reports missing capability checks on the AJAX action yaymail_install_yaysmtp and the REST endpoint /yaymail/v1/addons/activate, enabling authenticated attackers with Shop Manage...

2.7CVSS5.5AI score0.00293EPSS

Exploits0References5

ATTACKERKB•added 2026/02/18 7:25 a.m.•4 views

CVE-2026-1938

5.3CVSS5.5AI score0.00307EPSS

Exploits0References5

ATTACKERKB•added 2026/02/18 6:42 a.m.•7 views

CVE-2026-2296

The Product Addons for Woocommerce – Product Options with Custom Fields plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 3.1.0. This is due to insufficient input validation of the 'operator' field in conditional logic rules within the evalConditions...

7.2CVSS6.1AI score0.00597EPSS

Exploits0References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by