CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/04/29 9:16 a.m.•2 views

CVE-2026-4019

5.3CVSS0.00276EPSS

EUVD•added 2026/04/29 8:27 a.m.•5 views

EUVD-2026-26200

ATTACKERKB•added 2026/04/29 8:27 a.m.•1 views

CVE-2026-4019

CVE•added 2026/04/29 8:27 a.m.•13 views

Exploits0References7

CVE-2026-4019

The CVE-2026-4019 vulnerability affects the WordPress plugin Complianz – GDPR/CCPA Cookie Consent (versions up to and including 7.4.5). The REST endpoint /wp-json/complianz/v1/consent-area/{post_id}/{block_id} uses a permissive permission_callback (__return_true), enabling unauthenticated request...

Vulnrichment•added 2026/04/29 8:27 a.m.•1 views

CVE-2026-4019 Complianz – GDPR/CCPA Cookie Consent <= 7.4.5 - Missing Authorization to Unauthenticated Private Post Content Disclosure via Consent Area REST Endpoint

RedhatCVE•added 2026/01/01 6:25 a.m.•13 views

CVE-2025-14434

The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0.16 exposes multiple AJAX “load more” endpoints such as upkalexgridloadmoreposts without ensuring that posts to be displayed are published authentication. This allows an unauthenticated attacker to query arbitrary posts and...

5.3CVSS6.9AI score0.00245EPSS

NVD•added 2025/12/31 6:15 a.m.•3 views

CVE-2025-14434

5.3CVSS0.00245EPSS

CVE•added 2025/12/31 6:0 a.m.•14 views

CVE-2025-14434

CVE-2025-14434 affects the WordPress plugin “Ultimate Post Kit Addons for Elementor” (versions prior to 4.0.16). The issue arises from multiple AJAX endpoints (e.g., loadmore posts) that do not verify whether targeted posts are published, enabling an unauthenticated attacker to query arbitrary po...

5.3CVSS6.5AI score0.00245EPSS

Positive Technologies•added 2025/12/31 12:0 a.m.•3 views

PT-2025-54283

The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0.16 exposes multiple AJAX “load more” endpoints such as upk alex grid loadmore posts without ensuring that posts to be displayed are published authentication. This allows an unauthenticated attacker to query arbitrary posts and...

6.9AI score0.00245EPSS

Exploits0References2

CNNVD•added 2025/12/31 12:0 a.m.•2 views

WordPress plugin Ultimate Post Kit Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security...

5.3CVSS6.3AI score0.00245EPSS

RedhatCVE•added 2025/05/23 1:1 a.m.•4 views

CVE-2022-2535

The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink...

5.3CVSS6.7AI score0.01464EPSS

Exploits2References1

Positive Technologies•added 2024/12/13 12:0 a.m.•4 views

PT-2024-17538 · Feedbackwp · Rate My Post – Star Rating Plugin

Name of the Vulnerable Software and Affected Versions: Rate My Post – Star Rating Plugin by FeedbackWP versions up to, and including, 4.2.4 Description: The issue allows unauthenticated attackers to vote on unpublished scheduled posts due to missing validation on a user-controlled key in the get...

5.3CVSS7.3AI score0.00303EPSS