CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

22 matches found

CVE•added 2026/05/12 7:48 a.m.•11 views

CVE-2026-7050

The Forms Rb WordPress plugin (versions ≤ 1.1.9) is vulnerable to an authorization bypass due to insufficient access checks, allowing authenticated users with contributor-level access and above to read form submissions, modify form configurations, and delete records for forms they do not own. Roo...

4.3CVSS5.8AI score0.00041EPSS

Exploits0References13

Cvelist•added 2026/03/25 4:14 p.m.•20 views

CVE-2026-22502 WordPress Mr. Cobbler theme <= 1.1.9 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Mr. Cobbler mr-cobbler allows PHP Local File Inclusion.This issue affects Mr. Cobbler: from n/a through = 1.1.9...

8.1CVSS0.00172EPSS

Exploits0References1

NVD•added 2026/03/05 6:16 a.m.•1 views

CVE-2026-28084

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Bazinga bazinga allows PHP Local File Inclusion.This issue affects Bazinga: from n/a through = 1.1.9...

8.1CVSS0.00172EPSS

Exploits0References1

ATTACKERKB•added 2026/02/20 3:46 p.m.•2 views

CVE-2025-69403

Unrestricted Upload of File with Dangerous Type vulnerability in Bravis-Themes Bravis Addons bravis-addons allows Using Malicious Files.This issue affects Bravis Addons: from n/a through = 1.1.9...

5.4AI score0.00063EPSS

Exploits0References2

CNNVD•added 2026/02/20 12:0 a.m.•6 views

WordPress plugin Bravis Addons 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...

9.9CVSS5.8AI score0.00063EPSS

Exploits0References1

Cvelist•added 2026/01/23 2:28 p.m.•27 views

CVE-2026-24579 WordPress Ai Image Alt Text Generator for WP plugin <= 1.1.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Messiah Ai Image Alt Text Generator for WP ai-image-alt-text-generator-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ai Image Alt Text Generator for WP: from n/a through = 1.1.9...

4.3CVSS0.00048EPSS

Exploits0References1

Vulnrichment•added 2026/01/23 2:28 p.m.•2 views

CVE-2026-24579 WordPress Ai Image Alt Text Generator for WP plugin <= 1.1.9 - Broken Access Control vulnerability

4.3CVSS5.9AI score0.00048EPSS

Exploits0References1

CVE•added 2025/12/09 2:52 p.m.•2 views

CVE-2025-62100

The CVE-2025-62100 entry describes a Missing Authorization vulnerability in the WordPress ThemeRain Core plugin (themerain-core) affecting versions up to 1.1.9, caused by an incorrectly configured access control security level. The issue is exploitable without authentication over network, with lo...

5.3CVSS6.6AI score0.00058EPSS

Exploits0References1

Positive Technologies•added 2025/12/09 12:0 a.m.•1 views

PT-2025-49995

Missing Authorization vulnerability in themerain ThemeRain Core themerain-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ThemeRain Core: from n/a through = 1.1.9...

7AI score0.00058EPSS

Exploits0References2

Vulnrichment•added 2025/11/06 3:54 p.m.•1 views

CVE-2025-53252 WordPress Zegen Theme <= 1.1.9 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in zozothemes Zegen zegen allows PHP Local File Inclusion.This issue affects Zegen: from n/a through = 1.1.9...

7.5CVSS6.7AI score0.00123EPSS

Exploits0References1

EUVD•added 2025/10/22 3:31 p.m.•1 views

EUVD-2025-35554

Missing Authorization vulnerability in Themefic Hydra Booking hydra-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hydra Booking: from n/a through = 1.1.9...

7.5CVSS6.5AI score0.0005EPSS

Exploits0References2

RedhatCVE•added 2025/09/12 7:11 a.m.•1 views

CVE-2025-9857

The Heateor Login – Social Login Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'HeateorFacebookLogin' shortcode in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This make...

6.4CVSS5AI score0.00048EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 5:34 a.m.•1 views

CVE-2023-31229

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in WP Directory Kit.This issue affects WP Directory Kit: from n/a through 1.1.9...

6.1CVSS7AI score0.00238EPSS

Exploits0References1

Positive Technologies•added 2025/02/03 12:0 a.m.•1 views

PT-2025-5099 · Unknown · .Tube Video Curator

Name of the Vulnerable Software and Affected Versions: .TUBE Video Curator versions n/a through 1.1.9 Description: The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting. This allows for Reflected XSS in .TUBE gTLD .TUBE Video...

7.1CVSS9AI score0.00055EPSS

Exploits0References3

Patchstack•added 2025/01/07 9:54 p.m.•2 views

WordPress Button Block plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Yusuf Patchstack Alliance in WordPress Plugin Button Block versions = 1.1.9...

6.5CVSS6.1AI score0.00221EPSS

Exploits0Affected Software1

OSV•added 2024/07/21 8:15 a.m.•0 views

CVE-2024-37488

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in HelloAsso allows Stored XSS.This issue affects HelloAsso: from n/a through 1.1.9...

5.4CVSS5.8AI score

Exploits0References1

Patchstack•added 2024/06/21 3:40 p.m.•1 views

WordPress Vandana Lite theme <= 1.1.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Vandana Lite versions = 1.1.9...

4.3CVSS7AI score0.00162EPSS

Exploits0Affected Software1

Positive Technologies•added 2024/05/11 12:0 a.m.•1 views

PT-2024-30455 · WordPress · Thim Elementor Kit

Name of the Vulnerable Software and Affected Versions: Thim Elementor Kit plugin for WordPress versions up to, and including, 1.1.9 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping, allowing authenticated attackers with...

6.4CVSS6AI score0.00177EPSS

Exploits0References5

CNNVD•added 2024/04/18 12:0 a.m.•1 views

WordPress Plugin Mega Elements 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

6.5CVSS5.9AI score0.00181EPSS

Exploits0References2

OSV•added 2023/12/18 10:15 p.m.•0 views

CVE-2023-48768

Cross-Site Request Forgery CSRF vulnerability in CodeAstrology Team Quantity Plus Minus Button for WooCommerce by CodeAstrology.This issue affects Quantity Plus Minus Button for WooCommerce by CodeAstrology: from n/a through 1.1.9...

8.8CVSS5.8AI score

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by