CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1789 matches found

Patchstack•added 6 days ago•5 views

WordPress Media LIbrary Assistant plugin <= 3.35 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Media LIbrary Assistant versions = 3.35...

8.5CVSS5.8AI score0.00211EPSS

Exploits0Affected Software1

CVE•added 6 days ago•14 views

CVE-2026-56007

CVE-2026-56007 affects WordPress Ocean Product Sharing plugin versions up to and including 2.2.2. The issue is a Stored Cross-Site Scripting (XSS) vulnerability caused by improper neutralization of input during web page generation in OceanWP Ocean Product Sharing. The vulnerability impact is limi...

5.9CVSS5.2AI score0.00143EPSS

Exploits0References1

EUVD•added last week•8 views

EUVD-2025-210261

Unauthenticated Local File Inclusion in Preservation = 1.10 versions...

8.1CVSS5.1AI score0.00348EPSS

Exploits0References2

EUVD•added last week•8 views

EUVD-2026-37669

Unauthenticated Arbitrary File Deletion in BookPro = 1.1.0 versions...

8.6CVSS5.2AI score0.00496EPSS

Exploits0References2

NVD•added last week•7 views

CVE-2026-39438

Unauthenticated SQL Injection in ListingPro = 2.9.10 versions...

9.3CVSS0.00372EPSS

Exploits0References1

NVD•added last week•6 views

CVE-2026-22330

Unauthenticated Local File Inclusion in Right Way = 4.0 versions...

8.1CVSS0.00363EPSS

Exploits0References1

NVD•added last week•4 views

CVE-2024-35648

Cross-Site request forgery CSRF vulnerability in Andy Moyle Emergency Password Reset allows Cross Site Request Forgery. This issue affects Emergency Password Reset: from n/a through 8.0...

4.3CVSS0.00127EPSS

Exploits0References1

Cvelist•added last week•27 views

CVE-2025-69144 WordPress Preservation theme <= 1.10 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Preservation = 1.10 versions...

8.1CVSS0.00348EPSS

Exploits0References1

Cvelist•added 2026/06/17 9:51 a.m.•26 views

CVE-2026-49081 WordPress User Registration Stripe plugin <= 1.3.12 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in User Registration Stripe = 1.3.12 versions...

8.2CVSS0.00291EPSS

Exploits0References1

CVE•added 2026/06/17 9:51 a.m.•12 views

CVE-2026-49075

The CVE covers a PHP Object Injection flaw in the WordPress JetEngine plugin, affecting versions

9.8CVSS5.3AI score0.00375EPSS

Exploits0References1

Cvelist•added 2026/06/16 8:57 p.m.•18 views

CVE-2026-40736 WordPress Laurits theme <= 1.5.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Laurits = 1.5.1 versions...

8.1CVSS0.0025EPSS

Exploits0References1

CVE•added 2026/06/16 8:57 p.m.•5 views

CVE-2026-40736

WordPress Laurits theme

8.1CVSS5.3AI score0.0025EPSS

Exploits0References1

CVE•added 2026/06/16 8:57 p.m.•15 views

CVE-2026-12256

The CVE concerns WordPress sites using the Avada theme ≤ 3.15.3, where a PHP Object Injection vulnerability exists in the Contributor component. The issue is triggered remotely over the network (attack vector: NETWORK, low complexity, required privileges: LOW, no user interaction). The impact is ...

8.8CVSS5.3AI score0.00482EPSS

Exploits0References1

EUVD•added 2026/06/16 9:0 a.m.•6 views

EUVD-2026-37050

Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO = 12.4.16 versions...

5.9CVSS5.2AI score0.00176EPSS

Exploits0References1

CVE•added 2026/06/16 9:0 a.m.•9 views

CVE-2026-52714

CVE-2026-52714 involves an unauthenticated broken access control in the WordPress SEO Plugin by Squirrly SEO, affected versions

5.9CVSS5.2AI score0.00176EPSS

Exploits0References1