CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

318 matches found

RedhatCVE•added 2026/01/09 9:24 a.m.•11 views

CVE-2023-40201

Cross-Site Request Forgery CSRF vulnerability in FuturioWP Futurio Extra plugin = 1.8.4 versions leads to activation of arbitrary plugin...

8.8CVSS7.1AI score0.00254EPSS

Exploits0References1

Patchstack•added 2025/12/31 12:0 a.m.•3 views

WordPress B Slider- Gutenberg Slider Block for WP plugin <= 1.1.30 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Plugin Installation vulnerability

Authenticated Subscriber+ Missing Authorization to Arbitrary Plugin Installation vulnerability discovered by wesley wcraft in WordPress Plugin B Slider versions = 1.1.30...

8.8CVSS5.5AI score0.00548EPSS

Exploits0References1Affected Software1

Patchstack•added 2025/12/31 12:0 a.m.•2 views

WordPress Construction Light theme < 1.6.8 - Subscriber+ Arbitrary Plugin Activation vulnerability

Subscriber+ Arbitrary Plugin Activation vulnerability discovered by Khaled Alenazi Nxploited in WordPress Theme Construction Light versions 1.6.8...

4.3CVSS5.5AI score0.00102EPSS

Exploits0References1Affected Software1

Cvelist•added 2025/12/24 12:43 p.m.•28 views

CVE-2023-28619 WordPress Resoto theme <= 1.0.8 - Broken Access Control to Arbitrary Plugin Activation

Missing Authorization vulnerability in bnayawpguy Resoto allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Resoto: from n/a through 1.0.8...

4.3CVSS0.00242EPSS

Exploits0References1

CVE•added 2025/12/24 12:43 p.m.•11 views

CVE-2023-28619

CVE-2023-28619 : Resoto WordPress theme (

4.3CVSS8.5AI score0.00242EPSS

Exploits0References1

Vulnrichment•added 2025/12/24 12:43 p.m.•3 views

CVE-2023-28619 WordPress Resoto theme <= 1.0.8 - Broken Access Control to Arbitrary Plugin Activation

Missing Authorization vulnerability in bnayawpguy Resoto resoto allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Resoto: from n/a through = 1.0.8...

4.3CVSS7.3AI score0.00242EPSS

Exploits0References1

CNNVD•added 2025/12/13 12:0 a.m.•4 views

WordPress plugin Gallery Blocks with Lightbox 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security...

4.3CVSS6.5AI score0.0019EPSS

Exploits0References4

Vulnrichment•added 2025/12/12 6:0 a.m.•5 views

CVE-2025-10684 Construction Light < 1.6.8 - Subscriber+ Arbitrary Plugin Activation

The Construction Light WordPress theme before 1.6.8 does not have authorisation and CSRF when activating via an AJAX action, allowing any authenticated users, such as subscriber to activate arbitrary...

6.5AI score0.00102EPSS

Exploits0References1

CVE•added 2025/12/12 6:0 a.m.•14 views

CVE-2025-10684

CVE-2025-10684 affects the Construction Light WordPress theme prior to version 1.6.8. Multiple sources (NVD, Red Hat, CIRCL, CVE list) describe a lack of authorization and CSRF protection for an AJAX activation action, allowing any authenticated user (e.g., subscribers) to activate arbitrary func...

4.3CVSS6.5AI score0.00102EPSS

Exploits0References1

NVD•added 2025/11/08 6:15 a.m.•3 views

CVE-2025-9334

The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Limited Code Injection in all versions up to, and including, 1.7.7. This is due to insufficient input validation and restriction on the 'rtafarajax' function. This makes it possible for authenticated...

8.8CVSS0.0044EPSS

Exploits0References5

RedhatCVE•added 2025/11/05 5:8 a.m.•4 views

CVE-2025-10896

Multiple plugins for WordPress with the Jewel Theme Recommended Plugins Library are vulnerable to Unrestricted Upload of File with Dangerous Type via arbitrary plugin installation in all versions up to, and including, 1.0.2.3. This is due to missing capability checks on the...

8.8CVSS7AI score0.00534EPSS

Exploits0References1

Cvelist•added 2025/11/04 4:27 a.m.•7 views

CVE-2025-10896 Multiple Plugins <= Multiple Versions - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Upload

8.8CVSS0.00534EPSS

Exploits0References8

Vulnrichment•added 2025/11/04 4:27 a.m.•3 views

CVE-2025-10896 Multiple Plugins <= Multiple Versions - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Upload

8.8CVSS6.9AI score0.00534EPSS

Exploits0References5

CNNVD•added 2025/11/04 12:0 a.m.•4 views

WordPress plugin多款产品安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL-based...

8.8CVSS7.4AI score0.00534EPSS

Exploits0References5

Wordfence Blog•added 2025/10/23 7:38 p.m.•10 views

Mass Exploit Campaign Targeting Arbitrary Plugin Installation Vulnerabilities

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 🚀 Operation: Maximum Impact Challenge ! Now through November 10, 2025, earn 2X bounty rewards forall in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,2...

9.8CVSS9.5AI score0.54754EPSS

Exploits10