CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

91 matches found

CVE-2026-6075

The Media Library Assistant plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.35 This is due to missing nonce verification on the bulk action handlers in the settings tab handlers. This makes it possible for unauthenticated attackers to trick an...

8.1CVSS5.8AI score0.00043EPSS

Exploits0References12

Cvelist•added 6 days ago•30 views

CVE-2026-6075 Media Library Assistant <= 3.35 - Cross-Site Request Forgery via Bulk Action Form

8.1CVSS0.00043EPSS

Exploits0References11

CVE•added last week•7 views

CVE-2026-45342

LinkAce prior to version 2.5.6 is affected by an Insecure Direct Object Reference (IDOR) in the authorization policy layer. The root cause is in update() policy methods (LinkPolicy, LinkListPolicy, TagPolicy, NotePolicy) where access checks delegate to userCanAccessX(), which returns true for any...

7.1CVSS5.8AI score0.00043EPSS

Exploits0References1

Cvelist•added last week•23 views

CVE-2026-45342 LinkAce: IDOR in Update Policies Allows Any Authenticated User to Overwrite Other Users' Links, Lists, Tags, and Notes

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains an Insecure Direct Object Reference vulnerability in the authorization policy layer that allows any authenticated user to modify resources owned by other users. The affected resource types are links, lists...

7.1CVSS0.00043EPSS

Exploits0References1

Vulnrichment•added last week•7 views

CVE-2026-45342 LinkAce: IDOR in Update Policies Allows Any Authenticated User to Overwrite Other Users' Links, Lists, Tags, and Notes

7.1CVSS5.8AI score0.00043EPSS

Exploits0References1

EUVD•added last week•4 views

EUVD-2026-33056

7.1CVSS5.8AI score0.00043EPSS

Exploits0References1

Positive Technologies•added 2026/05/28 12:0 a.m.•6 views

PT-2026-44542

7.1CVSS5.8AI score0.00043EPSS

Exploits0References2

Patchstack•added 2026/05/01 9:32 a.m.•2 views

WordPress Bulk Edit Posts and Products in Spreadsheet plugin <= 2.25.16 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Bulk Edit Posts and Products in Spreadsheet versions = 2.25.16...

6.1CVSS5.8AI score0.00135EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/03/26 3:18 p.m.•1 views

CVE-2026-32431

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Astra Bulk Edit astra-bulk-edit allows DOM-Based XSS.This issue affects Astra Bulk Edit: from n/a through = 1.2.10...

6.5CVSS5.8AI score0.00045EPSS

Exploits0References1

CNVD•added 2026/03/19 12:0 a.m.•4 views

WordPress Plugin Astra Bulk Edit Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin Astra Bulk Edit, which stem...

6.5CVSS5.5AI score0.00045EPSS

Exploits0References1

EUVD•added 2026/03/13 9:31 p.m.•1 views

EUVD-2026-11965

6.5CVSS5.8AI score0.00045EPSS

Exploits0References2

NVD•added 2026/03/13 7:55 p.m.•2 views

CVE-2026-32431

6.5CVSS0.00045EPSS

Exploits0References1

Vulnrichment•added 2026/03/13 11:42 a.m.•1 views

CVE-2026-32431 WordPress Astra Bulk Edit plugin <= 1.2.10 - Cross Site Scripting (XSS) vulnerability

6.5CVSS5.8AI score0.00045EPSS

Exploits0References1

ATTACKERKB•added 2026/03/13 11:42 a.m.•0 views

CVE-2026-32431

5.8AI score0.00045EPSS

Exploits0References2

CVE•added 2026/03/13 11:42 a.m.•2 views

CVE-2026-32431

The CVE concerns the WordPress plugin Astra Bulk Edit (Brainstorm Force) for Astra Bulk Edit, specifically the astra-bulk-edit component. It describes a DOM-based XSS introduced by improper neutralization of input during web page generation, resulting in a Cross-Site Scripting vulnerability. Affe...

6.5CVSS5.8AI score0.00045EPSS

Exploits0References1

Cvelist•added 2026/03/13 11:42 a.m.•21 views

CVE-2026-32431 WordPress Astra Bulk Edit plugin <= 1.2.10 - Cross Site Scripting (XSS) vulnerability

6.5CVSS0.00045EPSS

Exploits0References1

CNNVD•added 2026/03/13 12:0 a.m.•2 views

WordPress plugin Astra Bulk Edit 跨站脚本漏洞

6.5CVSS5.5AI score0.00045EPSS

Exploits0References1

Positive Technologies•added 2026/03/13 12:0 a.m.•3 views

PT-2026-25277

6.5CVSS5.8AI score0.00045EPSS

Exploits0References3

Patchstack•added 2026/03/01 4:5 p.m.•1 views

WordPress Astra Bulk Edit plugin <= 1.2.10 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Astra Bulk Edit versions = 1.2.10...

6.5CVSS5.8AI score0.00045EPSS

Exploits0Affected Software1

Patchstack•added 2026/02/03 3:8 p.m.•2 views

WordPress Bulk Edit Post Titles plugin <= 5.0.0 - Missing Authorization via bulkUpdatePostTitles vulnerability

Missing Authorization via bulkUpdatePostTitles vulnerability discovered by Francesco Carlucci in WordPress Plugin Bulk Edit Post Titles versions = 5.0.0...

4.3CVSS5.3AI score0.00147EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by