CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/05/27 8:16 a.m.•8 views

CVE-2026-3897

The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the labbadminajax AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but doe...

6.4CVSS0.0003EPSS

NVD•added 2026/05/27 8:16 a.m.•6 views

CVE-2026-3896

The Livemesh SiteOrigin Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lsowadminajax AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but does not...

6.4CVSS0.0003EPSS

ATTACKERKB•added 2026/05/27 5:31 a.m.•4 views

CVE-2026-9014

The WP Promoter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetstats function in versions up to, and including, 1.3. The function is hooked to both the wpajaxwpp-resetstats and wpajaxnoprivwpp-resetstats actions and contains n...

5.3CVSS5.8AI score0.0007EPSS

Tenable Nessus•added 2026/05/27 12:0 a.m.•8 views

Linux Distros Unpatched Vulnerability : CVE-2026-45932

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: Fix tcx/netkit detach permissions when prog fd isn't given This commit fixes a security issue where BPFPROGDETACH on tcx or netkit devices could be execute...

7.3CVSS5.8AI score0.00011EPSS

NVD•added 2026/05/22 5:16 a.m.•9 views

CVE-2026-7249

The Location Weather plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the splwupdateblockoptions and lwpcleanweathertransients functions in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with...

4.3CVSS0.00012EPSS

NVD•added 2026/05/22 5:16 a.m.•8 views

CVE-2026-2518

The FastX theme for WordPress is vulnerable to unauthorized limited plugin installation and activation due to missing capability checks on the 'ultpinstallcallback' and 'ultpactivatecallback' functions in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers...

4.3CVSS0.00009EPSS

Vulnrichment•added 2026/05/22 4:29 a.m.•4 views

CVE-2026-2518 FastX <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Installation and Activation

4.3CVSS5.8AI score0.00009EPSS

EUVD•added 2026/05/22 4:29 a.m.•7 views

EUVD-2026-31412

4.3CVSS5.8AI score0.00009EPSS

Vulnrichment•added 2026/05/22 3:39 a.m.•3 views

CVE-2026-7249 Location Weather <= 3.0.2 - Missing Authorization to Authenticated (Contributor+) Block Settings Modification and Cache Purging

4.3CVSS5.8AI score0.00012EPSS

EUVD•added 2026/05/22 3:39 a.m.•9 views

EUVD-2026-31404

4.3CVSS5.8AI score0.00012EPSS

Positive Technologies•added 2026/05/22 12:0 a.m.•8 views

PT-2026-42722

Name of the Vulnerable Software and Affected Versions FastX theme for WordPress versions prior to 1.0.3 Description The FastX theme for WordPress allows authenticated attackers with Subscriber-level access or higher to install and activate the PostX plugin. This is caused by missing capability...

4.3CVSS5.8AI score0.00009EPSS

Exploits0References9

CNNVD•added 2026/05/17 12:0 a.m.•3 views

WordPress plugin AI Engine 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.8CVSS5.8AI score0.00044EPSS

Exploits0References2

CVE•added 2026/05/15 6:45 a.m.•8 views

CVE-2026-4094

The FOX – Currency Switcher Professional for WooCommerce WordPress plugin (versions up to and including 1.4.5) is affected by an unauthorized data-loss vulnerability due to a missing capability check on the admin_head function, enabling authenticated attackers with Contributor-level access (and s...

8.1CVSS5.7AI score0.00042EPSS

Vulnrichment•added 2026/05/14 6:44 a.m.•7 views

CVE-2026-6510 InfusedWoo Pro <= 5.1.2 - Unauthenticated Missing Authorization to Privilege Escalation via 'iwar_save_recipe'

The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation via missing authorization in all versions up to, and including, 5.1.2. This is due to missing nonce verification and capability checks in the iwarsaverecipe AJAX handler. This makes it possible for unauthenticated...

9.8CVSS5.8AI score0.00222EPSS

Exploits0References2

EUVD•added 2026/05/14 6:44 a.m.•6 views

EUVD-2026-30255

9.8CVSS5.8AI score0.00222EPSS

Exploits0References2

NVD•added 2026/05/14 6:16 a.m.•5 views

CVE-2026-3829

The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'wplebasicgetrequests' function in all versions up to, and including, 7.8.5.10. This makes...

5.4CVSS0.00022EPSS

CVE•added 2026/05/14 5:30 a.m.•5 views

CVE-2026-3829

The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan plugin for WordPress is affected by CVE-2026-3829 due to missing capability checks in wple_basic_get_requests across all versions up to 7.8.5.10. This allows authenticated users with subscriber-level ac...

5.4CVSS5.8AI score0.00022EPSS

EUVD•added 2026/05/14 5:30 a.m.•4 views

EUVD-2026-30228

5.4CVSS5.8AI score0.00022EPSS

ATTACKERKB•added 2026/05/14 5:30 a.m.•3 views

CVE-2026-3829

5.4CVSS5.8AI score0.00022EPSS