CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9655 matches found

RedhatCVE•added 2026/01/25 9:10 p.m.•14 views

CVE-2026-0593

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the processBackgroundAction function in all versions up to, and including, 10.0.04. This makes it possible for authenticated attackers, with...

5.3CVSS5.5AI score0.00234EPSS

Exploits0References1

RedhatCVE•added 2026/01/25 9:16 a.m.•9 views

CVE-2025-14629

The Alchemist Ajax Upload plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the 'deletefile' function in all versions up to, and including, 1.1. This makes it possible for unauthenticated attackers to delete arbitrary WordPress media...

5.3CVSS5.7AI score0.00294EPSS

Exploits0References1

RedhatCVE•added 2026/01/25 9:16 a.m.•10 views

CVE-2025-14941

The GZSEO plugin for WordPress is vulnerable to authorization bypass leading to Stored Cross-Site Scripting in all versions up to, and including, 2.0.11. This is due to missing capability checks on multiple AJAX handlers combined with insufficient input sanitization and output escaping on the...

6.4CVSS5.8AI score0.00266EPSS

Exploits0References1

RedhatCVE•added 2026/01/25 9:16 a.m.•8 views

CVE-2025-15516

The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxcallbackstoreusermeta function in versions 4.1.0 to 4.6.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

4.3CVSS5.7AI score0.00161EPSS

Exploits0References1

RedhatCVE•added 2026/01/25 9:16 a.m.•18 views

CVE-2026-0687

The Meta-box GalleryMeta plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mbgallery' custom post type in all versions up to, and including, 3.0.1. This makes it possible for authenticated attackers, with Author-level access and abov...

4.3CVSS5.5AI score0.00193EPSS

Exploits0References1

RedhatCVE•added 2026/01/24 9:15 p.m.•5 views

CVE-2025-14947

The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxcallbackcreatebunnystreamvideo, ajaxcallbackgetbunnystreamvideo, and ajaxcallbackdeletebunnystreamvideo functions in all versions up to, and including,...

6.5CVSS5.5AI score0.00369EPSS

Exploits0References1

NVD•added 2026/01/24 5:15 p.m.•7 views

CVE-2026-0593

5.3CVSS0.00234EPSS

Exploits0References2

CVE•added 2026/01/24 4:25 p.m.•13 views

CVE-2026-0593

CVE-2026-0593 concerns the WP Go Maps (formerly WP Google Maps) WordPress plugin. Wordfence and Patchstack documents confirm that all versions up to and including 10.0.04 are vulnerable to unauthorized modification of data due to a missing capability check in processBackgroundAction(). An attacke...

5.3CVSS5.5AI score0.00234EPSS

Exploits0References2

Cvelist•added 2026/01/24 4:25 p.m.•28 views

CVE-2026-0593 WP Go Maps (formerly WP Google Maps) <= 10.0.04 - Missing Authorization to Authenticated (Subscriber+) Map Engine Setting Modification

5.3CVSS0.00234EPSS

Exploits0References2

Vulnrichment•added 2026/01/24 4:25 p.m.•5 views

CVE-2026-0593 WP Go Maps (formerly WP Google Maps) <= 10.0.04 - Missing Authorization to Authenticated (Subscriber+) Map Engine Setting Modification

5.3CVSS5.9AI score0.00234EPSS

Exploits0References2

RedhatCVE•added 2026/01/24 3:17 p.m.•8 views

CVE-2025-14866

The Melapress Role Editor plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.1. This is due to a misconfigured capability check on the 'savesecondaryrolesfield' function. This makes it possible for authenticated attackers, with Subscriber-level...

8.8CVSS5.5AI score0.00365EPSS

Exploits0References1

RedhatCVE•added 2026/01/24 3:17 p.m.•4 views

CVE-2025-13921

The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to unauthorized modification or loss of data due to a missing capability check on the 'wedocsuserdocumentationhandlingcapabilities' function in all versions up to, and including, 2.1.1...

4.3CVSS5.5AI score0.00265EPSS

Exploits0References1

NVD•added 2026/01/24 9:15 a.m.•3 views

CVE-2026-0687

4.3CVSS0.00193EPSS

Exploits0References3

NVD•added 2026/01/24 9:15 a.m.•7 views

CVE-2025-15516

4.3CVSS0.00161EPSS

Exploits0References2

ATTACKERKB•added 2026/01/24 8:26 a.m.•2 views

CVE-2026-0687

4.3CVSS5.9AI score0.00193EPSS

Exploits0References4

Vulnrichment•added 2026/01/24 8:26 a.m.•3 views

CVE-2026-0687 Meta-box GalleryMeta <= 3.0.1 - Missing Authorization to Authenticated (Author+) Gallery Management

4.3CVSS5.9AI score0.00193EPSS

Exploits0References3

CVE•added 2026/01/24 8:26 a.m.•8 views

CVE-2025-15516

CVE-2025-15516 affects the WordPress plugin All-in-One Video Gallery (versions 4.1.0–4.6.4). A missing capability check in the ajax_callback_store_user_meta() function allows authenticated users with Subscriber+ privileges to modify arbitrary string-based user meta keys for their own account. Imp...

4.3CVSS5.7AI score0.00161EPSS

Exploits0References2

Cvelist•added 2026/01/24 8:26 a.m.•35 views

CVE-2025-15516 All-in-One Video Gallery 4.1.0 - 4.6.4 - Missing Authorization to Authenticated (Subscriber+) Limited User Meta Update

4.3CVSS0.00161EPSS

Exploits0References2

Vulnrichment•added 2026/01/24 8:26 a.m.•2 views

CVE-2025-15516 All-in-One Video Gallery 4.1.0 - 4.6.4 - Missing Authorization to Authenticated (Subscriber+) Limited User Meta Update

4.3CVSS6AI score0.00161EPSS

Exploits0References2

ATTACKERKB•added 2026/01/24 8:26 a.m.•2 views

CVE-2025-15516