CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/02/11 8:26 a.m.•2 views

CVE-2026-1786 Twitter posts to Blog <= 1.11.25 - Missing Authorization to Unauthenticated Plugin Settings Update

6.5CVSS5.5AI score0.00284EPSS

Cvelist•added 2026/02/11 8:26 a.m.•20 views

CVE-2026-1786 Twitter posts to Blog <= 1.11.25 - Missing Authorization to Unauthenticated Plugin Settings Update

6.5CVSS0.00284EPSS

ATTACKERKB•added 2026/02/11 8:26 a.m.•2 views

CVE-2026-1748

The Invoct – PDF Invoices & Billing for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, with Subscriber-level access...

4.3CVSS5.5AI score0.00309EPSS

Exploits0References6

NVD•added 2026/02/11 2:15 a.m.•3 views

CVE-2025-15524

The Gallery by FooGallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajaxgetgalleryinfo function in all versions up to, and including, 3.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

4.3CVSS0.00221EPSS

CVE•added 2026/02/11 1:23 a.m.•7 views

CVE-2025-15524

CVE-2025-15524 affects the WordPress plugin Gallery by FooGallery (versions up to and including 3.1.9). A missing capability check in ajax_get_gallery_info() allows authenticated users with Subscriber-level access and above to enumerate gallery IDs and retrieve private/draft/password-protected ga...

4.3CVSS5.5AI score0.00221EPSS

ATTACKERKB•added 2026/02/11 1:23 a.m.•6 views

CVE-2025-15524

4.3CVSS5.5AI score0.00221EPSS

CNVD•added 2026/02/11 12:0 a.m.•2 views

Unspecified Vulnerability in WordPress Plugin ELEX WordPress HelpDesk & Customer Ticketing System

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin ELEX WordPress HelpDesk & Customer...

5.3CVSS5.8AI score0.00268EPSS

Exploits0

Positive Technologies•added 2026/02/11 12:0 a.m.•4 views

PT-2026-7497

4.3CVSS5.5AI score0.00309EPSS

Exploits0References6

Positive Technologies•added 2026/02/11 12:0 a.m.•3 views

PT-2026-7498

The Twitter posts to Blog plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dg tw options' function in all versions up to, and including, 1.11.25. This makes it possible for unauthenticated attackers to update plugin settings includi...

6.5CVSS5.5AI score0.00284EPSS

Positive Technologies•added 2026/02/11 12:0 a.m.•4 views

PT-2026-7619

The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO Premium plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'uni cpo remove file' function in all versions up to, and including, 4.9.60. This makes it possible for...

5.8CVSS5.7AI score0.00189EPSS

Positive Technologies•added 2026/02/11 12:0 a.m.•9 views

PT-2026-7511

The WPZOOM Addons for Elementor – Starter Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajax post grid load more' function in all versions up to, and including, 1.3.2. This makes it possible for unauthenticated...

5.3CVSS5.5AI score0.00325EPSS

NVD•added 2026/02/10 12:16 a.m.•5 views

CVE-2026-0845

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'WCFMSettingsController::processing' function in...

7.2CVSS0.00436EPSS

CNNVD•added 2026/02/10 12:0 a.m.•4 views

WordPress plugin WCFM 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.2CVSS5.8AI score0.00436EPSS

CVE•added 2026/02/09 11:23 p.m.•14 views

CVE-2026-0845

The CVE affects the WordPress ecosystem: WCFM – Frontend Manager for WooCommerce with the Bookings Subscription Listings Compatible plugin for WordPress. It has a missing capability check in WCFM_Settings_Controller::processing across all versions up to and including 6.7.24, allowing authenticate...

7.2CVSS5.7AI score0.00436EPSS

Cvelist•added 2026/02/09 11:23 p.m.•32 views

CVE-2026-0845 WCFM - WooCommerce Frontend Manager <= 6.7.24 - Authenticated (Shop Manager+) Arbitrary Options Update

7.2CVSS0.00436EPSS

ATTACKERKB•added 2026/02/09 11:23 p.m.•4 views

CVE-2026-0845

7.2CVSS5.7AI score0.00436EPSS

Exploits0References5

Vulnrichment•added 2026/02/09 11:23 p.m.•2 views

CVE-2026-0845 WCFM - WooCommerce Frontend Manager <= 6.7.24 - Authenticated (Shop Manager+) Arbitrary Options Update

7.2CVSS5.7AI score0.00436EPSS

NVD•added 2026/02/09 9:15 p.m.•7 views

CVE-2026-25740

captive browser, a dedicated Chrome instance to log into captive portals without messing with DNS settings. In 25.05 and earlier, when programs.captive-browser is enabled, any user of the system can run arbitrary commands with the CAPNETRAW capability binding to privileged ports, spoofing localho...

5.8CVSS0.00148EPSS