CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 1 hour ago•4 views

CVE-2026-8839

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 2.96.6. This is due to missing ownership verification in the REST API routes registered via MappressApi::restapiinit, where the GET...

5.3CVSS

Exploits0References24

EUVD•added 2 hours ago•4 views

EUVD-2026-34962

6.5CVSS5.8AI score

ATTACKERKB•added 2 hours ago•2 views

CVE-2026-9829

6.5CVSS5.8AI score

Exploits0References13

NVD•added 2 hours ago•5 views

CVE-2026-7796

The EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block 'url' attribute in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping...

6.4CVSS

NVD•added 2 hours ago•6 views

CVE-2026-7795

The Click to Chat – WA Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the chat shortcode 'num' parameter in all versions up to, and including, 4.38. This is due to insufficient escaping when embedding user-supplied shortcode attribute values inside JavaScript string...

6.4CVSS

ATTACKERKB•added 3 hours ago•2 views

CVE-2026-8839

5.3CVSS5.5AI score

Exploits0References25

Cvelist•added 3 hours ago•5 views

CVE-2026-7624 SEO Plugin by Squirrly SEO <= 12.4.16 - Missing Authorization to Authenticated (Contributor+) Privileged Cloud API Operations

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 12.4.16. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS

Exploits0References14

ATTACKERKB•added 3 hours ago•1 views

CVE-2026-7624

4.3CVSS5.5AI score

Exploits0References15

CVE•added 3 hours ago•6 views

CVE-2026-7624

The CVE concerns the SEO Plugin by Squirrly SEO for WordPress, vulnerable to an authorization bypass in all versions up to and including 12.4.16. The underlying issue is that the plugin fails to verify a user’s authorization before performing privileged cloud API operations. As a result, authenti...

4.3CVSS5.5AI score

Exploits0References14

EUVD•added 3 hours ago•3 views

EUVD-2026-34956

4.3CVSS5.5AI score

Exploits0References14

ATTACKERKB•added 4 hours ago•4 views

CVE-2026-7796

6.4CVSS5.7AI score

EUVD•added 4 hours ago•4 views

EUVD-2026-34951

6.4CVSS5.7AI score

EUVD•added 4 hours ago•4 views

EUVD-2026-34949

6.4CVSS5.8AI score

ATTACKERKB•added 4 hours ago•3 views

CVE-2026-7795

6.4CVSS5.8AI score

NVD•added 4 hours ago•4 views

CVE-2026-9008

The Page-list plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.2. This is due to the pagelistunqprfxextshortcode function the pagelistext / pagelistext shortcode accepting attacker-controlled poststatus, posttype, and showmetakey attributes and...

4.3CVSS

Cvelist•added 5 hours ago•5 views

CVE-2026-9008 Page-list <= 6.2 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Disclosure via Shortcode Attributes

4.3CVSS

ATTACKERKB•added 5 hours ago•2 views

CVE-2026-9008

4.3CVSS5.4AI score

Exploits0References7

EUVD•added 5 hours ago•4 views

EUVD-2026-34939

4.3CVSS5.4AI score

CVE•added 5 hours ago•5 views

CVE-2026-9008

CVE-2026-9008 affects the Page-list WordPress plugin (versions up to 6.2). The pagelist_unqprfx_ext_shortcode() function for the [pagelist_ext]/[pagelistext] shortcodes accepts attacker-controlled post_status, post_type, and show_meta_key attributes and passes them into get_pages() and get_post_m...

4.3CVSS5.4AI score