CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/04/08 11:16 a.m.•0 views

CVE-2026-1672 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net <= 1.1.5 - Cross-Site Request Forgery to Product Data Modification

6.5CVSS5.8AI score0.00006EPSS

Cvelist•added 2026/04/08 11:16 a.m.•17 views

CVE-2026-1672 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net <= 1.1.5 - Cross-Site Request Forgery to Product Data Modification

6.5CVSS0.00006EPSS

Cvelist•added 2026/04/08 11:16 a.m.•20 views

CVE-2026-1673 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net <= 1.1.5 - Cross-Site Request Forgery to Taxonomy Term Deletion

4.3CVSS0.00014EPSS

EUVD•added 2026/04/08 9:31 a.m.•0 views

EUVD-2026-20300

Cross-Site Request Forgery CSRF vulnerability in mndpsingh287 Theme Editor theme-editor allows Code Injection.This issue affects Theme Editor: from n/a through = 3.2...

5.9AI score0.00021EPSS

NVD•added 2026/04/08 9:16 a.m.•0 views

CVE-2026-39640

Cross-Site Request Forgery CSRF vulnerability in mndpsingh287 Theme Editor theme-editor allows Code Injection.This issue affects Theme Editor: from n/a through = 3.2...

9.6CVSS0.00021EPSS

NVD•added 2026/04/08 9:16 a.m.•5 views

CVE-2026-39516

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through = 4.7.0...

5.3CVSS0.00039EPSS

ATTACKERKB•added 2026/04/08 8:30 a.m.•4 views

CVE-2026-39640

Cross-Site Request Forgery CSRF vulnerability in mndpsingh287 Theme Editor theme-editor allows Code Injection.This issue affects Theme Editor: from n/a through = 3.2...

5.9AI score0.00021EPSS

CVE•added 2026/04/08 8:30 a.m.•5 views

CVE-2026-39640

CVE-2026-39640 is a high-severity CSRF vulnerability in the WordPress Theme Editor plugin (Theme Editor) affecting versions from unspecified up to and including 3.2. The issue allows code injection/remote code execution and is rated critical (CVSS 3.1: 9.6; network attack vector, low complexity, ...

9.6CVSS5.9AI score0.00021EPSS

Cvelist•added 2026/04/08 8:30 a.m.•16 views

CVE-2026-39640 WordPress Theme Editor plugin <= 3.2 - Cross Site Request Forgery (CSRF) to Remote Code Execution vulnerability

Cross-Site Request Forgery CSRF vulnerability in mndpsingh287 Theme Editor theme-editor allows Code Injection.This issue affects Theme Editor: from n/a through = 3.2...

9.6CVSS0.00021EPSS

Vulnrichment•added 2026/04/08 8:30 a.m.•1 views

CVE-2026-39640 WordPress Theme Editor plugin <= 3.2 - Cross Site Request Forgery (CSRF) to Remote Code Execution vulnerability

Cross-Site Request Forgery CSRF vulnerability in mndpsingh287 Theme Editor theme-editor allows Code Injection.This issue affects Theme Editor: from n/a through = 3.2...

5.8AI score0.00021EPSS

ATTACKERKB•added 2026/04/08 8:30 a.m.•1 views

CVE-2026-39516

5.9AI score0.00039EPSS

OSV•added 2026/04/08 6:2 a.m.•2 views

RLSA-2026:6628 Important: fontforge security update

FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript ASCII and binary Type 1, some Type 3 and Type 0, TrueType, OpenType Type2 and CID-keyed fonts. Security Fixes: fontforge: FontForge: Remote Code Execution via malicious SFD file...

8.8CVSS7.4AI score0.00113EPSS

EUVD•added 2026/04/08 12:30 a.m.•2 views

EUVD-2026-19956

The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on multiple wpajaxsmart-slider3 controller actions in all versions up to, and including, 3.5.1.33. The displayadminajax method does not call checkForCap which...

5.4CVSS5.9AI score0.00013EPSS

Exploits0References8

Positive Technologies•added 2026/04/08 12:0 a.m.•2 views

PT-2026-31205

CVE-2026-39640 Cross-Site Request Forgery CSRF vulnerability in mndpsingh287 Theme Editor theme-editor allows Code Injection.This issue affects Theme Editor: from n/a through = 3… https://t.co/jZUwbHXIkL...

5.8AI score0.00021EPSS

Exploits0References3

CNNVD•added 2026/04/08 12:0 a.m.•4 views

WordPress plugin BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.5CVSS5.7AI score0.00006EPSS

Positive Technologies•added 2026/04/08 12:0 a.m.•1 views

PT-2026-31427

Name of the Vulnerable Software and Affected Versions LORIS versions prior to 27.0.3 and version 28.0.1 Description The LORIS application does not properly sanitize user-supplied variables within the help editor module, potentially leading to a reflected cross-site scripting attack if a user is...

8.7CVSS5.9AI score0.00037EPSS

Exploits0References5

CNNVD•added 2026/04/08 12:0 a.m.•4 views

LORIS Neuroimaging Platform 安全漏洞

LORIS Neuroimaging Platform is a neuroimaging platform open sourced by ACElab. Versions of LORIS Neuroimaging Platform prior to 27.0.3 and 28.0.1 contained security vulnerabilities. These vulnerabilities stemmed from the helpeditor module not properly cleaning user inputs, which could lead to...

8.7CVSS5.8AI score0.00037EPSS

CNNVD•added 2026/04/08 12:0 a.m.•2 views

WordPress plugin Theme Editor 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

9.6CVSS5.8AI score0.00021EPSS