CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

29 matches found

CVE-2026-9048

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including raw social...

4.3CVSS5.5AI score0.00028EPSS

Exploits0References1

EUVD•added 2026/06/02 12:31 a.m.•9 views

EUVD-2026-33851

4.3CVSS5.8AI score0.00028EPSS

Exploits0References3

NVD•added 2026/06/02 12:16 a.m.•9 views

CVE-2026-9048

4.3CVSS0.00028EPSS

Exploits0References2

Cvelist•added 2026/06/01 11:28 p.m.•34 views

CVE-2026-9048 Slider Revolution 7.0.0 - 7.0.14 - Incorrect Authorization to Authenticated (Contributor+) Sensitive Information Exposure

4.3CVSS0.00028EPSS

Exploits0References2

ATTACKERKB•added 2026/06/01 11:28 p.m.•7 views

CVE-2026-9048

4.3CVSS5.8AI score0.00028EPSS

Exploits0References3Affected Software1

CVE•added 2026/06/01 11:28 p.m.•15 views

CVE-2026-9048

The Slider Revolution WordPress plugin is affected (versions 7.0.0–7.0.14). The vulnerability arises in the slider.get.full AJAX action, enabling authenticated attackers with Contributor-level access and higher to expose sensitive data stored in slider settings. Exposed data includes raw social m...

4.3CVSS5.8AI score0.00028EPSS

Exploits0References2

Vulnrichment•added 2026/06/01 11:28 p.m.•8 views

CVE-2026-9048 Slider Revolution 7.0.0 - 7.0.14 - Incorrect Authorization to Authenticated (Contributor+) Sensitive Information Exposure

4.3CVSS5.8AI score0.00028EPSS

Exploits0References2

Positive Technologies•added 2026/06/01 12:0 a.m.•8 views

PT-2026-45666

4.3CVSS5.8AI score0.00028EPSS

Exploits0References3

EUVD•added 2026/01/17 4:34 a.m.•3 views

EUVD-2026-3149

The User Registration Using Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getcf7formdata' function in all versions up to, and including, 2.5. This makes it possible for unauthenticated attackers to retrieve form settings...

5.3CVSS4.9AI score0.00084EPSS

Exploits0References3

RedhatCVE•added 2025/11/09 8:49 a.m.•7 views

CVE-2025-12098

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.8 via the 'enqueuesocialloginscript' function. This makes it possible for unauthenticated attackers to extract...

5.3CVSS5.9AI score0.00053EPSS

Exploits0References1

EUVD•added 2025/11/08 9:31 a.m.•2 views

EUVD-2025-38366

5.3CVSS5.4AI score0.00053EPSS

Exploits0References4

CVE•added 2025/11/08 8:27 a.m.•11 views

CVE-2025-12098

CVE-2025-12098 affects Academy LMS Pro (WordPress plugin) up to version 3.3.8, exposing sensitive data via enqueue_social_login_script. Unauthenticated attackers could exfiltrate secrets (e.g., Facebook App Secret) when Facebook Social Login is enabled. Mitigation: update to 3.3.9 or later (patch...

5.3CVSS5.5AI score0.00053EPSS

Exploits0References2

Cvelist•added 2025/11/08 8:27 a.m.•6 views

CVE-2025-12098 Academy LMS Pro <= 3.3.8 - Unauthenticated Sensitive Information Exposure via 'enqueue_social_login_script'

5.3CVSS0.00053EPSS

Exploits0References2

Vulnrichment•added 2025/11/08 8:27 a.m.•2 views

CVE-2025-12098 Academy LMS Pro <= 3.3.8 - Unauthenticated Sensitive Information Exposure via 'enqueue_social_login_script'

5.3CVSS5.4AI score0.00053EPSS

Exploits0References2

Positive Technologies•added 2025/11/08 12:0 a.m.•6 views

PT-2025-45558

Name of the Vulnerable Software and Affected Versions Academy LMS – WordPress LMS Plugin for Complete eLearning Solution versions prior to 3.3.9 Description The Academy LMS – WordPress LMS Plugin for WordPress is susceptible to sensitive information disclosure. Specifically, the enqueue social...

5.3CVSS6.3AI score0.00053EPSS

Exploits0References5

CNNVD•added 2022/12/02 12:0 a.m.•1 views

WordPress plugin Chained Quiz 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

5.5CVSS5AI score0.00659EPSS

Exploits1References5

Hacker One•added 2020/04/03 5:2 a.m.•456 views

Liberapay: Leaking Of Sensitive Information on Github

Summary: Sensitive Data were leaked in https://github.com/liberapay/liberapay.com Steps To Reproduce: 1. Install gitleaks from https://github.com/zricethezav/gitleaks 2. Run the following command in a Linux terminal gitleaks -v --pretty -r=https://github.com/liberapay/liberapay.com The following...

0.1AI score

Exploits0

Veracode•added 2016/12/29 1:30 a.m.•7 views

Distributed Denial Of Service (DDoS)

botkit is vulnerable to distributed denial of service DDoS attacks. These attacks are possible because it does not validate the X-HUB signature sent in the headers against the facebook app secret. This allows attackers to send arrays with a large amount of data in them to botkit and lock the...

6.4AI score

Exploits0

hackapp•added 2016/04/01 9:26 a.m.•7 views

Who viewed my Facebook - Customized SSL, Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Who viewed my Facebook published at the 'play' market has multiple vulnerabilities...

0.8AI score

Exploits0References1Affected Software1

hackapp•added 2016/04/01 9:26 a.m.•16 views

Mini For Facebook - Mini FB - Base64 encoded String, Exported ContentProvider, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Mini For Facebook - Mini FB published at the 'play' market has multiple vulnerabilities...

1.1AI score

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by