CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

8132 matches found

Vulnrichment•added 2026/05/10 12:43 p.m.•7 views

CVE-2021-47930 Balbooa Joomla Forms Builder 2.0.6 SQL Injection Unauthenticated

Balbooa Joomla Forms Builder 2.0.6 contains an unauthenticated SQL injection vulnerability in the form submission handler that allows remote attackers to execute arbitrary SQL queries. Attackers can send POST requests to the combaforms component with malicious JSON payloads in the 'id' field...

8.8CVSS6.1AI score0.00065EPSS

Exploits0References3

Positive Technologies•added 2026/05/10 12:0 a.m.•8 views

PT-2026-39506

Balbooa Joomla Forms Builder 2.0.6 contains an unauthenticated SQL injection vulnerability in the form submission handler that allows remote attackers to execute arbitrary SQL queries. Attackers can send POST requests to the com baforms component with malicious JSON payloads in the 'id' field...

8.8CVSS6.1AI score0.00065EPSS

Exploits0References4

CNNVD•added 2026/05/10 12:0 a.m.•5 views

Balbooa Joomla Forms Builder SQL注入漏洞

Balbooa Joomla Forms Builder is a website form building plugin provided by Balbooa Corporation, which offers visual form design and data collection features. Version 2.0.6 of Balbooa Joomla Forms Builder contains an SQL injection vulnerability. This vulnerability stems from an unauthenticated SQL...

8.8CVSS6.1AI score0.00065EPSS

Exploits0References1

Positive Technologies•added 2026/05/10 12:0 a.m.•7 views

PT-2026-39522

WordPress GetPaid Plugin 2.4.6 contains an HTML injection vulnerability that allows authenticated attackers to inject arbitrary HTML code by exploiting the Help Text field in payment forms. Attackers can inject malicious HTML including image tags and scripts into the Help Text field during paymen...

5.4CVSS6AI score0.00033EPSS

Exploits0References4

Positive Technologies•added 2026/05/10 12:0 a.m.•4 views

PT-2026-39526

OpenCart 3.0.3.7 contains a cross-site request forgery vulnerability that allows attackers to change user passwords by sending crafted requests to the account/password endpoint. Attackers can trick authenticated users into submitting hidden forms with new password values in the 'password' and...

5.3CVSS5.7AI score0.00029EPSS

Exploits0References3

Patchstack•added 2026/05/07 10:26 a.m.•13 views

WordPress Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin <= 1.53.0 - Missing Authorization to Authenticated (Subscriber+) Scheduled Form Submission Export vulnerability

Missing Authorization to Authenticated Subscriber+ Scheduled Form Submission Export vulnerability discovered by anhcd05 - VNPT Cyber Immunity in WordPress Plugin Forminator versions = 1.53.0...

6.5CVSS5.8AI score0.00012EPSS

Exploits0References1Affected Software1

NVD•added 2026/05/07 4:16 a.m.•9 views

CVE-2026-6214

The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.53.0. This is due to the listenforsavingexportschedule function in library/class-export.php failing to perform a capability check before saving the scheduled export configuration,...

6.5CVSS0.00012EPSS

Exploits0References6

EUVD•added 2026/05/07 3:27 a.m.•7 views

EUVD-2026-28308

The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.53.0. This is due to the listenforsavingexportschedule function in library/class-export.php failing to perform a capability check before saving the scheduled export configuration,...

6.5CVSS5.7AI score0.00012EPSS

Exploits0References6

Cvelist•added 2026/05/07 3:27 a.m.•31 views

CVE-2026-6214 Forminator Forms <= 1.53.0 - Missing Authorization to Authenticated (Subscriber+) Scheduled Form Submission Export via forminator_export_entries Action on wp_loaded Hook

The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.53.0. This is due to the listenforsavingexportschedule function in library/class-export.php failing to perform a capability check before saving the scheduled export configuration,...

6.5CVSS0.00012EPSS

Exploits0References6

CVE•added 2026/05/07 3:27 a.m.•11 views

CVE-2026-6214

CVE-2026-6214 affects Forminator Forms for WordPress (≤ 1.53.0). The issue is in listen_for_saving_export_schedule() in library/class-export.php, which fails to perform a capability check before saving a scheduled export configuration, unlike listen_for_csv_export() that verifies permissions. Thi...

6.5CVSS5.7AI score0.00012EPSS

Exploits0References6

ATTACKERKB•added 2026/05/07 3:27 a.m.•5 views

CVE-2026-6214

The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.53.0. This is due to the listenforsavingexportschedule function in library/class-export.php failing to perform a capability check before saving the scheduled export configuration,...

6.5CVSS5.7AI score0.00012EPSS

Exploits0References7

Vulnrichment•added 2026/05/07 3:27 a.m.•6 views

CVE-2026-6214 Forminator Forms <= 1.53.0 - Missing Authorization to Authenticated (Subscriber+) Scheduled Form Submission Export via forminator_export_entries Action on wp_loaded Hook

The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.53.0. This is due to the listenforsavingexportschedule function in library/class-export.php failing to perform a capability check before saving the scheduled export configuration,...

6.5CVSS5.7AI score0.00012EPSS

Exploits0References6

NVD•added 2026/05/07 2:16 a.m.•4 views

CVE-2026-6222

The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.51.1. This is due to the processRequest method in ForminatorAdminModuleEditPage admin/abstracts/class-admin-module-edit-page.php dispatching sensitive module-management actions —...

5.3CVSS0.00013EPSS

Exploits0References8

ATTACKERKB•added 2026/05/07 1:25 a.m.•3 views

CVE-2026-6222

The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.51.1. This is due to the processRequest method in ForminatorAdminModuleEditPage admin/abstracts/class-admin-module-edit-page.php dispatching sensitive module-management actions —...

5.3CVSS5.9AI score0.00013EPSS

Exploits0References9

Vulnrichment•added 2026/05/07 1:25 a.m.•5 views

CVE-2026-6222 Forminator Forms <= 1.51.1 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure via 'forminator_action' Parameter

The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.51.1. This is due to the processRequest method in ForminatorAdminModuleEditPage admin/abstracts/class-admin-module-edit-page.php dispatching sensitive module-management actions —...

5.3CVSS5.9AI score0.00013EPSS

Exploits0References8

EUVD•added 2026/05/07 1:25 a.m.•4 views

EUVD-2026-28235

The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.51.1. This is due to the processRequest method in ForminatorAdminModuleEditPage admin/abstracts/class-admin-module-edit-page.php dispatching sensitive module-management actions —...

5.3CVSS5.9AI score0.00013EPSS

Exploits0References8

CVE•added 2026/05/07 1:25 a.m.•20 views

CVE-2026-6222

CVE-2026-6222 affects the WordPress plugin Forminator Forms (versions

5.3CVSS5.9AI score0.00013EPSS

Exploits0References8

Cvelist•added 2026/05/07 1:25 a.m.•30 views

CVE-2026-6222 Forminator Forms <= 1.51.1 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure via 'forminator_action' Parameter

The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.51.1. This is due to the processRequest method in ForminatorAdminModuleEditPage admin/abstracts/class-admin-module-edit-page.php dispatching sensitive module-management actions —...

5.3CVSS0.00013EPSS

Exploits0References8

CNNVD•added 2026/05/07 12:0 a.m.•5 views

WordPress plugin Forminator Forms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00013EPSS

Exploits0References1

Positive Technologies•added 2026/05/07 12:0 a.m.•7 views

PT-2026-38324

The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.51.1. This is due to the processRequest method in Forminator Admin Module Edit Page admin/abstracts/class-admin-module-edit-page.php dispatching sensitive module-management actions —...

5.3CVSS5.9AI score0.00013EPSS

Exploits0References9

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by