CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

65 matches found

Vulnrichment•added 2026/06/05 10:28 p.m.•8 views

CVE-2026-7523 Alba Board <= 2.1.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure via 'card_id' Parameter

The Alba Board plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access...

4.3CVSS5.5AI score0.00272EPSS

Exploits0References8

RedhatCVE•added 2026/06/05 7:39 p.m.•6 views

CVE-2026-7249

The Location Weather plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the splwupdateblockoptions and lwpcleanweathertransients functions in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with...

4.3CVSS5.5AI score0.00248EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:10 p.m.•9 views

CVE-2026-8732

The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account Creation in all versions up to, and including, 6.1.0. This is due to the wpgmptempaccessajax AJAX action being registered with wpajaxnopriv and protected only by a nonce check using the...

9.8CVSS5.7AI score0.09461EPSS

Exploits7References1

NVD•added 2026/05/20 5:16 a.m.•34 views

CVE-2026-5075

The All in One SEO plugin for WordPress is vulnerable to Sensitive Information Exposure via 'internalOptions' localized script data in versions up to, and including, 4.9.7 due to sensitive internal option data being passed to wplocalizescript in post editor contexts without effective masking for...

4.3CVSS0.00285EPSS

Exploits0References2

CVE•added 2025/11/11 3:30 a.m.•18 views

CVE-2025-11997

CVE-2025-11997 affects the WordPress plugin Document Pro Elementor – Documentation & Knowledge Base. The root cause is information exposure via frontend JS: Algolia API keys are exposed through wp_localize_script without proper access controls, enabling unauthenticated users to view keys in page ...

5.3CVSS5.7AI score0.00322EPSS

Exploits0References3

CVE•added 2025/11/05 6:35 a.m.•26 views

CVE-2025-12139

The CVE-2025-12139 vulnerability affects the File Manager for Google Drive – Integrate Google Drive with WordPress plugin for WordPress. The issue, present in all versions up to 1.5.3, stems from improper protection of the get_localize_data function and enables unauthenticated attackers to exfilt...

7.5CVSS5.3AI score0.02162EPSS

Exploits0References5

CNNVD•added 2025/11/05 12:0 a.m.•4 views

WordPress plugin integrate-google-drive 信息泄露漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin integrate-google-drive has an information disclosure vulnerability, the...

7.5CVSS5.7AI score0.02162EPSS

Exploits0References6

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-45761

Malicious code in bioql PyPI...

8.8CVSS9AI score0.00214EPSS

Exploits0References1

CNNVD•added 2024/09/03 12:0 a.m.•2 views

LimeSurvey 安全漏洞

LimeSurvey PHPSurveyor is a set of open source online questionnaire survey program from LimeSurvey team, which supports survey program development, questionnaire publishing and data collection. A security vulnerability exists in LimeSurvey version v6.6.2 and earlier versions, which stems from an...

8.8CVSS7.6AI score0.01022EPSS

Exploits1References4

Patchstack•added 2024/07/03 6:23 a.m.•2 views

WordPress nicen-localize-image plugin <= 1.4.0 - Malicious Polyfill.io Embed vulnerability

Malicious Polyfill.io Embed vulnerability discovered by Sansec.io in WordPress Plugin nicen-localize-image versions = 1.4.0...

7AI score

Exploits0References1Affected Software1

Patchstack•added 2024/07/03 12:0 a.m.•4 views

WordPress nicen-localize-image Plugin <= 1.4.1 is vulnerable to Backdoor

Software nicen-localize-image Type Plugin Vulnerable versions = 1.4.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 9cc7d9fd0cd5 Credits Sansec.io Required privilege Unauthenticated Published 3 July,...

7.2AI score

Exploits0References3Affected Software1