CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 5 days ago•35 views

CVE-2026-8935 Advanced Google Maps < 6.1.1 - Unauthenticated Administrator Account Creation

0.00268EPSS

EUVD•added 5 days ago•7 views

EUVD-2026-36699

9.8CVSS5.2AI score0.00268EPSS

Positive Technologies•added 5 days ago•7 views

PT-2026-49185

Name of the Vulnerable Software and Affected Versions WP MAPS PRO versions prior to 6.1.1 Description The plugin registers an unauthenticated AJAX action that allows the creation of an administrator account. By providing a valid nonce, which is publicly available on any frontend page that enqueue...

9.8CVSS5.2AI score0.00268EPSS

Exploits0References7

RedhatCVE•added 2026/06/05 7:10 p.m.•8 views

CVE-2026-8732

The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account Creation in all versions up to, and including, 6.1.0. This is due to the wpgmptempaccessajax AJAX action being registered with wpajaxnopriv and protected only by a nonce check using the...

GithubExploit•added 2026/06/04 4:22 p.m.•65 views

Exploits7References1

Exploit for CVE-2026-8732

CVE-2026-8732 – WordPress WP Maps Pro Exploit Unauthenticat...

9.8CVSS6AI score0.00358EPSS

Exploits7

ATTACKERKB•added 2026/05/29 5:32 a.m.•11 views

CVE-2026-8732

EUVD•added 2026/05/29 5:32 a.m.•13 views

Exploits7References3

EUVD-2026-33251

CVE•added 2026/05/29 5:32 a.m.•75 views

Exploits7References2

CVE-2026-8732

Summary of CVE-2026-8732 : The WP Maps Pro WordPress plugin (≤ 6.1.0) is vulnerable to unauthenticated privilege escalation via Administrator Account Creation. The root cause is the wpgmp_temp_access_ajax action registered for both authenticated and unauthenticated requests, protected only by a p...

In wildExploits7References2

Patchstack•added 2026/02/15 10:35 p.m.•6 views

WordPress Magic Login Mail or QR Code plugin <= 2.05 - Unauthenticated Privilege Escalation via Insecure QR Code File Storage vulnerability

Unauthenticated Privilege Escalation via Insecure QR Code File Storage vulnerability discovered by ifoundbug in WordPress Plugin Magic Login Mail or QR Code versions = 2.05...

8.1CVSS5.6AI score0.00466EPSS

Exploits1References1Affected Software1

RedhatCVE•added 2026/02/15 7:10 a.m.•11 views

CVE-2026-2144

The Magic Login Mail or QR Code plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.05. This is due to the plugin storing the magic login QR code image with a predictable, static filename QRCode.png in the publicly accessible WordPress uploads...

CVE•added 2026/02/14 4:35 a.m.•14 views

Exploits1References1

CVE-2026-2144

Summary: The Magic Login Mail or QR Code plugin for WordPress (affected up to v2.05) stores the magic login QR code image as a predictable, static file (QR_Code.png) in the publicly accessible uploads dir during email sending. The file is deleted only after wp_mail() completes, creating a race co...

Cvelist•added 2026/02/14 4:35 a.m.•31 views

Exploits1References4

CVE-2026-2144 Magic Login Mail or QR Code <= 2.05 - Unauthenticated Privilege Escalation via Insecure QR Code File Storage

8.1CVSS0.00466EPSS

Exploits1References4

Vulnrichment•added 2026/02/14 4:35 a.m.•1 views

CVE-2026-2144 Magic Login Mail or QR Code <= 2.05 - Unauthenticated Privilege Escalation via Insecure QR Code File Storage

CNNVD•added 2026/02/14 12:0 a.m.•5 views

Exploits1References3

WordPress plugin Magic Login Mail or QR Code 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.1CVSS5.8AI score0.00466EPSS

Exploits1References3

Positive Technologies•added 2026/02/14 12:0 a.m.•5 views

PT-2026-8055

The Magic Login Mail or QR Code plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.05. This is due to the plugin storing the magic login QR code image with a predictable, static filename QR Code.png in the publicly accessible WordPress uploads...

CNNVD•added 2024/07/09 12:0 a.m.•4 views

Exploits1References4

outline Security breaches

outline is the US-based outline open source used to provide the fastest wiki and knowledge base for growing teams. A security vulnerability exists in outline v0.76.1 and earlier versions, which originated from a vulnerability that allows an attacker to perform a session hijacking attack via user...

8.8CVSS6.6AI score0.00739EPSS

Exploits1References2

Patchstack•added 2023/07/18 12:0 a.m.•6 views

WordPress Magic Login API Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Magic Login API Type Plugin Vulnerable versions = 1.1.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6d2c95bc7776 Credits Rafie Muhammad Patchstack Required...

6.8AI score0.00284EPSS

Exploits0References3Affected Software1

OSV•added 2021/06/02 4:51 p.m.•2 views

DRUPAL-CONTRIB-2021-011

Open Social is a Drupal distribution for online communities. The included social\magic\login module doesn't sufficiently validate magic login URLs for user accounts. The lack of validation makes it possible for an adversary to forge valid login URLs and login to such an account. This vulnerabilit...

6.5AI score

OSV•added 2019/11/06 4:10 p.m.•3 views

DRUPAL-CONTRIB-2019-075

Open Social is a Drupal distribution for online communities. The included social\magic\login module doesn't sufficiently validate magic login URLs for user accounts that do not have a local password, but login via external systems. The lack of validation makes it possible for an adversary to forg...

6.3AI score