CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/05/29 4:17 a.m.•12 views

CVE-2026-8995

4.3CVSS0.00283EPSS

Exploits0References9

ATTACKERKB•added 2026/05/29 2:27 a.m.•13 views

CVE-2026-8995

4.3CVSS5.8AI score0.00283EPSS

Exploits0References10

Vulnrichment•added 2026/05/29 2:27 a.m.•10 views

CVE-2026-8995 Poll Maker by AYS <= 6.3.7 - Authenticated (Subscriber+) Sensitive Information Exposure in 'ays_poll_get_user_information' AJAX Action

4.3CVSS5.8AI score0.00283EPSS

Exploits0References9

Positive Technologies•added 2026/05/29 12:0 a.m.•11 views

PT-2026-44746

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 6.3.7. This is due to insufficient access controls on the 'ays poll get user information' AJAX action, which serializes and returns the...

4.3CVSS5.7AI score0.00283EPSS

Exploits0References10

Vulnrichment•added 2026/05/23 6:30 p.m.•8 views

CVE-2018-25346 WordPress Form Maker Plugin 1.12.24 SQL Injection via admin-ajax.php

WordPress Form Maker Plugin 1.12.24 and below contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through the FormMakerSQLMapping and generetecsv actions. Attackers can submit POST requests with malicious SQL payloads in t...

7.1CVSS5.9AI score0.00197EPSS

Cvelist•added 2026/05/23 6:30 p.m.•13 views

CVE-2018-25346 WordPress Form Maker Plugin 1.12.24 SQL Injection via admin-ajax.php

7.1CVSS0.00197EPSS

CVE•added 2026/05/23 6:30 p.m.•35 views

CVE-2018-25346

WordPress Form Maker Plugin ≤ 1.12.24 contains SQL injection via admin-ajax.php (FormMakerSQLMapping, generete_csv). Authenticated attackers can send POST payloads in name/search_labels to manipulate queries, potentially extracting/modifying data or escalating privileges in the WordPress database...

7.1CVSS5.9AI score0.00197EPSS

ATTACKERKB•added 2026/05/23 6:30 p.m.•7 views

CVE-2018-25346

7.1CVSS5.9AI score0.00197EPSS

CNNVD•added 2026/05/23 12:0 a.m.•6 views

WordPress plugin Form Maker SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

7.1CVSS6AI score0.00197EPSS

RedhatCVE•added 2026/05/04 8:21 p.m.•7 views

CVE-2026-6817

The Quiz Maker by AYS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ratereason' parameter in all versions up to, and including, 6.7.1.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

VulnCheck KEV•added 2026/05/04 12:0 a.m.•14 views

VulnCheck KEV: CVE-2024-6028

The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the 'aysquestions' parameter in all versions up to, and including, 6.5.8.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

9.8CVSS5.9AI score0.11755EPSS

In wildExploits0References2

ATTACKERKB•added 2026/05/02 11:16 a.m.•4 views

CVE-2026-6817

Vulnrichment•added 2026/05/02 11:16 a.m.•4 views

Exploits0References3

CVE-2026-6817 Quiz Maker by AYS <= 6.7.1.29 - Unauthenticated Stored Cross-Site Scripting via 'rate_reason'

Positive Technologies•added 2026/05/02 12:0 a.m.•11 views

PT-2026-36612

The Quiz Maker by AYS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rate reason' parameter in all versions up to, and including, 6.7.1.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...

NVD•added 2026/04/14 3:16 a.m.•4 views

Exploits0References3

CVE-2026-4388

The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Matrix field Text Box input type in form submissions in all versions up to, and including, 1.15.40. This is due to insufficient input sanitization sanitizetextfield strips tags but not quotes and...

7.2CVSS0.00241EPSS

Exploits0References5

NVD•added 2026/04/13 7:16 a.m.•2 views

CVE-2025-15441

The Form Maker by 10Web WordPress plugin before 1.15.38 does not properly prepare SQL queries when the "MySQL Mapping" feature is in use, which could make SQL Injection attacks possible in certain contexts...

6.8CVSS0.00272EPSS

CVE•added 2026/03/13 11:41 a.m.•8 views

CVE-2026-32342

CVE-2026-32342 is a CSRF vulnerability affecting the WordPress Quiz Maker plugin (Ays Pro Quiz Maker) up to version 6.7.1.2. Multiple connected sources (Red Hat, ENISA EUVD, NVD, CVE List, Attackers KB, CVE listing) corroborate the issue. The NVD metric shows CVSS v3.1 base score 4.3 (Medium), wi...

4.3CVSS5.8AI score0.00107EPSS

Cvelist•added 2026/03/13 11:41 a.m.•29 views

CVE-2026-32342 WordPress Quiz Maker plugin <= 6.7.1.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Ays Pro Quiz Maker quiz-maker allows Cross Site Request Forgery.This issue affects Quiz Maker: from n/a through = 6.7.1.2...

4.3CVSS0.00107EPSS