CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 12 hours ago•2 views

CVE-2026-10737

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the viewfile function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and obtain download links f...

7.5CVSS5.9AI score

Positive Technologies•added 13 hours ago•6 views

PT-2026-46111

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the view file function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and obtain download links...

7.5CVSS5.9AI score

WPVulnDB•added 3 days ago•5 views

DearFlip – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer <= 2.4.28 - Missing Authorization

Description The DearFlip – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.4.28. This makes it possible for authenticated attackers, with contributor-leve...

4.3CVSS5.8AI score0.00028EPSS

Exploits0References1

NVD•added 6 days ago•5 views

CVE-2025-12714

The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the updatesiteeditorhomepage function in all versions up to, and including, 1.0.271. This makes it possible for unauthenticated attackers to...

5.3CVSS0.00057EPSS

Exploits0References6

ATTACKERKB•added 6 days ago•5 views

CVE-2025-12714

5.3CVSS5.8AI score0.00057EPSS

Exploits0References7

Cvelist•added 6 days ago•25 views

CVE-2025-12714 Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.271 - Missing Authorization to Unauthenticated Homepage Settings Modification

5.3CVSS0.00057EPSS

Exploits0References6

EUVD•added 6 days ago•5 views

EUVD-2025-209984

5.3CVSS5.8AI score0.00057EPSS

Exploits0References6

Vulnrichment•added 2026/05/27 11:26 p.m.•4 views

CVE-2026-4888 Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder <= 3.4.7 - Missing Authorization to Authenticated (Subscriber+) Email Sending

The Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the sendtestemail function in all versions up to, and including, 3.4.7. This makes it possible for authenticated...

4.3CVSS5.9AI score0.0001EPSS

Exploits0References2

ATTACKERKB•added 2026/05/27 11:26 p.m.•9 views

CVE-2026-4888

4.3CVSS5.9AI score0.0001EPSS

NVD•added 2026/05/27 8:16 a.m.•10 views

CVE-2026-3279

The Enable jQuery Migrate Helper plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the downgradejqueryversion function in all versions up to, and including, 1.4.1. This is due to the function only verifying a nonce without checking user...

6.5CVSS0.00032EPSS

NVD•added 2026/05/27 7:16 a.m.•8 views

CVE-2026-9014

The WP Promoter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetstats function in versions up to, and including, 1.3. The function is hooked to both the wpajaxwpp-resetstats and wpajaxnoprivwpp-resetstats actions and contains n...

5.3CVSS0.0007EPSS

Cvelist•added 2026/05/27 6:46 a.m.•45 views

CVE-2026-3279 Enable jQuery Migrate Helper <= 1.4.1 - Missing Authorization to Authenticated (Subscriber+) jQuery Version Downgrade

6.5CVSS0.00032EPSS

Vulnrichment•added 2026/05/27 6:46 a.m.•4 views

CVE-2026-3279 Enable jQuery Migrate Helper <= 1.4.1 - Missing Authorization to Authenticated (Subscriber+) jQuery Version Downgrade

6.5CVSS5.8AI score0.00032EPSS

Positive Technologies•added 2026/05/27 12:0 a.m.•8 views

PT-2026-43539

The WP Promoter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reset stats function in versions up to, and including, 1.3. The function is hooked to both the wp ajax wpp-reset stats and wp ajax nopriv wpp-reset stats actions and...

5.3CVSS5.8AI score0.0007EPSS

Exploits0References4

RedhatCVE•added 2026/05/26 8:14 p.m.•9 views

CVE-2026-6897

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember\Features\TeamAccounts::savesettings' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated attackers, with...

EUVD•added 2026/05/23 4:27 a.m.•8 views

Exploits0References1

EUVD-2026-31525

ATTACKERKB•added 2026/05/23 4:27 a.m.•9 views

Exploits0References2

CVE-2026-6897

EUVD•added 2026/05/23 4:27 a.m.•9 views

EUVD-2026-31523

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember3Hooks::generateapikey' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated attackers, with...