CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

21319 matches found

Cvelist•added 2026/05/07 7:34 a.m.•34 views

CVE-2026-25436 WordPress Royal Elementor Addons plugin < 1.7.1053 - Broken Access Control vulnerability

Missing Authorization vulnerability in WProyal Royal Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal Elementor Addons: from n/a before 1.7.1053...

5.3CVSS0.00182EPSS

Exploits0References1

ATTACKERKB•added 2026/05/07 7:34 a.m.•4 views

CVE-2026-25436

5.3CVSS5.8AI score0.00182EPSS

Exploits0References2

Vulnrichment•added 2026/05/07 7:34 a.m.•4 views

CVE-2026-25436 WordPress Royal Elementor Addons plugin < 1.7.1053 - Broken Access Control vulnerability

5.3CVSS5.8AI score0.00182EPSS

Exploits0References1

NVD•added 2026/05/07 4:16 a.m.•10 views

CVE-2026-6214

The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.53.0. This is due to the listenforsavingexportschedule function in library/class-export.php failing to perform a capability check before saving the scheduled export configuration,...

6.5CVSS0.00329EPSS

Exploits0References6

Cvelist•added 2026/05/07 3:27 a.m.•32 views

CVE-2026-6214 Forminator Forms <= 1.53.0 - Missing Authorization to Authenticated (Subscriber+) Scheduled Form Submission Export via forminator_export_entries Action on wp_loaded Hook

6.5CVSS0.00329EPSS

Exploits0References6

ATTACKERKB•added 2026/05/07 3:27 a.m.•5 views

CVE-2026-6214

6.5CVSS5.7AI score0.00329EPSS

Exploits0References7

CVE•added 2026/05/07 3:27 a.m.•11 views

CVE-2026-6214

CVE-2026-6214 affects Forminator Forms for WordPress (≤ 1.53.0). The issue is in listen_for_saving_export_schedule() in library/class-export.php, which fails to perform a capability check before saving a scheduled export configuration, unlike listen_for_csv_export() that verifies permissions. Thi...

6.5CVSS5.7AI score0.00329EPSS

Exploits0References6

NVD•added 2026/05/07 3:16 a.m.•10 views

CVE-2026-4807

The Appointment Booking Calendar plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.6.10.6. This is due to a flawed authorization logic in the noncepermissionscheck method combined with the public exposure of a site-wide reusable nonce. The plugin expose...

6.5CVSS0.0034EPSS

Exploits0References8

Cvelist•added 2026/05/07 2:58 a.m.•34 views

CVE-2026-41658 Admidio: Missing Authorization on Inventory Module Destructive Endpoints Allows Any Authenticated User to Delete Items

Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio inventory module enforces authorization for destructive operations delete, retire, reinstate only in the UI layer by conditionally rendering buttons. The backend POST handlers at modules/inventory.php for...

6.5CVSS0.00227EPSS

Exploits0References2

Vulnrichment•added 2026/05/07 2:58 a.m.•4 views

CVE-2026-41658 Admidio: Missing Authorization on Inventory Module Destructive Endpoints Allows Any Authenticated User to Delete Items

6.5CVSS5.7AI score0.00227EPSS

Exploits0References2

ATTACKERKB•added 2026/05/07 2:27 a.m.•8 views

CVE-2026-4807

6.5CVSS5.9AI score0.0034EPSS

Exploits0References9

Vulnrichment•added 2026/05/07 2:27 a.m.•5 views

CVE-2026-4807 Appointment Booking Calendar <= 1.6.10.6 - Unauthenticated Arbitrary Appointment View, Modification and Deletion

6.5CVSS5.9AI score0.0034EPSS

Exploits0References8

NVD•added 2026/05/07 2:16 a.m.•4 views

CVE-2026-6222

The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.51.1. This is due to the processRequest method in ForminatorAdminModuleEditPage admin/abstracts/class-admin-module-edit-page.php dispatching sensitive module-management actions —...

5.3CVSS0.00325EPSS

Exploits0References8

Snyk•added 2026/05/07 1:58 a.m.•3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to missing authentication middleware in the smPolicyGroup route group, which allows unauthenticated requests to access sensitive endpoints. An attacker can gain unauthorized access to subscriber information,...

8.8CVSS5.8AI score0.00309EPSS

Exploits1References2

EUVD•added 2026/05/07 1:25 a.m.•4 views

EUVD-2026-28235

5.3CVSS5.9AI score0.00325EPSS

Exploits0References8

ATTACKERKB•added 2026/05/07 1:25 a.m.•3 views

CVE-2026-6222

5.3CVSS5.9AI score0.00325EPSS

Exploits0References9

Vulnrichment•added 2026/05/07 1:25 a.m.•5 views

CVE-2026-6222 Forminator Forms <= 1.51.1 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure via 'forminator_action' Parameter

5.3CVSS5.9AI score0.00325EPSS

Exploits0References8

CVE•added 2026/05/07 1:25 a.m.•20 views

CVE-2026-6222

CVE-2026-6222 affects the WordPress plugin Forminator Forms (versions

5.3CVSS5.9AI score0.00325EPSS

Exploits0References8

Cvelist•added 2026/05/07 1:25 a.m.•32 views

CVE-2026-6222 Forminator Forms <= 1.51.1 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure via 'forminator_action' Parameter

5.3CVSS0.00325EPSS

Exploits0References8

Positive Technologies•added 2026/05/07 12:0 a.m.•6 views

PT-2026-38339

The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.53.0. This is due to the listen for saving export schedule function in library/class-export.php failing to perform a capability check before saving the scheduled export configuration...

6.5CVSS5.7AI score0.00329EPSS

Exploits0References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by