CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

54 matches found

RedhatCVE•added 2026/04/13 7:24 p.m.•2 views

CVE-2026-4401

The Download Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in the actionshandler and bulkactionshandler methods in class-dlm-downloads-path.php in all versions up to, and including, 5.1.10. This is due to missing nonce verification on these functions. This makes it...

5.4CVSS5.6AI score0.00161EPSS

Exploits0References1

Cvelist•added 2026/03/31 11:29 a.m.•25 views

CVE-2026-4267 Query Monitor <= 3.20.3 - Reflected Cross-Site Scripting via Request URI

The Query Monitor – The developer tools panel for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘$SERVER'REQUESTURI'’ parameter in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping. This makes it possible...

7.2CVSS0.00302EPSS

Exploits0References5

ATTACKERKB•added 2026/03/31 6:0 a.m.•2 views

CVE-2026-3881

The Performance Monitor WordPress plugin through 1.0.6 does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attacks...

5.9AI score0.00259EPSS

Exploits0References1

CVE•added 2026/03/31 6:0 a.m.•11 views

CVE-2026-3881

The Vulnerability: WordPress Performance Monitor plugin versions

5.8CVSS5.9AI score0.00259EPSS

Exploits0References1

Positive Technologies•added 2026/03/31 12:0 a.m.•6 views

PT-2026-29198

The Performance Monitor WordPress plugin through 1.0.6 does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attacks...

5.9AI score0.00259EPSS

Exploits0References2

Positive Technologies•added 2026/03/30 12:0 a.m.•7 views

PT-2026-28427

Name of the Vulnerable Software and Affected Versions Download Monitor plugin for WordPress versions prior to 5.1.8 Description The software contains an Insecure Direct Object Reference issue in the executePayment function. Missing validation on a user-controlled key allows unauthenticated...

7.5CVSS6AI score0.00269EPSS

Exploits0References4

OSV•added 2026/03/19 7:37 p.m.•3 views

GHSA-2XR4-CHCF-VMVF The Query Monitor plugin for WordPress has Reflected Cross-Site Scripting via Request URI

Impact The Query Monitor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'REQUESTURI' parameter in all versions up to, and including, 3.20.3 due to insufficient output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

6.1CVSS5.9AI score0.00302EPSS

Exploits0References2

Github Security Blog•added 2026/03/19 7:37 p.m.•7 views

The Query Monitor plugin for WordPress has Reflected Cross-Site Scripting via Request URI

7.2CVSS5.9AI score0.00302EPSS

Exploits0References2Affected Software1

CNNVD•added 2026/01/08 12:0 a.m.•3 views

WordPress plugin Campaign Monitor for WordPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, with the ability to host personal blog sites on PHP and MySQL based servers.WordPress...

4.3CVSS6.4AI score0.00202EPSS

Exploits0References1