CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

EUVD•added 2026/04/11 1:24 a.m.•0 views

EUVD-2026-21658

The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group blog settings handler accepting the groupblog-blogid, default-member, and groupblog-silent-add parameters from user input without proper...

8.8CVSS5.6AI score0.00027EPSS

Exploits0References8

Cvelist•added 2026/04/11 1:24 a.m.•26 views

CVE-2026-5144 BuddyPress Groupblog <= 1.9.3 - Authenticated (Subscriber+) Privilege Escalation to Administrator via Group Blog IDOR

8.8CVSS0.00027EPSS

Exploits0References8

Positive Technologies•added 2026/04/11 12:0 a.m.•1 views

PT-2026-32089

8.8CVSS5.6AI score0.00027EPSS

Exploits0References9

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2018-12725

Malware in sbrugna...

7.2CVSS7AI score0.01631EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-20524

Malware in sbrugna...

7.5CVSS7.6AI score0.01258EPSS

Exploits0References8

Positive Technologies•added 2024/06/13 12:0 a.m.•1 views

PT-2024-29406 · WordPress · Search & Replace

Name of the Vulnerable Software and Affected Versions: Search & Replace WordPress plugin versions prior to 3.2.2 Description: The issue allows admins to perform SQL injection attacks due to a parameter not being sanitized and escaped before use in a SQL statement. This can be particularly...

7.2CVSS7.7AI score0.00493EPSS

Exploits2References5

OSV•added 2020/11/02 9:15 p.m.•2 views

DEBIAN-CVE-2020-28033

WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed...

7.5CVSS7.6AI score0.01258EPSS

Exploits0References1

UbuntuCve•added 2020/11/02 12:0 a.m.•23 views

CVE-2020-28033

WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed...

7.5CVSS7.1AI score0.01258EPSS

Exploits0References2

OSV•added 2018/12/14 10:29 p.m.•1 views

CVE-2018-20156

The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated "site administrator" users to execute arbitrary PHP code throughout a multisite network...

7.2CVSS6.1AI score

Exploits0References1

NVD•added 2018/12/14 10:29 p.m.•7 views

CVE-2018-20156

The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated "site administrator" users to execute arbitrary PHP code throughout a multisite network...

7.2CVSS7.2AI score0.01631EPSS

Exploits0References1

Cvelist•added 2018/12/14 10:0 p.m.•10 views

CVE-2018-20156

The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated "site administrator" users to execute arbitrary PHP code throughout a multisite network...

7.2AI score0.01631EPSS

Exploits0References1

ThreatPost•added 2014/02/19 2:27 p.m.•6 views

DuoSecurity Finds Two-Factor Authentication Vulnerability

Hosted two-factor authentication firm Duo Security acknowledged late last week that it discovered a vulnerability in its WordPress plugin duowordpress plugin that could allow a user to bypass two-factor authentication 2FA on a multisite network. Jon Oberheide, one of Duo’s founders, stressed last...

0.4AI score

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by