CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/05/05 12:0 a.m.•5 views

WordPress plugin DX Sources 跨站请求伪造漏洞

4.3CVSS5.7AI score0.00015EPSS

Positive Technologies•added 2026/05/05 12:0 a.m.•4 views

PT-2026-36960

Name of the Vulnerable Software and Affected Versions Publish 2 Ping.fm plugin for WordPress versions prior to 1.2 Description Cross-Site Request Forgery occurs due to missing or incorrect nonce validation on the '/wp-admin/options-general.php?page=admin.php' page. This allows unauthenticated...

6.1CVSS5.8AI score0.00017EPSS

Exploits0References13

RedhatCVE•added 2026/05/04 8:21 p.m.•5 views

CVE-2026-4650

The FundPress – WordPress Donation Plugin for WordPress is vulnerable to authorization bypass in versions up to and including 2.0.8. This is due to missing authorization and nonce verification in the donateactionstatus AJAX handler, which is registered to be accessible to unauthenticated users vi...

5.3CVSS5.9AI score0.00042EPSS

RedhatCVE•added 2026/05/04 8:21 p.m.•5 views

CVE-2026-4024

The Royal Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wprupdateformactionmeta AJAX action in all versions up to, and including, 1.7.1056. The handler is registered on both wpajax and wpajaxnopriv hooks, maki...

RedhatCVE•added 2026/05/04 8:21 p.m.•4 views

CVE-2026-5324

The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce verification for unauthenticated form submissions, insufficient handling of FileUpload fields when ...

VulnCheck KEV•added 2026/05/04 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-0633

The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site such as subscriber to download the most recent site & database...

6.5CVSS6.7AI score0.01358EPSS

In wildExploits3References2

GithubExploit•added 2026/05/03 9:47 p.m.•71 views

Exploit for CVE-2026-40776

CVE-2026-40776 — Eventin wp-event-solution Broken Access Con...

5.8AI score

Exploits2

NVD•added 2026/05/02 9:16 a.m.•3 views

CVE-2026-4024

5.3CVSS0.00027EPSS

NVD•added 2026/05/02 9:16 a.m.•2 views

CVE-2026-5324

7.2CVSS0.00174EPSS

Vulnrichment•added 2026/05/02 8:27 a.m.•2 views

CVE-2026-5324 Brizy – Page Builder <= 2.8.11 - Unauthenticated Stored Cross-Site Scripting via FileUpload Field Value

Cvelist•added 2026/05/02 8:27 a.m.•26 views

CVE-2026-5324 Brizy – Page Builder <= 2.8.11 - Unauthenticated Stored Cross-Site Scripting via FileUpload Field Value

7.2CVSS0.00174EPSS

EUVD•added 2026/05/02 8:27 a.m.•4 views

EUVD-2026-26764

ATTACKERKB•added 2026/05/02 8:27 a.m.•1 views

CVE-2026-5324

CVE•added 2026/05/02 8:27 a.m.•6 views

Exploits0References9

CVE-2026-5324

The Brizy – Page Builder for WordPress is vulnerable to unauthenticated stored XSS in versions up to 2.8.11, due to missing nonce verification for unauthenticated submissions, improper handling of FileUpload fields when no file is uploaded, and html_entity_decode() reversing stored encoding in ad...

EUVD•added 2026/05/02 8:27 a.m.•2 views

EUVD-2026-26763

CVE•added 2026/05/02 8:27 a.m.•7 views

CVE-2026-4024

Technical details about CVE-2026-4024 are not provided in the connected documents. Public specifics (affected versions, impact, fixes) require additional sources; monitor for updates.

Vulnrichment•added 2026/05/02 8:27 a.m.•3 views

CVE-2026-4024 Royal Addons for Elementor <= 1.7.1056 - Missing Authorization to Unauthenticated Form Action Meta Modification

Cvelist•added 2026/05/02 8:27 a.m.•27 views

CVE-2026-4024 Royal Addons for Elementor <= 1.7.1056 - Missing Authorization to Unauthenticated Form Action Meta Modification

5.3CVSS0.00027EPSS