CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8650 matches found

RedhatCVE•added 2026/04/01 5:3 p.m.•2 views

CVE-2026-3191

The Minify HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.12. This is due to missing or incorrect nonce validation on the 'minifyhtmlmenuoptions' function. This makes it possible for unauthenticated attackers to update plugin settin...

5.4CVSS5.8AI score0.00007EPSS

Exploits0References1

EUVD•added 2026/04/01 12:31 a.m.•3 views

EUVD-2026-17727

The Booking for Appointments and Events Calendar - Amelia plugin for WordPress is vulnerable to SQL Injection via the sort parameter in the payments listing endpoint in all versions up to, and including, 2.1.2. This is due to insufficient escaping on the user-supplied sort parameter and lack of...

6.5CVSS6AI score0.00015EPSS

Exploits0References6

ATTACKERKB•added 2026/03/31 11:25 p.m.•1 views

CVE-2026-4668

6.5CVSS6AI score0.00015EPSS

Exploits0References6

EUVD•added 2026/03/31 12:31 p.m.•1 views

EUVD-2026-17367

5.4CVSS5.8AI score0.00007EPSS

Exploits0References4

NVD•added 2026/03/31 12:16 p.m.•2 views

CVE-2026-3191

5.4CVSS0.00007EPSS

Exploits0References3

CVE•added 2026/03/31 11:18 a.m.•4 views

CVE-2026-3191

The CVE-2026-3191 entry describes a CSRF vulnerability in the WordPress Minify HTML plugin up to version 2.1.12, caused by missing or incorrect nonce validation in minify_html_menu_options. This allows unauthenticated attackers to update plugin settings via forged requests if a site administrator...

5.4CVSS5.8AI score0.00007EPSS

Exploits0References3

ATTACKERKB•added 2026/03/31 11:18 a.m.•0 views

CVE-2026-3191

5.4CVSS5.8AI score0.00007EPSS

Exploits0References4

Vulnrichment•added 2026/03/31 11:18 a.m.•0 views

CVE-2026-3191 Minify HTML <= 2.1.12 - Cross-Site Request Forgery to Plugin Settings Update

5.4CVSS5.8AI score0.00007EPSS

Exploits0References3

Cvelist•added 2026/03/31 11:18 a.m.•24 views

CVE-2026-3191 Minify HTML <= 2.1.12 - Cross-Site Request Forgery to Plugin Settings Update

5.4CVSS0.00007EPSS

Exploits0References3

NVD•added 2026/03/31 6:16 a.m.•3 views

CVE-2026-1877

The Auto Post Scheduler plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.84. This is due to missing nonce validation on the 'apsoptionspage' function. This makes it possible for unauthenticated attackers to update settings and inject malicio...

6.1CVSS0.00056EPSS

Exploits0References3

Vulnrichment•added 2026/03/31 5:28 a.m.•2 views

CVE-2026-1877 Auto Post Scheduler <= 1.84 - Cross-Site Request Forgery to Stored Cross-Site Scripting via aps_options_page

6.1CVSS5.8AI score0.00056EPSS

Exploits0References3

Positive Technologies•added 2026/03/31 12:0 a.m.•6 views

PT-2026-29196

The Auto Post Scheduler plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.84. This is due to missing nonce validation on the 'aps options page' function. This makes it possible for unauthenticated attackers to update settings and inject...

6.1CVSS5.8AI score0.00056EPSS

Exploits0References4

Positive Technologies•added 2026/03/31 12:0 a.m.•3 views

PT-2026-29225

The Minify HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.12. This is due to missing or incorrect nonce validation on the 'minify html menu options' function. This makes it possible for unauthenticated attackers to update plugin...

5.4CVSS5.8AI score0.00007EPSS

Exploits0References4

Anthropic•added 2026/03/29 8:42 p.m.•9 views

ANT-2026-SB4PHA43 · wolfSSL · Cryptographic Nonce Reuse

crypto-failure high CVE-2026-5446 Severity Claude high · Security research firm high · Maintainer - Discovered by Claude Mythos Preview REPORT Anthropic's analysis, sealed at approval. Disclosure to the maintainer was performed by Calif. ANT-2026-SB4PHA43: ARIA-GCM Nonce Reuse in TLS 1.2 Record...

7.1CVSS5.8AI score0.00037EPSS

Exploits0

EUVD•added 2026/03/28 6:30 a.m.•2 views

EUVD-2025-209110

The Restaurant Cafeteria WordPress theme through 0.4.6 exposes insecure admin-ajax actions without nonce or capability checks, allowing any logged-in user, like subscriber, to perform privileged operations. An attacker can install and activate a from a user-supplied URL, leading to arbitrary PHP...

6AI score0.00019EPSS

Exploits0References2

NVD•added 2026/03/28 6:16 a.m.•2 views

CVE-2025-15445

5.4CVSS0.00019EPSS

Exploits0References1

Positive Technologies•added 2026/03/28 12:0 a.m.•4 views

PT-2026-28275

5.4CVSS6AI score0.00019EPSS

Exploits0References4

RedhatCVE•added 2026/03/27 4:59 a.m.•2 views

CVE-2026-4331

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized data loss in all versions up to, and including, 8.8.2. This is due to the resetSocialMetaTags function only verifying that the user has the 'read' capability and a valid b2ssecuritynonce, both o...

4.3CVSS5.8AI score0.00061EPSS

Exploits0References1

RedhatCVE•added 2026/03/26 3:12 p.m.•1 views

CVE-2026-3567

The RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 4.1132. The plugin exposes two AJAX handlers that, when combined, allow any authenticated user to modify admin-level plugin settings. First, the...

5.3CVSS5.9AI score0.0005EPSS

Exploits0References1

RedhatCVE•added 2026/03/26 3:12 p.m.•3 views

CVE-2026-3550

The RockPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.17. This is due to missing capability checks on multiple AJAX actions rockpressimport, rockpressimportstatus, rockpresslastimport, rockpressresetimport, and rockpresscheckservices...

5.3CVSS5.8AI score0.00022EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by