CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/05/14 8:24 a.m.•5 views

CVE-2026-6206 MW WP Form <= 5.1.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure via 'post_id' Query Parameter

5.3CVSS5.8AI score0.00048EPSS

ATTACKERKB•added 2026/05/14 8:24 a.m.•3 views

CVE-2026-6206

5.3CVSS5.8AI score0.00048EPSS

Exploits0References4

CVE•added 2026/02/18 4:35 a.m.•13 views

CVE-2025-12074

CVE-2025-12074 affects Context Blog (WordPress theme) up to version 1.2.5, enabling unauthenticated information exposure through context_blog_modal_popup due to insufficient post-access restrictions. Impact is exposure of data from password-protected, private, or draft posts. Public advisories fr...

5.3CVSS5.6AI score0.00021EPSS

Exploits0References5

RedhatCVE•added 2026/02/04 1:20 p.m.•2 views

CVE-2026-0950

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.19.17. This is due to the plugin failing to check postpasswordrequired before rendering post excerpts in the renderexcerpt...

NVD•added 2026/02/03 6:15 a.m.•3 views

Exploits0References1

CVE-2026-0950

5.3CVSS0.00137EPSS

ATTACKERKB•added 2026/02/03 5:30 a.m.•3 views

CVE-2026-0950

Vulnrichment•added 2026/02/03 5:30 a.m.•3 views

Exploits0References11

CVE-2026-0950 Spectra Gutenberg Blocks <= 2.19.17 - Unauthenticated Information Disclosure in Sensitive Data

Cvelist•added 2026/02/03 5:30 a.m.•23 views

CVE-2026-0950 Spectra Gutenberg Blocks <= 2.19.17 - Unauthenticated Information Disclosure in Sensitive Data

5.3CVSS0.00137EPSS

CVE•added 2026/02/03 5:30 a.m.•10 views

CVE-2026-0950

The CVE-2026-0950 affects the Spectra Gutenberg Blocks – Website Builder for the Block Editor WordPress plugin. All versions up to 2.19.17 are reported vulnerable to Information Disclosure due to failing to check post_password_required() before rendering post excerpts in render_excerpt() and in u...

EUVD•added 2026/02/03 5:30 a.m.•5 views

EUVD-2026-5268

RedhatCVE•added 2026/01/26 3:12 a.m.•3 views

CVE-2025-6461

The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the search feature in class-cubewp-search-ajax-hooks.php due to insufficient restrictions on which posts can be included. This makes it...

4.3CVSS5.6AI score0.00068EPSS

Exploits0References1

CVE•added 2026/01/25 2:22 a.m.•8 views

CVE-2025-6461

CVE-2025-6461 affects the CubeWP Framework (WordPress) and is due to Information Exposure via the search functionality in class-cubewp-search-ajax-hooks.php. It applies to all versions up to and including 1.1.27, enabling unauthenticated attackers to retrieve data from password-protected, private...

4.3CVSS5.6AI score0.00068EPSS

Exploits0References2

Vulnrichment•added 2026/01/25 2:22 a.m.•2 views

CVE-2025-6461 CubeWP – All-in-One Dynamic Content Framework <= 1.1.27 - Unauthenticated Post Disclosure in class-cubewp-search-ajax-hooks.php

4.3CVSS5.9AI score0.00068EPSS

Exploits0References2

EUVD•added 2026/01/17 7:27 a.m.•3 views

EUVD-2026-3147

The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the /cubewp-posts/v1/query-new and /cubewp-posts/v1/query REST API endpoints due to insufficient restrictions on which posts can be include...

5.3CVSS5.7AI score0.00069EPSS

ATTACKERKB•added 2026/01/17 7:27 a.m.•2 views

CVE-2025-12129

5.3CVSS5.5AI score0.00069EPSS