CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

33455 matches found

Cvelist•added yesterday•10 views

CVE-2026-49775 WordPress Welcart e-Commerce plugin <= 2.11.28 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Welcart e-Commerce = 2.11.28 versions...

6.5CVSS

Exploits0References1

Cvelist•added yesterday•8 views

CVE-2026-49066 WordPress Conekta Payment Gateway plugin <= 6.0.0 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway = 6.0.0 versions...

7.5CVSS

Exploits0References1

CVE•added yesterday•9 views

CVE-2026-49043

The CVE-2026-49043 entry concerns the WordPress WP Migrate Lite plugin, versions <= 2.7.8, with an unauthenticated Cross Site Request Forgery (CSRF) vulnerability. According to the connected data, the issue is attributed to CSRF within WP Migrate Lite (

4.7CVSS5.2AI score

Exploits0References1

CVE•added yesterday•10 views

CVE-2026-48964

CVE-2026-48964 affects the WordPress ELEX HelpDesk & Customer Ticketing System plugin (versions

8.5CVSS5.7AI score

Exploits0References1

CVE•added yesterday•10 views

CVE-2026-48874

The CVE documents an SQL Injection in WordPress GamiPress plugin versions

8.5CVSS5.7AI score

Exploits0References1

CVE•added yesterday•11 views

CVE-2026-42686

WordPress EventPrime plugin

7.1CVSS5.1AI score

Exploits0References1

Cvelist•added yesterday•8 views

CVE-2026-40788 WordPress ChatBot plugin <= 7.9.7 - Broken Access Control vulnerability

Subscriber Broken Access Control in ChatBot = 7.9.7 versions...

7.1CVSS

Exploits0References1

CVE•added yesterday•12 views

CVE-2026-9691

The WordPress plugin “Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms” (vendor: WordPress ecosystem; affected component: PHP object injection vulnerability) is vulnerable in versions

9.8CVSS5.3AI score

Exploits0References1

CVE•added yesterday•4 views

CVE-2025-15659

CVE-2025-15659 concerns the WordPress Elizaibots plugin (versions

6.5CVSS5.2AI score

Exploits0References1

Cvelist•added yesterday•19 views

CVE-2026-48969 WordPress Really Simple SSL plugin <= 9.5.9 - Broken Access Control vulnerability

Subscriber Broken Access Control in Really Simple SSL = 9.5.9 versions...

6.5CVSS

Exploits0References1

Cvelist•added yesterday•12 views

CVE-2016-20071 WordPress 404 Redirection Manager Plugin 1.0 SQL Injection

The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through unsanitized user input. Attackers can craft GET requests with SQL injection payloa...

8.8CVSS

Exploits0References3

Nuclei•added yesterday•23 views

WordPress GTranslate <2.8.52 - Cross-Site Scripting

WordPress GTranslate plugin before 2.8.52 contains an unauthenticated reflected cross-site scripting vulnerability via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option. id: CVE-2020-11930 info: name: WordPress GTranslate 2.8.52 -...

6.1CVSS5.8AI score0.04457EPSS

Exploits1References5

Nuclei•added yesterday•57 views

GLPI plugin Barcode < 2.6.1 - Path Traversal Vulnerability.

Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability. id: CVE-2021-43778 info: name: GLPI plugin Barcode 2.6.1 - Path Traversal Vulnerability. author:...

9.1CVSS7.3AI score0.52658EPSS

Exploits2References5

Nuclei•added yesterday•16 views

WordPress Plugin Adning Advertising < 1.5.6 - Arbitrary File Upload

The Adning Advertising plugin for WordPress versions below 1.5.6 is vulnerable to arbitrary file upload, allowing attackers to upload malicious files to the server. id: CVE-2020-36728 info: name: WordPress Plugin Adning Advertising 1.5.6 - Arbitrary File Upload author: iamnoooob,pdresearch...

9.8CVSS8.5AI score0.03159EPSS

Exploits1References4

Nuclei•added yesterday•19 views

Wordpress EventON Calendar 3.0.5 - Cross-Site Scripting

Wordpress EventON Calendar 3.0.5 is vulnerable to cross-site scripting because it allows addons/?q= XSS via the search field. id: CVE-2020-29395 info: name: Wordpress EventON Calendar 3.0.5 - Cross-Site Scripting author: daffainfo severity: medium description: Wordpress EventON Calendar 3.0.5 is...

6.1CVSS5.7AI score0.11696EPSS

Exploits2References5

Nuclei•added yesterday•63 views

Travelpayouts <= 1.1.16 - Open Redirect

The plugin is vulnerable to Open Redirect due to insufficient validation on the travelpayoutsredirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. id: CVE-2024-0337...

6.1CVSS5.2AI score0.00891EPSS

Exploits2References2

Nuclei•added yesterday•21 views

WordPress Ninja Job Board < 1.3.3 - Direct Request

WordPress Ninja Job Board plugin prior to 1.3.3 is susceptible to a direct request vulnerability. The plugin does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated directory listing which allows the download of uploaded resumes. id: CVE-2022-2544...

7.5CVSS7.3AI score0.0298EPSS

Exploits2References5

Nuclei•added yesterday•15 views

WordPress Contact Form 7 Captcha <0.1.2 - Cross-Site Scripting

WordPress Contact Form 7 Captcha plugin before 0.1.2 contains a reflected cross-site scripting vulnerability. It does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute. id: CVE-2022-2187 info: name: WordPress Contact Form 7 Captcha 0.1.2 - Cross-Site Scripting...

6.1CVSS5.8AI score0.01242EPSS

Exploits2References5

Nuclei•added yesterday•26 views

Unyson < 2.7.27 - Cross Site Scripting

The plugin does not sanitise and escape the QUERYSTRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters id: CVE-2022-2219 info: name: Unyson 2.7.27 - Cross Site Scripting author: r3Y3r53 severity: high description:...

7.2CVSS7AI score0.01369EPSS

Exploits2References3

Nuclei•added yesterday•8 views

WordPress FastDup <= 2.1.9 Sensitive Information Exposure - Directory Listing

FastDup WordPress plugin 2.2 contains a directory listing vulnerability caused by lack of access restrictions in sensitive directories, letting attackers view export files, exploit requires no authentication. id: CVE-2023-6592 info: name: WordPress FastDup = 2.1.9 Sensitive Information Exposure -...

5.3CVSS6.7AI score0.00913EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by