CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

121 matches found

ListingPro < 2.6.1 - Arbitrary Plugin Installation/Activation/Deactivation

The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions before 2.6.1. This is due to a missing capability check on the lpccaddonsactions function. This makes it possible for unauthenticated attacker...

9.8CVSS7.3AI score0.743EPSS

Exploits1References2

Cvelist•added 2 days ago•30 views

CVE-2026-9050 Slider Revolution 6.0.0-6.7.55 and 7.0.0-7.0.14 - Missing Authorization to Authenticated (Contributor+) Arbitrary Plugin Deactivation

The Slider Revolution plugin for WordPress in versions 6.0.0-6.7.55 and 7.0.0-7.0.14 is vulnerable to unauthorized modification of data. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS0.00026EPSS

Exploits0References2

Vulnrichment•added 2 days ago•3 views

CVE-2026-9050 Slider Revolution 6.0.0-6.7.55 and 7.0.0-7.0.14 - Missing Authorization to Authenticated (Contributor+) Arbitrary Plugin Deactivation

4.3CVSS5.8AI score0.00026EPSS

Exploits0References2

Positive Technologies•added 2 days ago•5 views

PT-2026-45667

4.3CVSS5.8AI score0.00026EPSS

Exploits0References3

Vulnrichment•added 2025/12/06 5:49 a.m.•2 views

CVE-2025-12091 Search, Filters & Merchandising for WooCommerce <= 3.0.67 - Missing Authorization to Authenticated (Subscriber+) Plugin Deactivation

The Search, Filters & Merchandising for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wcissaveemail' endpoint in all versions up to, and including, 3.0.67. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.00039EPSS

Exploits0References4

CVE•added 2025/12/06 5:49 a.m.•8 views

CVE-2025-12091

CVE-2025-12091 affects the WordPress plugin “Search, Filters & Merchandising for WooCommerce” (instantsearch-for-woocommerce). The root cause is a missing capability check on the wcis_save_email endpoint, allowing authenticated users with Subscriber-level access and higher to deactivate the plugi...

4.3CVSS5.9AI score0.00039EPSS

Exploits0References4

Cvelist•added 2025/12/06 5:49 a.m.•17 views

CVE-2025-12091 Search, Filters & Merchandising for WooCommerce <= 3.0.67 - Missing Authorization to Authenticated (Subscriber+) Plugin Deactivation

4.3CVSS0.00039EPSS

Exploits0References4

Positive Technologies•added 2025/12/06 12:0 a.m.•2 views

PT-2025-49330

The Search, Filters & Merchandising for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wcis save email' endpoint in all versions up to, and including, 3.0.63. This makes it possible for authenticated attackers, with...

4.3CVSS5.1AI score0.00039EPSS

Exploits0References4

NVD•added 2025/11/11 4:15 a.m.•1 views

CVE-2025-11886

The CTL Arcade Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'ctlarcadelitepagemanagegames' page. This makes it possible for unauthenticated attackers to deactivate and...

4.3CVSS0.00013EPSS

Exploits0References2

Patchstack•added 2025/11/11 12:18 a.m.•3 views

WordPress CTL Arcade Lite plugin <= 1.0 - Cross-Site Request Forgery to Plugin Activation and Deactivation vulnerability

Cross-Site Request Forgery to Plugin Activation and Deactivation vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin CTL Arcade Lite versions = 1.0...

4.3CVSS7AI score0.00013EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2025/10/17 7:50 a.m.•3 views

CVE-2025-10849

The Felan Framework plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'processpluginactions' function called via an AJAX action in versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to activate ...

5.3CVSS5.5AI score0.00122EPSS

Exploits0References1

Vulnrichment•added 2025/10/16 6:47 a.m.•1 views

CVE-2025-10849 Felan Framework <= 1.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Activation/Deactivation via process_plugin_actions

5.3CVSS5.1AI score0.00122EPSS

Exploits0References2

Cvelist•added 2025/10/11 9:28 a.m.•6 views

CVE-2025-8606 GSheetConnector For Gravity Forms <= 1.3.23 - Cross-Site Request Forgery to Arbitrary Plugin Activation/Deactivation

The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions less than, or equal to, 1.3.23. This is due to missing or incorrect nonce validation on the activateplugin and deactivateplugin functions. This makes it possible for attackers to tri...

2.4CVSS0.00016EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2012-2389

Malware in sbrugna...

5.5CVSS6AI score0.01272EPSS

Exploits0References12

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-11818

Malware in sbrugna...

7.5CVSS7.5AI score0.01891EPSS

Exploits2References2

CVE•added 2025/10/04 2:24 a.m.•11 views

CVE-2025-10746

CVE-2025-10746 – Integrate Dynamics 365 CRM plugin (WordPress) affects all versions up to 1.0.9. Root cause: missing capability checks and nonce verification on functions hooked to init, enabling unauthenticated access. Impact (per sources): unauthenticated attackers can deactivate the plugin, ta...

6.5CVSS5.2AI score0.00135EPSS

Exploits0References4

Positive Technologies•added 2025/10/04 12:0 a.m.•2 views

PT-2025-40614

Name of the Vulnerable Software and Affected Versions Integrate Dynamics 365 CRM plugin for WordPress versions through 1.0.9 Description The Integrate Dynamics 365 CRM plugin for WordPress is susceptible to unauthorized access due to missing capability checks and nonce verification on functions...

6.5CVSS6.2AI score0.00135EPSS

Exploits0References7

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-51890

Malicious code in bioql PyPI...

6.5CVSS5.7AI score0.00733EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-48047

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00397EPSS

Exploits0References3