CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

1726 matches found

Patchstack•added yesterday•5 views

WordPress Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More plugin <= 3.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Meher Sudhakar Abbireddi in WordPress Plugin Orbit Fox by ThemeIsle versions = 3.0.6...

4.4CVSS5.2AI score

Exploits0References1Affected Software1

CVE•added yesterday•11 views

CVE-2026-54196

Technical details are not publicly provided in the supplied documents. Monitor for updates on affected versions, impact, and fixes.

6.8CVSS5.2AI score

Exploits0References1

Nuclei•added yesterday•8 views

Giga Messenger WordPress - Cross-Site Scripting

Giga Messenger WordPress plugin = 2.3.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

6.1CVSS8.1AI score0.00561EPSS

Exploits1References2

Nuclei•added yesterday•5 views

Export WP Page to Static HTML <= 4.3.4 - Cookie Exposure

Export WP Page to Static HTML & PDF WordPress plugin = 4.3.4 contains a sensitive information exposure caused by publicly exposed cookies.txt files with authentication cookies, letting unauthenticated attackers access sensitive authentication data, exploit requires site administrator to trigger...

9.8CVSS5.1AI score0.01954EPSS

Exploits0References2

Nuclei•added yesterday•15 views

WordPress Themify Builder < 7.5.8 - Open Redirect

The Themify Builder WordPress plugin before version 7.5.8 contains an open redirect vulnerability. The plugin does not validate the tbredirectfail parameter before redirecting users to its value, which could allow attackers to redirect users to malicious websites. id: CVE-2024-3032 info: name:...

6.1CVSS5.2AI score0.00823EPSS

Exploits2References2

CVE•added 3 days ago•13 views

CVE-2026-52692

Affected software: WordPress Affiliates Manager plugin (WordPress)

7.5CVSS5.2AI score0.00245EPSS

Exploits0References1

Cvelist•added 3 days ago•24 views

CVE-2026-49763 WordPress Integration for Contact Form 7 HubSpot plugin <= 1.3.7 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot = 1.3.7 versions...

9.8CVSS0.00383EPSS

Exploits0References1

CVE•added 3 days ago•10 views

CVE-2026-49070

CVE-2026-49070 affects the WordPress Knit Pay plugin (versions

7.5CVSS5.1AI score0.00246EPSS

Exploits0References1

Cvelist•added 3 days ago•23 views

CVE-2026-49068 WordPress Coupon Affiliates plugin <= 7.8.1 - Sensitive Data Exposure vulnerability

Subscriber Sensitive Data Exposure in Coupon Affiliates = 7.8.1 versions...

7.5CVSS0.00398EPSS

Exploits0References1

Cvelist•added 3 days ago•24 views

CVE-2026-48889 WordPress Amelia plugin <= 2.3 - Privilege Escalation vulnerability

Subscriber Privilege Escalation in Amelia = 2.3 versions...

8.8CVSS0.00378EPSS

Exploits0References1

Cvelist•added 3 days ago•24 views

CVE-2026-48880 WordPress WP Job Portal plugin <= 2.5.2 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting XSS in WP Job Portal = 2.5.2 versions...

6.5CVSS0.00205EPSS

Exploits0References1

CVE•added 3 days ago•23 views

CVE-2026-48871

The MW WP Form WordPress plugin, versions ≤ 5.1.3, has an unauthenticated Cross Site Scripting (XSS) vulnerability. The provided documents do not specify the exact vulnerable component, root cause, exploit details, or a remediation version. Exploitation status is not described. Monitor Patchstack...

7.1CVSS5.1AI score0.00244EPSS

Exploits0References1

Cvelist•added 3 days ago•23 views

CVE-2026-42752 WordPress Stripe Payments plugin <= 2.0.98 - Bypass Vulnerability vulnerability

Unauthenticated Bypass Vulnerability in Stripe Payments = 2.0.98 versions...

6.5CVSS0.00222EPSS

Exploits0References1

Cvelist•added 3 days ago•23 views

CVE-2026-42687 WordPress EventPrime plugin <= 4.3.2.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in EventPrime = 4.3.2.1 versions...

8.1CVSS0.00317EPSS

Exploits0References1

Cvelist•added 3 days ago•22 views

CVE-2026-42666 WordPress Salon booking system plugin <= 10.30.25 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Salon booking system = 10.30.25 versions...

7.5CVSS0.00278EPSS

Exploits0References1

CVE•added 3 days ago•5 views

CVE-2026-42657

CVE-2026-42657 affects the WordPress plugin Contest Gallery (versions ≤ 28.1.7). The entry describes an Unauthenticated Other Vulnerability Type vulnerability in these versions. The available data assign a CVSS v3.1 base score of 5.3 (Medium) with attack vector Network , no required privileges, a...

5.3CVSS5.2AI score0.00219EPSS

Exploits0References1

Cvelist•added 3 days ago•22 views

CVE-2026-42381 WordPress Funnel Builder by FunnelKit plugin <= 3.15.0.1 - SQL Injection vulnerability

Unauthenticated SQL Injection in Funnel Builder by FunnelKit = 3.15.0.1 versions...

9.3CVSS0.00283EPSS

Exploits0References1

CVE•added 3 days ago•8 views

CVE-2026-40799

CVE-2026-40799 affects the WordPress plugin Simple Cloudflare Turnstile (versions

5.3CVSS5.2AI score0.00309EPSS

Exploits0References1

CVE•added 3 days ago•14 views

CVE-2026-40798

WPForo Forum plugin for WordPress <= 3.0.4 is affected by an unauthenticated SQL injection vulnerability. The CVE entry cites unauthenticated SQL Injection in wpForo Forum <= 3.0.4, with CVSSv3.1 base score 9.3 (CRITICAL) and impact TIC: Confidentiality High, Availability Low, no privileges...

9.3CVSS5.7AI score0.00283EPSS

Exploits0References1

CVE•added 3 days ago•11 views

CVE-2026-40781

CVE-2026-40781 affects the WordPress ReviewX plugin ≤ 2.3.6. Root cause: unauthenticated broken authentication vulnerability leading to high-severity impact (CVSSv3.1 base score 7.5; Network attack vector, no user interaction, no privileges required; integrity impact HIGH). Affected software is t...

7.5CVSS5.2AI score0.00294EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by