CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Patchstack•added 2026/01/22 11:17 a.m.•5 views

WordPress Final User plugin <= 1.2.5 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Final User versions = 1.2.5...

8.8CVSS5.4AI score0.00278EPSS

Patchstack•added 2026/01/22 7:15 a.m.•1 views

WordPress Hotel Listing plugin <= 1.4.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Hotel Listing versions = 1.4.2...

7.6CVSS5.4AI score0.00325EPSS

Patchstack•added 2026/01/22 6:53 a.m.•3 views

WordPress Hospital Doctor Directory plugin <= 1.3.9 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Hospital Doctor Directory versions = 1.3.9...

8.8CVSS5.4AI score0.00378EPSS

CVE•added 2026/01/22 6:47 a.m.•39 views

CVE-2026-0920

CVE-2026-0920 affects the WordPress plugin “LA-Studio Element Kit for Elementor” (≤ 1.5.6.3). The root cause is a missing role restriction in the AJAX registration handler (ajax_register_handle), which lets unauthenticated users supply the lakit_bkrole parameter and create an administrator accoun...

9.8CVSS5.5AI score0.01078EPSS

In wildExploits4References3

Patchstack•added 2026/01/22 5:57 a.m.•4 views

WordPress Lawyer Directory plugin <= 1.3.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Lawyer Directory versions = 1.3.4...

7.3CVSS5.4AI score0.00288EPSS

NVD•added 2026/01/22 12:15 a.m.•5 views

CVE-2026-1036

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deletecomment function in all versions up to, and including, 1.8.36. This makes it possible for unauthenticated attackers to...

5.3CVSS0.00219EPSS

Exploits0References2

CNNVD•added 2026/01/22 12:0 a.m.•4 views

WordPress plugin Kids Heaven: Code-related vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...

8.8CVSS5.9AI score0.00503EPSS

5.9CVSS5.7AI score0.00252EPSS

WordPress plugin stackable-ultimate-gutenberg-blocks has a cross-site scripting vulnerability

CNNVD•added 2026/01/22 12:0 a.m.•5 views

WordPress plugin magic_slider has a cross-site scripting vulnerability

7.1CVSS5.7AI score0.00237EPSS

CNNVD•added 2026/01/22 12:0 a.m.•5 views

WordPress plugin Energia has a code vulnerability

10CVSS5.9AI score0.00507EPSS

8.8CVSS5.8AI score0.00405EPSS

WordPress plugin xSmart has a security vulnerability

CNNVD•added 2026/01/22 12:0 a.m.•2 views

WordPress plugin: WordPress Photo Gallery – Cross-site scripting vulnerability

7.1CVSS5.7AI score0.00263EPSS

5.4CVSS5.8AI score0.00245EPSS

WordPress plugin Carter for Elementor has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

7.6CVSS5.8AI score0.00325EPSS

WordPress plugin Hospital Doctor Directory has a security vulnerability

5.3CVSS5.9AI score0.00233EPSS

WordPress plugin FluentForm has a code injection vulnerability