CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Patchstack•added 2026/05/04 2:6 p.m.•1 views

WordPress DX Sources plugin <= 2.0.1 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin DX Sources versions = 2.0.1...

4.3CVSS5.8AI score0.00014EPSS

Tenable Nessus•added 2026/05/04 12:0 a.m.•4 views

RHCOS 4 : OpenShift Container Platform 4.10.33 (RHSA-2022:6531)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:6531 advisory. - jenkins-plugin/junit: Stored XSS vulnerability in JUnit Plugin CVE-2022-34176 - jenkins-plugin: Arbitrary file write vulnerability...

7.5CVSS5.8AI score0.43618EPSS

Exploits0References5

Vulnrichment•added 2026/05/02 1:26 p.m.•1 views

CVE-2026-3504 Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 4.3.1 - Unauthenticated Information Disclosure in Store Reviews REST API Endpoint

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.1 via the '/dokan/v1/stores/id/reviews' REST API endpoint. This is due to the 'preparereviewsforresponse' method...

5.3CVSS5.8AI score0.00043EPSS

Exploits0References5

CVE•added 2026/05/02 7:46 a.m.•6 views

CVE-2026-6229

The Royal Elementor Addons plugin for WordPress is vulnerable to Server-Side Request Forgery (SSRF) in versions up to 1.7.1057. The root cause is insufficient validation of user-supplied URLs in render_csv_data(), which can be bypassed by including docs.google.com/spreadsheets in a query paramete...

7.2CVSS5.9AI score0.00023EPSS

Exploits0References10

Positive Technologies•added 2026/05/02 12:0 a.m.•1 views

PT-2026-36572

Name of the Vulnerable Software and Affected Versions Import and export users and customers plugin for WordPress versions prior to 2.0.9 Description An issue exists in the save extra user profile fields function where an incomplete blocklist fails to restrict capability meta keys for subsites in ...

8.8CVSS5.8AI score0.0003EPSS

Exploits0References20

Positive Technologies•added 2026/05/02 12:0 a.m.•2 views

PT-2026-36573

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient validation and output escaping of Product Option field values. The vulnerability exists because the state validation function accepts submitted...

7.2CVSS6AI score0.00021EPSS

Exploits0References3

CNNVD•added 2026/05/02 12:0 a.m.•3 views

WordPress plugin Geo Mashup SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.5CVSS6AI score0.00018EPSS

Positive Technologies•added 2026/05/02 12:0 a.m.•0 views

PT-2026-36618

5.3CVSS5.8AI score0.00043EPSS

Exploits0References6

CNNVD•added 2026/05/02 12:0 a.m.•3 views

WordPress plugin Premium Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

5.4CVSS5.8AI score0.00034EPSS

CNNVD•added 2026/05/02 12:0 a.m.•5 views

WordPress plugin Maxi Blocks 跨站脚本漏洞

6.4CVSS5.8AI score0.00073EPSS

CNNVD•added 2026/05/02 12:0 a.m.•5 views

WordPress plugin User Verification by PickPlugins 安全漏洞

9.8CVSS5.8AI score0.0011EPSS

Exploits1References1

CNNVD•added 2026/05/02 12:0 a.m.•4 views

WordPress plugin Widgets for Social Photo Feed 信息泄露漏洞

6.5CVSS5.8AI score0.03335EPSS

Positive Technologies•added 2026/05/02 12:0 a.m.•1 views

PT-2026-36594

The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce verification for unauthenticated form submissions, insufficient handling of FileUpload fields when ...

7.2CVSS6AI score0.00174EPSS

Exploits0References9

Patchstack•added 2026/05/01 9:31 a.m.•1 views

WordPress Glossary plugin <= 2.2.38 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Glossary versions = 2.2.38...

Patchstack•added 2026/05/01 9:31 a.m.•3 views

WordPress HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player plugin <= 2.2.27 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Html5 Audio Player versions = 2.2.27...

Patchstack•added 2026/05/01 9:16 a.m.•3 views

WordPress Share This Image plugin <= 2.07 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Share This Image versions = 2.07...

Patchstack•added 2026/05/01 9:15 a.m.•3 views

WordPress WOW Styler for CF7 – Visual Styler for Contact Form 7 Forms plugin <= 1.7.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin CF7 WOW Styler versions = 1.7.0...

Patchstack•added 2026/05/01 9:14 a.m.•3 views

WordPress WPIDE – File Manager & Code Editor plugin <= 3.5.1 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin WPIDE – File Manager & Code Editor versions = 3.5.1...