CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/03/05 5:53 a.m.•0 views

CVE-2026-23802 WordPress AI Engine plugin <= 3.3.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine ai-engine allows Using Malicious Files.This issue affects AI Engine: from n/a through = 3.3.2...

9.1CVSS5.8AI score0.00059EPSS

Vulnrichment•added 2026/03/05 5:53 a.m.•0 views

CVE-2025-69338 WordPress Riode Core plugin <= 1.6.26 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in don-themes Riode Core riode-core allows Blind SQL Injection.This issue affects Riode Core: from n/a through = 1.6.26...

6AI score0.00045EPSS

WordPress plugin Dr.Patterson 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

WordPress plugin smart SEO 安全漏洞

9.1CVSS5.8AI score0.00108EPSS

WordPress plugin Login with Salesforce 安全漏洞

WordPress plugin Coleo 安全漏洞

WordPress plugin Wanderland 安全漏洞

8.8CVSS5.8AI score0.00055EPSS

WordPress plugin WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation 安全漏洞

Exploits0References3

CNNVD•added 2026/03/05 12:0 a.m.•4 views

WordPress plugin Site Suggest 安全漏洞

6.5CVSS5.8AI score0.00056EPSS

7.1CVSS5.6AI score0.00045EPSS

WordPress plugin UberSlider PerpetuumMobile 安全漏洞

WordPress plugin Motorix 安全漏洞

8.5CVSS6.1AI score0.00071EPSS

WordPress plugin JetEngine 安全漏洞

8.8CVSS5.9AI score0.00071EPSS

WordPress plugin NextScripts 代码问题漏洞

Cvelist•added 2026/03/04 9:24 a.m.•350 views

CVE-2023-7337 JS Help Desk – AI-Powered Support & Ticketing System 2.8.2 - Unauthenticated SQL Injection via 'js-support-ticket-token-tkstatus' Cookie

The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the 'js-support-ticket-token-tkstatus' cookie in version 2.8.2 due to an incomplete fix for CVE-2023-50839 where a second sink was left with insufficient escaping on the user supplied...

7.5CVSS0.26435EPSS

Exploits0References2

ATTACKERKB•added 2026/03/04 8:23 a.m.•1 views

CVE-2026-1236

The Envira Gallery for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'justifiedgallerytheme' parameter in all versions up to, and including, 1.12.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS6AI score0.00045EPSS

Exploits0References5

Patchstack•added 2026/03/02 11:24 p.m.•4 views

WordPress Blocksy plugin <= 2.1.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via `blocksy_meta` Fields vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via blocksymeta Fields vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Theme Blocksy versions = 2.1.30...

6.4CVSS5.9AI score0.00043EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/02/28 12:0 a.m.•3 views

PT-2026-22465

Name of the Vulnerable Software and Affected Versions Tutor LMS versions prior to 3.9.7 Description The Tutor LMS plugin for WordPress is susceptible to SQL Injection due to inadequate input validation and query preparation. Specifically, the coupon code parameter is not properly sanitized,...

7.5CVSS6AI score0.00096EPSS

Exploits1References9

RedhatCVE•added 2026/02/27 10:14 a.m.•3 views

CVE-2026-28136

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VeronaLabs WP SMS wp-sms allows SQL Injection.This issue affects WP SMS: from n/a through = 6.9.12...

7.6CVSS6AI score0.00041EPSS