CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15726 matches found

Cvelist•added 2026/01/23 2:28 p.m.•28 views

CVE-2026-24544 WordPress HD Quiz plugin <= 2.0.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Harmonic Design HD Quiz hd-quiz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HD Quiz: from n/a through = 2.0.9...

4.3CVSS0.00046EPSS

Exploits0References1

CVE•added 2026/01/23 2:28 p.m.•14 views

CVE-2026-24548

Summary: CVE-2026-24548 is a Server-Side Request Forgery (SSRF) vulnerability in the WordPress plugin “Radio Player” (radio-player) affecting versions up to and including 2.0.91. The issue is publicly documented by multiple sources (Wordfence vulnerability report and CVE/NVD entries). Impact is l...

5.4CVSS5.9AI score0.00049EPSS

Exploits0References1

Patchstack•added 2026/01/23 7:57 a.m.•4 views

WordPress WP DSGVO Tools (GDPR) plugin <= 3.1.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'lw_content_block' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'lwcontentblock' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP DSGVO Tools GDPR versions = 3.1.36...

6.4CVSS5.4AI score0.00016EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/01/23 5:29 a.m.•30 views

CVE-2025-14745 RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 5.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via wp-rss-aggregator Shortcode

The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-rss-aggregator' shortcode in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping on...

6.4CVSS0.00016EPSS

Exploits0References3

CNNVD•added 2026/01/23 12:0 a.m.•1 views

WordPress plugin Easy Modal has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.5CVSS5.8AI score0.00064EPSS

Exploits0References1

CNNVD•added 2026/01/23 12:0 a.m.•1 views

WordPress plugin Textmetrics has a security vulnerability

4.3CVSS5.9AI score0.00052EPSS

Exploits0References1

CNNVD•added 2026/01/23 12:0 a.m.•1 views

WordPress plugin Tablesome has a security vulnerability

4.3CVSS5.8AI score0.00014EPSS

Exploits0References1

CNNVD•added 2026/01/23 12:0 a.m.•2 views

WordPress plugin LifePress has a security vulnerability

4.3CVSS5.8AI score0.00048EPSS

Exploits0References1

CNNVD•added 2026/01/23 12:0 a.m.•2 views

WordPress plugin Media Library File Size security vulnerability

4.3CVSS5.8AI score0.00048EPSS

Exploits0References1

CNNVD•added 2026/01/23 12:0 a.m.•1 views

WordPress plugin Hyyan WooCommerce Polylang Integration has a security vulnerability

6.5CVSS5.8AI score0.00051EPSS

Exploits0References1

CNNVD•added 2026/01/23 12:0 a.m.•5 views

WordPress plugin All-in-One Video Gallery has a security vulnerability

6.5CVSS5.8AI score0.00058EPSS

Exploits0References6

Positive Technologies•added 2026/01/23 12:0 a.m.•2 views

PT-2026-4354

The WP DSGVO Tools GDPR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lw content block' shortcode in all versions up to, and including, 3.1.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00016EPSS

Exploits0References4

Positive Technologies•added 2026/01/23 12:0 a.m.•5 views

PT-2026-4371

Name of the Vulnerable Software and Affected Versions Kama Thumbnail versions through 3.5.1 Description A Cross-Site Request Forgery CSRF issue exists in Kama Thumbnail. This allows an attacker to potentially perform actions on behalf of an authenticated user without their knowledge...

5.3AI score0.00008EPSS

Exploits0References3

CNNVD•added 2026/01/23 12:0 a.m.•1 views

WordPress plugin WP DSGVO Tools (GDPR) cross-site scripting vulnerability

6.4CVSS5.7AI score0.00016EPSS

Exploits0References4

CNNVD•added 2026/01/23 12:0 a.m.•1 views

WordPress plugin Ryviu has a security vulnerability

5.3CVSS5.8AI score0.00015EPSS

Exploits0References1

CNNVD•added 2026/01/23 12:0 a.m.•2 views

WordPress plugin Monetag Official Plugin has a security vulnerability

5.4CVSS5.8AI score0.00069EPSS

Exploits0References1

GithubExploit•added 2026/01/22 7:58 p.m.•135 views

Exploit for CVE-2026-0594

CVE-2026-0594-ListSiteContributors-Plugin-Exploit 🛡️ Descr...

6.1CVSS5.6AI score0.01666EPSS

Exploits1

GithubExploit•added 2026/01/22 6:57 p.m.•132 views

Exploit for CVE-2024-51791

CVE-2024-51791 / 0-Click RCE Exploit - Author: Joshua Provost...

10CVSS6.1AI score0.01021EPSS

Exploits1

RedhatCVE•added 2026/01/22 5:34 p.m.•4 views

CVE-2021-47830

GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery CSRF vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This may allow unauthorized changes but does not...

6.5CVSS5.7AI score0.00103EPSS

Exploits1References1

CVE•added 2026/01/22 4:52 p.m.•5 views

CVE-2026-24383

CVE-2026-24383 concerns the WordPress plugin B Slider (b-slider) with versions up to and including 2.0.6, which is affected by a DOM-based Cross-Site Scripting (XSS) in input handling during web page generation. The vulnerability is classified as medium severity (CVSSv3.1: AV:N/AC:L/PR:L/UI:R/S:C...

6.5CVSS5.4AI score0.00064EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by