CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

224026 matches found

CVE•added 5 days ago•6 views

CVE-2026-39591

The CVE-2026-39591 entry concerns the WordPress WP-BusinessDirectory plugin up to version 4.0.0, where a Subscriber Arbitrary File Upload vulnerability is reported. Connected sources confirm the affected product and vulnerability class but do not provide exploit details or mitigation steps beyond...

9.9CVSS5.2AI score0.00465EPSS

Exploits0References1

CVE•added 5 days ago•4 views

CVE-2026-39583

The CVE-2026-39583 entry concerns WordPress plugin Datalogics Ecommerce Delivery (versions

9.8CVSS5.2AI score0.00357EPSS

Exploits0References1

CVE•added 5 days ago•7 views

CVE-2026-39584

CVE-2026-39584 documents a Broken Access Control vulnerability in the WordPress RepairBuddy plugin, affecting versions

6.5CVSS5.1AI score0.00326EPSS

Exploits0References1

CVE•added 5 days ago•8 views

CVE-2026-39579

CVE-2026-39579 affects the WordPress plugin B Blocks up to version 2.0.31 . The vulnerability is a privilege escalation in contributor level, with a high impact (CVE metrics: CVSS 3.1 base score 8.8, scope UNCHANGED, confidentiality/integrity/availability all HIGH). Affected component is the plug...

8.8CVSS5.2AI score0.00278EPSS

Exploits0References1

Vulnrichment•added 5 days ago•5 views

CVE-2026-39579 WordPress B Blocks plugin <= 2.0.31 - Privilege Escalation vulnerability

Contributor Privilege Escalation in B Blocks = 2.0.31 versions...

8.8CVSS5.2AI score0.00278EPSS

Exploits0References1

Cvelist•added 5 days ago•23 views

CVE-2026-39579 WordPress B Blocks plugin <= 2.0.31 - Privilege Escalation vulnerability

Contributor Privilege Escalation in B Blocks = 2.0.31 versions...

8.8CVSS0.00278EPSS

Exploits0References1

Cvelist•added 5 days ago•23 views

CVE-2026-39534 WordPress WP Directory Kit plugin <= 1.5.0 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in WP Directory Kit = 1.5.0 versions...

7.5CVSS0.00306EPSS

Exploits0References1

CVE•added 5 days ago•2 views

CVE-2026-39540

CVE-2026-39540 concerns WordPress plugin Shipment Tracker for Woocommerce (versions up to and including 1.5.3.2). The vulnerability is a Cross Site Scripting (XSS) issue in subscriber-facing context. Public sources indicate a CVSSv3.1 base score of 6.5 (Medium) with network attack vector, low att...

6.5CVSS5.1AI score0.00205EPSS

Exploits0References1

Cvelist•added 5 days ago•23 views

CVE-2026-39540 WordPress Shipment Tracker for Woocommerce plugin <= 1.5.3.2 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting XSS in Shipment Tracker for Woocommerce = 1.5.3.2 versions...

6.5CVSS0.00205EPSS

Exploits0References1

CVE•added 5 days ago•3 views

CVE-2026-39534

WP Directory Kit plugin for WordPress, versions

7.5CVSS5.1AI score0.00306EPSS

Exploits0References1

Cvelist•added 5 days ago•24 views

CVE-2026-39533 WordPress AWP Classifieds plugin <= 4.4.4 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in AWP Classifieds = 4.4.4 versions...

7.5CVSS0.00304EPSS

Exploits0References1

CVE•added 5 days ago•7 views

CVE-2026-39533

The CVE-2026-39533 entry concerns the WordPress AWP Classifieds plugin (versions

7.5CVSS5.1AI score0.00304EPSS

Exploits0References1

Cvelist•added 5 days ago•25 views

CVE-2026-39527 WordPress WpStream plugin < 4.11.2 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in WpStream 4.11.2 versions...

5.4CVSS0.00291EPSS

Exploits0References1

Cvelist•added 5 days ago•23 views

CVE-2026-39525 WordPress Booking Activities plugin <= 1.16.48.1 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Booking Activities = 1.16.48.1 versions...

6.5CVSS0.00242EPSS

Exploits0References1

CVE•added 5 days ago•2 views

CVE-2026-39525

The CVE-2026-39525 entry documents an unauthenticated broken access control in the WordPress Booking Activities plugin, affected versions ≤ 1.16.48.1. The vulnerability allows unauthenticated actors to access or modify data via the plugin’s functionality (impact per CVSS: Confidentiality: None, I...

6.5CVSS5.1AI score0.00242EPSS

Exploits0References1

Cvelist•added 5 days ago•26 views

CVE-2026-39524 WordPress Masteriyo - LMS plugin <= 2.1.5 - Payment Bypass vulnerability

Unauthenticated Broken Access Control in Masteriyo - LMS = 2.1.5 versions...

7.5CVSS0.00246EPSS

Exploits0References1

CVE•added 5 days ago•4 views

CVE-2026-39519

CVE-2026-39519 affects the WordPress plugin GeekyBot (versions <= 1.2.0). The vulnerability is an unauthenticated SQL Injection in GeekyBot

9.3CVSS5.7AI score0.00283EPSS

Exploits0References1

Cvelist•added 5 days ago•22 views

CVE-2026-39519 WordPress GeekyBot plugin <= 1.2.0 - SQL Injection vulnerability

Unauthenticated SQL Injection in GeekyBot = 1.2.0 versions...

9.3CVSS0.00283EPSS

Exploits0References1

CVE•added 5 days ago•2 views

CVE-2026-39515

The WordPress Motors plugin for WordPress, versions prior to 1.4.107, contains a Broken Access Control vulnerability that involves the Subscriber role. The issue enables unauthorized actions due to access control weaknesses in Motors

6.5CVSS5.1AI score0.00352EPSS

Exploits0References1

CVE•added 5 days ago•7 views

CVE-2026-39518

The CVE pertains to WordPress EventPrime plugin versions

7.1CVSS5.2AI score0.00278EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by