Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

224027 matches found

CVE
CVEadded 5 days ago7 views

CVE-2026-39518

The CVE pertains to WordPress EventPrime plugin versions

7.1CVSS5.2AI score0.00278EPSS
Exploits0References1
Cvelist
Cvelistadded 5 days ago23 views

CVE-2026-39515 WordPress Motors plugin < 1.4.107 - Broken Access Control vulnerability

Subscriber Broken Access Control in Motors 1.4.107 versions...

6.5CVSS0.00352EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 5 days ago5 views

CVE-2026-39514 WordPress Paid Member Subscriptions plugin <= 2.17.3 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Paid Member Subscriptions = 2.17.3 versions...

7.1CVSS5.2AI score0.00175EPSS
Exploits0References1
CVE
CVEadded 5 days ago4 views

CVE-2026-39514

The CVE describes an unauthenticated Reflected Cross Site Scripting (XSS) vulnerability in the WordPress plugin Paid Member Subscriptions (versions up to 2.17.3 ). The issue is triggered via reflected input, affecting the plugin’s handling of user-supplied data and potentially enabling code execu...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References1
Cvelist
Cvelistadded 5 days ago23 views

CVE-2026-39514 WordPress Paid Member Subscriptions plugin <= 2.17.3 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Paid Member Subscriptions = 2.17.3 versions...

7.1CVSS0.00175EPSS
Exploits0References1
CVE
CVEadded 5 days ago5 views

CVE-2026-39512

WordPress GeoDirectory plugin ≤ 2.8.152 contains an Unauthenticated SQL Injection vulnerability. Affects that plugin version, enabling network-based attacks with no authentication; CVSSv3.1 base score 9.3 (CRITICAL) with high confidentiality impact and low availability impact. Connected sources p...

9.3CVSS5.7AI score0.00283EPSS
Exploits0References1
Cvelist
Cvelistadded 5 days ago25 views

CVE-2026-39513 WordPress Easy Appointments plugin <= 3.12.21 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Easy Appointments = 3.12.21 versions...

7.5CVSS0.00287EPSS
Exploits0References1
CVE
CVEadded 5 days ago8 views

CVE-2026-39511

CVE-2026-39511 affects the WordPress plugin WP Photo Album Plus

9.3CVSS5.7AI score0.00295EPSS
Exploits0References1
Cvelist
Cvelistadded 5 days ago24 views

CVE-2026-39511 WordPress WP Photo Album Plus plugin <= 9.1.08.001 - SQL Injection vulnerability

Unauthenticated SQL Injection in WP Photo Album Plus = 9.1.08.001 versions...

9.3CVSS0.00295EPSS
Exploits0References1
Cvelist
Cvelistadded 5 days ago23 views

CVE-2026-39507 WordPress Social Slider Feed plugin <= 2.3.2 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Social Slider Feed = 2.3.2 versions...

7.1CVSS0.00175EPSS
Exploits0References1
CVE
CVEadded 5 days ago11 views

CVE-2026-39502

This CVE concerns the WordPress plugin Form Maker by 10Web (versions &lt;= 1.15.38). The issue is described as an Unauthenticated SQL Injection vulnerability in Form Maker by 10Web

9.3CVSS5.7AI score0.00283EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 5 days ago4 views

CVE-2026-39502 WordPress Form Maker by 10Web plugin <= 1.15.38 - SQL Injection vulnerability

Unauthenticated SQL Injection in Form Maker by 10Web = 1.15.38 versions...

9.3CVSS5.8AI score0.00283EPSS
Exploits0References1
Cvelist
Cvelistadded 5 days ago23 views

CVE-2026-39502 WordPress Form Maker by 10Web plugin <= 1.15.38 - SQL Injection vulnerability

Unauthenticated SQL Injection in Form Maker by 10Web = 1.15.38 versions...

9.3CVSS0.00283EPSS
Exploits0References1
CVE
CVEadded 5 days ago8 views

CVE-2026-39498

The Connected document identifies CVE-2026-39498-related details: a PHP Object Injection vulnerability in the WordPress YayMail plugin , affecting versions ≤ 4.3.3 and discovered by daroo . No additional root-cause, impact, exploit, or remediation details are provided in the sources. Monitor for ...

7.2CVSS5.3AI score0.00359EPSS
Exploits0References1
Cvelist
Cvelistadded 5 days ago22 views

CVE-2026-39498 WordPress YayMail plugin <= 4.3.3 - PHP Object Injection vulnerability

Shop manager PHP Object Injection in YayMail = 4.3.3 versions...

7.2CVSS0.00359EPSS
Exploits0References1
Cvelist
Cvelistadded 5 days ago24 views

CVE-2026-39499 WordPress Advanced Product Fields (Product Addons) for WooCommerce plugin <= 1.6.19 - PHP Object Injection vulnerability

Shop manager PHP Object Injection in Advanced Product Fields Product Addons for WooCommerce = 1.6.19 versions...

7.2CVSS0.00446EPSS
Exploits0References1
Cvelist
Cvelistadded 5 days ago24 views

CVE-2026-39492 WordPress WP Maps plugin <= 4.9.1 - SQL Injection vulnerability

Unauthenticated SQL Injection in WP Maps = 4.9.1 versions...

9.3CVSS0.00363EPSS
Exploits0References1
CVE
CVEadded 5 days ago4 views

CVE-2026-39493

CVE-2026-39493 : The WordPress plugin Simply Schedule Appointments (versions

9.3CVSS5.7AI score0.00363EPSS
Exploits0References1
CVE
CVEadded 5 days ago3 views

CVE-2026-39491

CVE-2026-39491 affects the WordPress JupiterX Core plugin (versions

6.5CVSS5.1AI score0.00229EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 5 days ago4 views

CVE-2026-39489 WordPress Download Monitor plugin <= 5.1.9 - Non-Arbitrary File Download vulnerability

Author Arbitrary File Download in Download Monitor = 5.1.9 versions...

4.4CVSS5.2AI score0.00337EPSS
Exploits0References1
Rows per page
Query Builder