CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

223968 matches found

Patchstack•added 2 days ago•5 views

WordPress Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin <= 1.15.43 - Authenticated (Administrator+) SQL Injection vulnerability

Authenticated Administrator+ SQL Injection vulnerability discovered by Muhammad Arsalan Diponegoro tripoloski in WordPress Plugin Form Maker by 10Web versions = 1.15.43...

4.9CVSS5.9AI score0.00355EPSS

Exploits0References1Affected Software1

Patchstack•added 2 days ago•5 views

WordPress Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets plugin <= 1.3.13.1 - Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability

Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability discovered by Umut Can Yurdayardım in WordPress Plugin Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets versions = 1.3.13.1...

5.3CVSS5.3AI score0.0031EPSS

Exploits0References1Affected Software1

Patchstack•added 2 days ago•5 views

WordPress Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin <= 5.0.3 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Order Modification vulnerability

Insecure Direct Object Reference to Authenticated Custom+ Arbitrary Order Modification vulnerability discovered by Kirasec in WordPress Plugin Dokan versions = 5.0.3...

4.3CVSS5.3AI score0.0025EPSS

Exploits0References1Affected Software1

CVE•added 2 days ago•6 views

CVE-2026-54812

CVE-2026-54812 describes an SQL Injection in StylemixThemes Motors (WordPress plugin)

9.3CVSS5.6AI score0.00291EPSS

Exploits0References1

Cvelist•added 2 days ago•29 views

CVE-2026-54812 WordPress Motors plugin <= 1.4.109 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in StylemixThemes Motors allows Blind SQL Injection. This issue affects Motors: from n/a through 1.4.109...

9.3CVSS0.00291EPSS

Exploits0References1

CVE•added 2 days ago•8 views

CVE-2026-54810

The CVE-2026-54810 entry concerns the WordPress plugin Nexi XPay (≤ 8.3.1). The vulnerability is described as a Missing Authorization/ Broken Access Control issue caused by incorrectly configured access controls, affecting Nexi XPay on versions from n/a up to 8.3.1. Public metrics indicate a HIGH...

7.5CVSS5.3AI score0.00243EPSS

Exploits0References1

Cvelist•added 2 days ago•24 views

CVE-2026-54809 WordPress GIFT4U plugin <= 1.0.10 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VillaTheme GIFT4U allows Blind SQL Injection. This issue affects GIFT4U: from n/a through 1.0.10...

9.3CVSS0.00241EPSS

Exploits0References1

Cvelist•added 2 days ago•14 views

CVE-2025-69189 WordPress JobBank plugin <= 1.2.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in EMV JobBank allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JobBank: from n/a through 1.2.3...

7.3CVSS0.00178EPSS

Exploits0References1

Cvelist•added 2 days ago•24 views

CVE-2026-54814 WordPress Motors plugin <= 1.4.109 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in StylemixThemes Motors allows PHP Local File Inclusion. This issue affects Motors: from n/a through 1.4.109...

8.1CVSS0.00337EPSS

Exploits0References1

Cvelist•added 2 days ago•25 views

CVE-2026-54815 WordPress Cargo Shipping Location for WooCommerce plugin <= 5.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cargo RD Cargo Shipping Location for WooCommerce allows Blind SQL Injection. This issue affects Cargo Shipping Location for WooCommerce: from n/a through 5.6...

9.3CVSS0.00236EPSS

Exploits0References1

Cvelist•added 2 days ago•25 views

CVE-2026-54816 WordPress Advanced Ads plugin <= 2.0.21 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Monetizemore Advanced Ads allows Remote Code Inclusion. This issue affects Advanced Ads: from n/a through 2.0.21...

7.5CVSS0.00292EPSS

Exploits0References1

Cvelist•added 2 days ago•26 views

CVE-2026-54818 WordPress Slimstat Analytics plugin <= 5.4.11 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VeronaLabs Slimstat Analytics allows Blind SQL Injection. This issue affects Slimstat Analytics: from n/a through 5.4.11...

8.5CVSS0.00211EPSS

Exploits0References1

NVD•added 2 days ago•4 views

CVE-2026-9570

The Taskbuilder WordPress plugin before 5.0.8 does not properly sanitise a URL parameter before echoing it into inline JavaScript on a frontend page containing one of its shortcodes, leading to a Reflected Cross-Site Scripting vulnerability that can be triggered against any logged-in user...

7.1CVSS0.00192EPSS

Exploits0References1

NVD•added 2 days ago•3 views

CVE-2026-8607

The Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wrap' Shortcode Attribute in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping...

6.4CVSS0.00269EPSS

Exploits0References8

NVD•added 2 days ago•5 views

CVE-2026-8383

The LearnPress WordPress plugin before 4.3.7 does not gate the edit context on one of its REST endpoint behind the editusers capability, allowing unauthenticated visitors to retrieve each returned user's roles, full capabilities map, extra capabilities, locale, and registration date via a crafted...

5.3CVSS0.00246EPSS

Exploits0References1

NVD•added 2 days ago•4 views

CVE-2026-8089

The weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce WordPress plugin before 2.1.3 does not properly escape a user-supplied parameter before reflecting it into an HTML attribute on a non-nonce-protected AJAX response, allowing unauthenticated...

7.1CVSS0.00215EPSS

Exploits0References1

NVD•added 2 days ago•3 views

CVE-2026-7850

The WP Magnific Popup WordPress plugin through 1.0 does not properly escape user-controlled link URLs before injecting them into the DOM when displaying image load error messages, allowing authenticated attackers with Author-level access or above to perform Stored Cross-Site Scripting attacks...

5.9CVSS0.00184EPSS

Exploits0References1

NVD•added 2 days ago•4 views

CVE-2026-49084

Unauthenticated SQL Injection in JetEngine 3.8.9.1 versions...

9.3CVSS0.00291EPSS

Exploits0References1

NVD•added 2 days ago•3 views

CVE-2026-25470

Improper Control of Generation of Code 'Code Injection' vulnerability in ACPT ACPT Pro - Custom Post Types Plugin for WordPress allows Remote Code Inclusion. This issue affects ACPT Pro - Custom Post Types Plugin for WordPress: from n/a through 2.0.47...

10CVSS0.00414EPSS

Exploits0References1

NVD•added 2 days ago•3 views

CVE-2026-22335

Subscriber SQL Injection in WooCommerce Frontend Manager – Ultimate 6.7.7 versions...

8.5CVSS0.00347EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by