CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

223986 matches found

CVE-2026-54188

CVE-2026-54188 affects the WordPress JetEngine plugin (versions <= 3.8.10). It describes an unauthenticated Cross Site Scripting (XSS) vulnerability in JetEngine

7.1CVSS5.1AI score0.00146EPSS

Exploits0References1

Cvelist•added 2 days ago•26 views

CVE-2026-54188 WordPress JetEngine plugin <= 3.8.10 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in JetEngine = 3.8.10 versions...

7.1CVSS0.00146EPSS

Exploits0References1

CVE•added 2 days ago•11 views

CVE-2026-54187

CVE-2026-54187 affects the WordPress JetEngine plugin, vulnerable in versions up to 3.8.10.1. The issue is an unauthenticated SQL injection in JetEngine = 3.8.10.2 or later and implement mitigations per vendor guidance. The documents do not indicate in-the-wild exploitation or CVSS vectors beyond...

9.3CVSS5.7AI score0.00291EPSS

Exploits0References1

Cvelist•added 2 days ago•25 views

CVE-2026-54186 WordPress JobSearch plugin <= 3.2.9 - SQL Injection vulnerability

Unauthenticated SQL Injection in JobSearch = 3.2.9 versions...

9.3CVSS0.00297EPSS

Exploits0References1

Cvelist•added 2 days ago•28 views

CVE-2026-54187 WordPress JetEngine plugin <= 3.8.10.1 - SQL Injection vulnerability

Unauthenticated SQL Injection in JetEngine = 3.8.10.1 versions...

9.3CVSS0.00291EPSS

Exploits0References1

CVE•added 2 days ago•11 views

CVE-2026-54186

CVE-2026-54186 concerns the WordPress JobSearch plugin, affected version range

9.3CVSS5.7AI score0.00297EPSS

Exploits0References1

CVE•added 2 days ago•8 views

CVE-2026-54185

CVE-2026-54185 – WordPress Cornerstone plugin (

8.5CVSS5.7AI score0.00342EPSS

Exploits0References1

Cvelist•added 2 days ago•28 views

CVE-2026-54185 WordPress Cornerstone plugin < 7.8.8 - SQL Injection vulnerability

Subscriber SQL Injection in Cornerstone 7.8.8 versions...

8.5CVSS0.00342EPSS

Exploits0References1

CVE•added 2 days ago•13 views

CVE-2026-54184

The CVE concerns WordPress plugin Clean Login prior to or up to version 1.15 with an Unauthenticated Insecure Direct Object References (IDOR) vulnerability. The root cause is an IDOR issue in the plugin, potentially exposing object identifiers to unauthenticated users. CVSS 3.1 metrics indicate h...

8.2CVSS5.2AI score0.00261EPSS

Exploits0References1

Cvelist•added 2 days ago•25 views

CVE-2026-54184 WordPress Clean Login plugin <= 1.15 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in Clean Login = 1.15 versions...

8.2CVSS0.00261EPSS

Exploits0References1

Cvelist•added 2 days ago•25 views

CVE-2026-52706 WordPress JetEngine plugin <= 3.8.10 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in JetEngine = 3.8.10 versions...

9.8CVSS0.00386EPSS

Exploits0References1

CVE•added 2 days ago•11 views

CVE-2026-52706

CVE-2026-52706 : Unauthenticated PHP Object Injection in WordPress JetEngine plugin (versions ≤ 3.8.10). Affected component: JetEngine; vulnerability type: PHP Object Injection. Impact: high confidentiality, integrity, and availability (CVSS 3.1 base score 9.8; network attack vector; no user inte...

9.8CVSS5.3AI score0.00386EPSS

Exploits0References1

Cvelist•added 2 days ago•24 views

CVE-2026-52698 WordPress PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget plugin <= 4.2.3 - Sensitive Data Exposure vulnerability

Subscriber Sensitive Data Exposure in PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget = 4.2.3 versions...

7.4CVSS0.0022EPSS

Exploits0References1

CVE•added 2 days ago•10 views

CVE-2026-52696

CVE-2026-52696 concerns the WordPress JetBlog plugin (versions <= 2.4.8) and describes an unauthenticated sensitive data exposure. The entry specifies a CVSS 3.1 base score of 7.5 (HIGH), with network attack vector, no privileges required, no user interaction, and impact limited to confidentia...

7.5CVSS5.2AI score0.00245EPSS

Exploits0References1

Cvelist•added 2 days ago•25 views

CVE-2026-52696 WordPress JetBlog plugin <= 2.4.8 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in JetBlog = 2.4.8 versions...

7.5CVSS0.00245EPSS

Exploits0References1

Cvelist•added 2 days ago•24 views

CVE-2026-49778 WordPress WPFunnels Pro plugin <= 2.9.4 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in WPFunnels Pro = 2.9.4 versions...

7.1CVSS0.00186EPSS

Exploits0References1

CVE•added 2 days ago•13 views

CVE-2026-49767

CVE-2026-49767 concerns the WordPress WordPress wpForo Forum plugin (≤ 3.1.0) with an Unauthenticated Broken Authentication vulnerability. Affected software is the wpForo Forum plugin; root cause is broken authentication in versions ≤ 3.1.0. Impact is high (CVSS v3.1 base score 9.8, CRITICAL) wit...

9.8CVSS5.2AI score0.00548EPSS

Exploits0References1

Cvelist•added 2 days ago•25 views

CVE-2026-49767 WordPress wpForo Forum plugin <= 3.1.0 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in wpForo Forum = 3.1.0 versions...

9.8CVSS0.00548EPSS

Exploits0References1

Cvelist•added 2 days ago•24 views

CVE-2026-49107 WordPress Thrive Apprentice plugin < 10.8.10.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Thrive Apprentice 10.8.10.2 versions...

9.8CVSS0.00375EPSS

Exploits0References1