CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 3 days ago•7 views

EUVD-2026-39624

7.5CVSS5.8AI score0.00256EPSS

CVE•added 3 days ago•8 views

CVE-2026-10823

CVE-2026-10823 affects the YMC Filter WordPress plugin (pre-3.11.3). The flaw stems from improper authorization of a REST API endpoint and lack of validation of a user-supplied query parameter, enabling unauthenticated attackers to retrieve titles and content from private, draft, and other non-pu...

7.5CVSS5.8AI score0.00256EPSS

ATTACKERKB•added 3 days ago•5 views

CVE-2026-10823

7.5CVSS5.8AI score0.00256EPSS

EUVD•added 2026/06/19 4:31 a.m.•10 views

EUVD-2026-37983

The Bogo plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.1 via the bogorestcreateposttranslation. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract the raw title, content, excerpt,...

4.3CVSS5.8AI score0.00254EPSS

Exploits0References9

CVE•added 2026/06/19 4:31 a.m.•14 views

CVE-2026-9013

CVE-2026-9013 affects the WordPress Bogo plugin (

4.3CVSS5.4AI score0.00254EPSS

Exploits0References9

CVE•added 2026/06/16 4:30 a.m.•9 views

CVE-2026-10780

CVE-2026-10780 affects the WordPress Static Block plugin (versions up to 2.2). The vulnerability is an Insecure Direct Object Reference in the static_block_content() shortcode handler, which retrieves a post with get_post() using an attacker-controlled id and outputs its post_content without vali...

4.3CVSS5.5AI score0.00211EPSS

Exploits0References4

Cvelist•added 2026/06/16 4:30 a.m.•28 views

CVE-2026-10780 Static Block <= 2.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via Shortcode 'id' Attribute

The Static Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2. This is due to the staticblockcontent shortcode handler retrieving a post via getpost using an attacker-supplied 'id' attribute and outputting its postcontent without...

4.3CVSS0.00211EPSS

Exploits0References4

Positive Technologies•added 2026/06/16 12:0 a.m.•9 views

PT-2026-49611

Name of the Vulnerable Software and Affected Versions Static Block versions prior to 2.3 Description The Static Block plugin for WordPress contains an Insecure Direct Object Reference. This occurs because the static block content shortcode handler uses the get post function to retrieve a post bas...

4.3CVSS6AI score0.00211EPSS

Exploits0References7

GithubExploit•added 2026/06/11 10:42 a.m.•83 views

Exploit for CVE-2026-7665

CVE-2026-7665 — Unauthenticated Information Disclosure in Esse...

RedhatCVE•added 2026/06/07 8:59 a.m.•16 views

Exploits1

CVE-2026-7665

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.6.4 via the ajaxloadmore function due to insufficient restrictions on which posts can be included. This makes it possible f...

NVD•added 2026/06/06 4:17 a.m.•12 views

Exploits1References1

CVE-2026-7665

5.3CVSS0.0515EPSS

EUVD•added 2026/06/06 2:28 a.m.•11 views

EUVD-2026-34950

Vulnrichment•added 2026/06/06 2:28 a.m.•8 views

CVE-2026-7665 Essential Addons for Elementor <= 6.6.4 - Missing Authorization to Unauthenticated Information Exposure via 'load_more' AJAX Handler

Cvelist•added 2026/06/06 2:28 a.m.•40 views

CVE-2026-7665 Essential Addons for Elementor <= 6.6.4 - Missing Authorization to Unauthenticated Information Exposure via 'load_more' AJAX Handler

5.3CVSS0.0515EPSS

ATTACKERKB•added 2026/06/06 2:28 a.m.•9 views

CVE-2026-7665

CVE•added 2026/06/06 2:28 a.m.•31 views

Exploits1References15

CVE-2026-7665

CVE-2026-7665 affects the WordPress plugin Essential Addons for Elementor (up to version 6.6.4). The issue arises in the ajax_load_more handler, with insufficient restrictions on which posts can be returned, enabling unauthenticated attackers to extract data from password-protected, private, or d...

Positive Technologies•added 2026/06/06 12:0 a.m.•24 views

PT-2026-47130

Name of the Vulnerable Software and Affected Versions Essential Addons for Elementor versions prior to 6.6.5 Description The plugin is subject to information exposure due to insufficient restrictions on the posts that can be included within the ajax load more function. This allows unauthenticated...