CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11966 matches found

EUVD•added 2026/01/14 5:28 a.m.•2 views

EUVD-2026-2548

The WP-CRM System plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on the wpcrmgetemailrecipients and wpcrmsystemajaxtaskchangestatus AJAX functions in all versions up to, and including, 3.4.5. This makes it possible for authenticated attackers, with...

5.4CVSS5AI score0.00222EPSS

Exploits0References4

EUVD•added 2026/01/14 5:28 a.m.•4 views

EUVD-2026-2551

The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the chat message field in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possibl...

7.2CVSS4.8AI score0.00237EPSS

Exploits0References4

EUVD•added 2026/01/14 5:28 a.m.•3 views

EUVD-2026-2549

The Gotham Block Extra Light plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.5.0 via the 'ghostban' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to read the contents of arbitrary files on...

6.5CVSS5.5AI score0.00307EPSS

Exploits0References3

EUVD•added 2026/01/14 5:28 a.m.•3 views

EUVD-2026-2558

The Makesweat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'makesweatclubid' setting in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level acce...

4.4CVSS4.7AI score0.00211EPSS

Exploits0References8

EUVD•added 2026/01/14 5:28 a.m.•2 views

EUVD-2026-2560

The Testimonials Creator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject...

4.4CVSS4.8AI score0.00208EPSS

Exploits0References4

EUVD•added 2026/01/14 5:28 a.m.•2 views

EUVD-2026-2541

The Sosh Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing nonce validation on the 'adminpagecontent' function. This makes it possible for unauthenticated attackers to update the plugin's settings via...

4.3CVSS4.8AI score0.0014EPSS

Exploits0References3

EUVD•added 2026/01/14 5:28 a.m.•3 views

EUVD-2026-2547

The LottieFiles – Lottie block for Gutenberg plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.0 via the /wp-json/lottiefiles/v1/settings/ REST API endpoint. This makes it possible for unauthenticated attackers to retrieve the site...

5.3CVSS5.5AI score0.003EPSS

Exploits0References3

EUVD•added 2026/01/14 3:30 a.m.•5 views

EUVD-2026-2571

EUVD-2026-2571...

7.8CVSS6.4AI score0.00143EPSS

Exploits0References2

EUVD•added 2026/01/14 3:30 a.m.•4 views

EUVD-2026-2573

EUVD-2026-2573...

8CVSS6.4AI score0.00095EPSS

Exploits0References4

EUVD•added 2026/01/14 2:35 a.m.•3 views

EUVD-2026-2561

Permission verification bypass vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

6.1CVSS6.4AI score0.00078EPSS

Exploits0References7

EUVD•added 2026/01/14 2:13 a.m.•3 views

EUVD-2026-2568

Permission control vulnerability in the Notepad module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

5.5CVSS6.4AI score0.00078EPSS

Exploits0References7

EUVD•added 2026/01/14 2:11 a.m.•2 views

EUVD-2026-2563

Data verification vulnerability in the HiView module. Impact: Successful exploitation of this vulnerability may affect availability...

6.2CVSS6.4AI score0.00091EPSS

Exploits0References9

EUVD•added 2026/01/14 2:7 a.m.•3 views

EUVD-2026-2567

Multi-thread race condition vulnerability in the thermal management module. Impact: Successful exploitation of this vulnerability may affect availability...

6.8CVSS6.3AI score0.00061EPSS

Exploits0References5

EUVD•added 2026/01/14 2:2 a.m.•2 views

EUVD-2026-2570

Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability...

5.1CVSS6.3AI score0.00084EPSS

Exploits0References5

EUVD•added 2026/01/14 2:1 a.m.•1 views

EUVD-2026-2574

Multi-thread race condition vulnerability in the video framework module. Impact: Successful exploitation of this vulnerability may affect availability...

8.4CVSS6.3AI score0.00088EPSS

Exploits0References5

EUVD•added 2026/01/14 1:59 a.m.•4 views

EUVD-2026-2579

Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability...

8CVSS6.3AI score0.00102EPSS

Exploits0References7

EUVD•added 2026/01/14 1:58 a.m.•3 views

EUVD-2026-2575

Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability...

8.4CVSS6.3AI score0.00104EPSS

Exploits0References7

EUVD•added 2026/01/14 12:31 a.m.•4 views

EUVD-2026-2586

EUVD-2026-2586...

7.5CVSS6.4AI score0.00494EPSS

Exploits1References4

EUVD•added 2026/01/14 12:31 a.m.•2 views

EUVD-2026-2594

EUVD-2026-2594...

6.1CVSS6.4AI score0.0024EPSS

Exploits1References4