CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

67 matches found

NVD•added 2026/06/18 8:16 a.m.•8 views

CVE-2026-12137

The SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 4.3.6 due to insufficient input sanitization and output escaping. Thi...

6.1CVSS0.00211EPSS

Exploits0References4

EUVD•added 2026/06/18 6:50 a.m.•8 views

EUVD-2026-37861

6.1CVSS5.5AI score0.00211EPSS

Exploits0References4

Cvelist•added 2026/06/18 6:50 a.m.•23 views

CVE-2026-12137 SysBasics Customize My Account for WooCommerce <= 4.3.6 - Reflected Cross-Site Scripting via 'tab' Parameter

6.1CVSS0.00211EPSS

Exploits0References4

CVE•added 2026/06/18 6:50 a.m.•23 views

CVE-2026-12137

The CVE concerns the WordPress plugin SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager. It is vulnerable to a Reflected Cross-Site Scripting (XSS) via the tab parameter in all versions up to and including 4.3.6, caused by insufficient input sanitization...

6.1CVSS5.5AI score0.00211EPSS

Exploits0References4

NVD•added 2026/06/18 6:16 a.m.•10 views

CVE-2026-11360

The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 'sortdirection' parameter in all versions up to, and including, 4.0.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS0.00369EPSS

Exploits0References14

ATTACKERKB•added 2026/06/18 5:34 a.m.•7 views

CVE-2026-11360

4.9CVSS5.8AI score0.00369EPSS

Exploits0References15

EUVD•added 2026/06/18 5:34 a.m.•10 views

EUVD-2026-37844

4.9CVSS5.8AI score0.00369EPSS

Exploits0References14

RedhatCVE•added 2026/06/05 7:42 p.m.•9 views

CVE-2025-14767

The WPC Badge Management for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the wpcbmbestseller shortcode in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for...

5.5CVSS5.7AI score0.00207EPSS

Exploits0References1

EUVD•added 2026/05/13 7:44 a.m.•22 views

EUVD-2025-209823

5.5CVSS6AI score0.00207EPSS

Exploits0References4

ATTACKERKB•added 2026/05/13 7:44 a.m.•4 views

CVE-2025-14767

5.5CVSS6AI score0.00207EPSS

Exploits0References5

Positive Technologies•added 2026/05/13 12:0 a.m.•10 views

PT-2026-40581

The WPC Badge Management for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the wpcbm best seller shortcode in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for...

5.5CVSS6AI score0.00207EPSS

Exploits0References4

GithubExploit•added 2026/04/18 9:25 a.m.•117 views

Exploit for CVE-2026-1937

CVE-2026-1937 YayMail = 4.3.2 - Missing Authorization to A...

7.2CVSS6.1AI score0.00411EPSS

Exploits2

RedhatCVE•added 2026/02/20 7:22 a.m.•9 views

CVE-2025-12975

The CTX Feed – WooCommerce Product Feed Manager plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the woofeedplugininstalling function in all versions up to, and including, 6.6.11. This makes it possible for authenticated...

7.2CVSS6.1AI score0.00821EPSS

Exploits0References1

RedhatCVE•added 2026/02/19 7:28 a.m.•4 views

CVE-2026-1938

The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized license key deletion due to a missing authorization check on the /yaymail-license/v1/license/delete REST endpoint in versions up to, and including, 4.3.2. This makes it possible for authenticated...

5.3CVSS5.5AI score0.00307EPSS

Exploits0References1

RedhatCVE•added 2026/02/19 7:28 a.m.•7 views

CVE-2026-1937

The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the yaymailimportstate AJAX action in all versions up to, and including, 4.3.2. This makes it possible for...

9.8CVSS5.7AI score0.00411EPSS

Exploits1References1

NVD•added 2026/02/19 7:17 a.m.•8 views

CVE-2025-12975

7.2CVSS0.00821EPSS

Exploits0References3

Cvelist•added 2026/02/19 4:36 a.m.•27 views

CVE-2025-12975 CTX Feed – WooCommerce Product Feed Manager <= 6.6.11 - Missing Authorization to Authenticated (Shop Manager+) Arbitrary Plugin Installation

7.2CVSS0.00821EPSS

Exploits0References3

Vulnrichment•added 2026/02/19 4:36 a.m.•3 views

CVE-2025-12975 CTX Feed – WooCommerce Product Feed Manager <= 6.6.11 - Missing Authorization to Authenticated (Shop Manager+) Arbitrary Plugin Installation

7.2CVSS6.2AI score0.00821EPSS

Exploits0References3

NVD•added 2026/02/18 8:16 a.m.•7 views

CVE-2026-1831

The YayMail - WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized plugin installation and activation due to missing capability checks on the 'yaymailinstallyaysmtp' AJAX action and /yaymail/v1/addons/activate REST endpoint in all versions up to, and including, 4.3.2...

2.7CVSS0.00293EPSS

Exploits0References5

ATTACKERKB•added 2026/02/18 7:25 a.m.•5 views

CVE-2026-1831

2.7CVSS5.5AI score0.00293EPSS

Exploits0References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by