CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 3 hours ago•5 views

CVE-2026-11360

The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 'sortdirection' parameter in all versions up to, and including, 4.0.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

CVE•added 4 hours ago•5 views

Exploits0References14

CVE-2026-11776

CVE•added 4 hours ago•5 views

Exploits0References10

CVE-2026-11777

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to generic SQL Injection via the 'name' parameter in all versions up to, and including, 1.15.43 due to insufficient escaping on the user supplied parameter and lack of sufficient...

Exploits0References10

EUVD-2026-37631

Unauthenticated SQL Injection in JobSearch = 3.2.9 versions...

9.3CVSS5.8AI score

EUVD-2026-37632

Unauthenticated SQL Injection in JetEngine = 3.8.10.1 versions...

9.3CVSS5.8AI score

EUVD-2026-37644

Unauthenticated SQL Injection in WP eMember v10.9.4 versions...

9.3CVSS5.8AI score

EUVD•added yesterday•5 views

EUVD-2026-37619

Unauthenticated SQL Injection in JetSearch = 3.5.17 versions...

Exploits1References2

EUVD-2026-37589

Unauthenticated SQL Injection in Blocksy Companion Pro 2.1.29 versions...

EUVD•added yesterday•5 views

EUVD-2026-37655

Unauthenticated SQL Injection in Tutor LMS Pro = 3.9.6 versions...

EUVD•added yesterday•5 views

EUVD-2026-37660

Unauthenticated SQL Injection in WPJobster = 6.3.5 versions...

7.5CVSS5.7AI score0.00414EPSS

EUVD-2026-37552

The JetEngine plugin for WordPress is vulnerable to SQL injection in all versions up to and including 3.8.10.1. The listingloadmore AJAX handler accepts a filteredquery parameter that is intentionally excluded from the HMAC query signature check to support front-end filter integration. However,...

Exploits0References7

EUVD-2025-210229

Subscriber SQL Injection in Events Schedule - WordPress Events Calendar Plugin = 2.7.2 versions...

8.5CVSS5.7AI score

Patchstack•added yesterday•3 views

WordPress Tutor LMS – eLearning and online course solution plugin <= 3.9.11 - Authenticated (Administrator+) SQL Injection vulnerability

Authenticated Administrator+ SQL Injection vulnerability discovered by s1kr10s - Nayrox in WordPress Plugin Tutor LMS versions = 3.9.11...

Exploits0References1Affected Software1

NVD•added yesterday•6 views

CVE-2026-35068

Dell PowerFlex Manager, versions Versions, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to information disclosure...

3.5CVSS

Exploits0References1

Patchstack•added yesterday•3 views

WordPress Advanced Order Export For WooCommerce plugin <= 4.0.10 - Authenticated (Shop Manager+) SQL Injection vulnerability

Authenticated Shop Manager+ SQL Injection vulnerability discovered by Yaswanth Reddy Sunkara in WordPress Plugin Advanced Order Export For WooCommerce versions = 4.0.10...

Exploits0References1Affected Software1

Patchstack•added yesterday•3 views

WordPress Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin <= 1.15.43 - Authenticated (Adminsitrator+) SQL Injection vulnerability

Authenticated Adminsitrator+ SQL Injection vulnerability discovered by Muhammad Arsalan Diponegoro tripoloski in WordPress Plugin Form Maker by 10Web versions = 1.15.43...