CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3625 matches found

WordPress CBX Bookmark & Favorite Plugin <= 2.0.4 - SQL Injection

CBX Bookmark & Favorite WordPress plugin = 2.0.4 contains a SQL injection caused by insufficient escaping of the 'orderby' parameter, letting authenticated attackers with Subscriber-level access extract sensitive database information id: CVE-2025-13652 info: name: WordPress CBX Bookmark & Favorit...

6.5CVSS5.5AI score0.01077EPSS

Exploits0References3

EUVD•added 2 days ago•4 views

EUVD-2026-37610

Subscriber Broken Access Control in WPBakery Page Builder = 8.7.2 versions...

6.5CVSS5.1AI score0.00304EPSS

Exploits0References2

EUVD•added 2 days ago•5 views

EUVD-2026-37592

Subscriber Broken Access Control in Bricks Builder = 2.1.4 versions...

4.3CVSS5.2AI score0.00243EPSS

Exploits0References2

EUVD•added 2 days ago•4 views

EUVD-2026-37663

Subscriber Broken Access Control in WishList Member X = 3.29.0 versions...

4.3CVSS5.1AI score0.00259EPSS

Exploits0References2

NVD•added 2 days ago•4 views

CVE-2026-45436

Subscriber Broken Access Control in WPBakery Page Builder = 8.7.2 versions...

6.5CVSS0.00304EPSS

Exploits0References1

NVD•added 2 days ago•4 views

CVE-2026-24575

Subscriber Broken Access Control in WishList Member X = 3.29.0 versions...

4.3CVSS0.00259EPSS

Exploits0References1

Cvelist•added 2 days ago•26 views

CVE-2026-54803 WordPress SMS Alert Order Notifications plugin <= 3.9.4 - Privilege Escalation vulnerability

Subscriber Privilege Escalation in SMS Alert Order Notifications = 3.9.4 versions...

9.8CVSS0.0045EPSS

Exploits0References1

CVE•added 2 days ago•11 views

CVE-2026-54196

Technical details are not publicly provided in the supplied documents. Monitor for updates on affected versions, impact, and fixes.

6.8CVSS5.2AI score0.00211EPSS

Exploits0References1

Cvelist•added 2 days ago•24 views

CVE-2026-39546 WordPress MultiLoca plugin <= 4.2.15 - Privilege Escalation vulnerability

Subscriber Privilege Escalation in MultiLoca = 4.2.15 versions...

7.6CVSS0.00288EPSS

Exploits0References1

CVE•added 2 days ago•6 views

CVE-2026-22335

The CVE CVE-2026-22335 affects WordPress: WooCommerce Frontend Manager – Ultimate (wc-frontend-manager-ultimate) versions below 6.7.7. It is a SQL Injection vulnerability exploitable by an authenticated subscriber, with a CVSS base score of 8.5 per Patchstack (high impact: confidentiality) and 6....

8.5CVSS5.7AI score0.00347EPSS

Exploits0References1

Cvelist•added 3 days ago•18 views

CVE-2025-69103 WordPress Brikk theme <= 3.0.0 - Arbitrary Content Deletion vulnerability

Subscriber Arbitrary Content Deletion in Brikk = 3.0.0 versions...

7.5CVSS0.00407EPSS

Exploits0References1

NVD•added 3 days ago•9 views

CVE-2026-8444

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs' parameter of the wpfbfindreviews AJAX action in versions up to, and including, 12.6.8. This is due to the handler reading $POST'curselrevs' raw with no sanitization or type casting, then concatenatin...

8.8CVSS0.00253EPSS

Exploits0References2

NVD•added 3 days ago•7 views

CVE-2026-10093

The File Sharing & Download Manager – User Private Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fldrttl' parameter in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00235EPSS

Exploits0References9

Cvelist•added 3 days ago•30 views

CVE-2026-10093 File Sharing & Download Manager <= 2.1.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'fldr_ttl' Parameter

6.4CVSS0.00235EPSS

Exploits0References9

EUVD•added 4 days ago•5 views

EUVD-2026-36997

Subscriber Broken Access Control in myCred = 3.0.3 versions...

6.5CVSS5.1AI score0.00279EPSS

Exploits0References2

EUVD•added 4 days ago•7 views