CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE-2026-57632 affects the WordPress plugin “Email Marketing for WooCommerce by Omnisend” up to version 1.19.0. The vulnerability is described as a Broken Access Control issue in the subscriber flow, with the affected component being the Omnisend for WooCommerce integration. Connected documents c...

5.4CVSS5.8AI score

Exploits0References1

Nuclei•added 15 hours ago•13 views

WordPress CBX Bookmark & Favorite Plugin <= 2.0.4 - SQL Injection

CBX Bookmark & Favorite WordPress plugin = 2.0.4 contains a SQL injection caused by insufficient escaping of the 'orderby' parameter, letting authenticated attackers with Subscriber-level access extract sensitive database information id: CVE-2025-13652 info: name: WordPress CBX Bookmark & Favorit...

6.5CVSS5.8AI score0.01077EPSS

Exploits0References3

NVD•added yesterday•4 views

CVE-2026-2508

The Gravity Forms Booking plugin for WordPress is vulnerable to time-based SQL Injection via the ‘staffid’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS0.00241EPSS

Exploits0References3

NVD•added yesterday•7 views

CVE-2026-12079

The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ’orderby’ parameter in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

6.5CVSS0.00224EPSS

Exploits0References2

EUVD•added yesterday•6 views

EUVD-2026-39167

6.5CVSS6AI score0.00241EPSS

Exploits0References3

EUVD•added yesterday•5 views

EUVD-2026-39165

6.5CVSS6AI score0.00224EPSS

Exploits0References2

NVD•added 2 days ago•6 views

CVE-2026-9619

The Reviews and Rating – Docplanner plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS0.00307EPSS

Exploits0References6

NVD•added 2 days ago•5 views

CVE-2026-9616

The Generate Security.txt plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.12. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS0.0024EPSS

Exploits0References7

NVD•added 2 days ago•7 views

CVE-2026-8688

The Advance Nav Menu Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS0.00227EPSS

Exploits0References7

NVD•added 2 days ago•5 views

CVE-2026-4297

The Welcome Software Publishing plugin for WordPress is vulnerable to Arbitrary Options Update in all versions up to and including 0.0.31. This is due to a missing capability check in the ncsetOption function, which is exposed via the nc.setOption XML-RPC method. The function authenticates the us...

8.8CVSS0.00463EPSS

Exploits0References9

NVD•added 2 days ago•5 views

CVE-2026-8614

The Assistio plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and missing nonce verification on the assistioplugindeleteassistiosettings function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers,...

4.3CVSS0.00238EPSS

Exploits0References3

CVE•added 2 days ago•7 views

CVE-2026-8688

The CVE pertains to the WordPress plugin Advance Nav Menu Manager (

4.3CVSS5.8AI score0.00227EPSS

Exploits0References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by