CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The connected documents identify CVE-2026-57327 as a vulnerability in the WordPress MainWP plugin up to version 6.1.1 describing a Subscriber/Broken Access Control issue. The underlying root cause is described as broken access control, but the documents do not provide concrete technical details s...

6.3CVSS5.8AI score

Exploits0References1

NVD•added 9 hours ago•5 views

CVE-2026-9676

The F4 Post Tree WordPress plugin before 2.0.5 does not perform capability checks or CSRF/nonce verification on one of its AJAX actions, allowing authenticated users with Subscriber-level access and above to modify the parent and menu order of arbitrary posts...

4.3CVSS

Exploits0References1

EUVD•added 10 hours ago•4 views

EUVD-2026-40040

4.3CVSS5.9AI score

Exploits0References1

ATTACKERKB•added 10 hours ago•3 views

CVE-2026-9676

5.9AI score

Exploits0References1

CVE•added 10 hours ago•7 views

CVE-2026-9676

The vulnerability CVE-2026-9676 affects the F4 Post Tree WordPress plugin prior to 2.0.5. The issue arises because the plugin does not perform capability checks or CSRF/nonce verification on one of its AJAX actions, allowing authenticated users with Subscriber-level access and above to modify the...

4.3CVSS5.9AI score

Exploits0References1

Nuclei•added 10 hours ago•13 views

WordPress CBX Bookmark & Favorite Plugin <= 2.0.4 - SQL Injection

CBX Bookmark & Favorite WordPress plugin = 2.0.4 contains a SQL injection caused by insufficient escaping of the 'orderby' parameter, letting authenticated attackers with Subscriber-level access extract sensitive database information id: CVE-2025-13652 info: name: WordPress CBX Bookmark & Favorit...

6.5CVSS5.8AI score0.01077EPSS

Exploits0References3

EUVD•added yesterday•8 views

EUVD-2026-39968

The Frontend File Manager Plugin plugin for WordPress is vulnerable to Authenticated Arbitrary File Deletion in versions up to and including 23.6. This is due to a case-sensitive bypass of the wpfmdirpath parameter sanitization in the wpfmfilemetaupdate AJAX handler, where supplying WPFMDIRPATH i...

8.1CVSS5.8AI score0.00417EPSS

Exploits0References4

NVD•added yesterday•11 views

CVE-2026-8095

8.1CVSS0.00417EPSS

Exploits0References3

NVD•added 2 days ago•9 views

CVE-2026-12471

The Spexo theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the activateplugin function in all versions up to, and including, 2.0.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate a limited set o...

4.3CVSS0.00196EPSS

Exploits0References4

NVD•added 2 days ago•6 views

CVE-2026-3462

The Frisbii Pay plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'uploadcsv' and 'processbatch' functions in all versions up to, and including, 1.8.9. This makes it possible for authenticated attackers, with Subscriber-level access an...

6.5CVSS0.00276EPSS

Exploits1References5

NVD•added 2 days ago•7 views

CVE-2026-11364

The Product Specifications for WooCommerce plugin for WordPress is vulnerable to unauthorized modification, creation, and deletion of data in versions up to and including 0.8.9. This is due to a missing capability check and missing nonce verification in the invoke methods of the...

4.3CVSS0.00213EPSS

Exploits0References8

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by