CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

86 matches found

RedhatCVE•added 2026/02/19 1:28 p.m.•3 views

CVE-2026-2127

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to unauthorized arbitrary shortcode execution in all versions up to, and including, 1.70.4. This is due to a missing capability check on the siteoriginwidgetpreviewwidgetaction function which is registered via the...

5.4CVSS6.1AI score0.00015EPSS

Exploits0References1

NVD•added 2026/02/18 9:15 a.m.•1 views

CVE-2026-2127

5.4CVSS0.00015EPSS

Exploits0References6

CVE•added 2026/02/18 8:26 a.m.•8 views

CVE-2026-2127

CVE-2026-2127 describes an authenticated arbitrary shortcode execution flaw in the WordPress plugin SiteOrigin Widgets Bundle (versions

5.4CVSS6.1AI score0.00015EPSS

Exploits0References6

Vulnrichment•added 2026/02/18 8:26 a.m.•1 views

CVE-2026-2127 SiteOrigin Widgets Bundle <= 1.70.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution

5.4CVSS6.1AI score0.00015EPSS

Exploits0References6

Cvelist•added 2026/02/18 8:26 a.m.•25 views

CVE-2026-2127 SiteOrigin Widgets Bundle <= 1.70.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution

5.4CVSS0.00015EPSS

Exploits0References6

Patchstack•added 2026/02/18 12:37 a.m.•6 views

WordPress SiteOrigin Widgets Bundle plugin <= 1.70.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by bashu - KCSC in WordPress Plugin SiteOrigin Widgets Bundle versions = 1.70.4...

5.4CVSS5.5AI score0.00015EPSS

Exploits0References1Affected Software1

CNNVD•added 2026/02/18 12:0 a.m.•4 views

WordPress plugin SiteOrigin Widgets Bundle 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.4CVSS6.1AI score0.00015EPSS

Exploits0References6

Positive Technologies•added 2026/02/18 12:0 a.m.•4 views

PT-2026-20365

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to unauthorized arbitrary shortcode execution in all versions up to, and including, 1.70.4. This is due to a missing capability check on the siteorigin widget preview widget action function which is registered via the wp ajax so...

5.4CVSS6AI score0.00015EPSS

Exploits0References7