CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

3374 matches found

Nuclei•added yesterday•13 views

WCAPF WooCommerce Ajax Product Filter - SQL Injection

WCAPF WooCommerce Ajax Product Filter = 4.2.3 contains a time-based SQL injection caused by insufficient escaping of the 'post-author' parameter, letting unauthenticated attackers extract sensitive database information remotely. id: CVE-2026-3396 info: name: WCAPF WooCommerce Ajax Product Filter ...

7.5CVSS5.5AI score0.01473EPSS

Exploits0References2

Nuclei•added yesterday•8 views

Hippoo Mobile App for WooCommerce <= 1.9.4 - Authentication Bypass to Admin Account Takeover

Hippoo Mobile App for WooCommerce WordPress plugin = 1.9.4 contains an authentication bypass caused by logic conflation in user permission checks, letting unauthenticated attackers take over administrator accounts via REST API password reset. id: CVE-2026-10580 info: name: Hippoo Mobile App for...

9.8CVSS5.2AI score0.01791EPSS

Exploits0References2

Nuclei•added yesterday•13 views

Custom Product Tabs for WooCommerce < 1.7.8 - Unauthenticated Toggle Content Setting Update

YIKES Inc. Custom Product Tabs for WooCommerce plugin \u003C= 1.7.7 contains a broken access control caused by improper permission checks in &yikes-the-content-toggle option update, letting attackers modify content without authorization. id: CVE-2022-28666 info: name: Custom Product Tabs for...

5.3CVSS5.6AI score0.01184EPSS

Exploits1References1

Nuclei•added yesterday•8 views

WordPress OrderConvo < 14 - Path Traversal

WooCommerce OrderConvo WordPress plugin \u003C 14 contains a path traversal vulnerability caused by improper validation of file download paths, letting unauthenticated attackers read or download arbitrary files remotely id: CVE-2025-10162 info: name: WordPress OrderConvo 14 - Path Traversal autho...

7.5CVSS5.4AI score0.03656EPSS

Exploits3References3

EUVD•added 2 days ago•4 views

EUVD-2026-36926

Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free = 5.3 versions...

9.3CVSS5.7AI score0.00283EPSS

Exploits0References2

NVD•added 2 days ago•4 views

CVE-2026-42664

Unauthenticated Broken Access Control in AI Product Search for WooCommerce Motive Commerce Search = 1.38.2 versions...

8.2CVSS0.00254EPSS

Exploits0References1

NVD•added 2 days ago•4 views

CVE-2026-39441

Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free = 5.3 versions...

9.3CVSS0.00283EPSS

Exploits0References1

Cvelist•added 2 days ago•23 views

CVE-2026-49110 WordPress Upsell Order Bump Offer for WooCommerce plugin <= 3.1.4 - Price Manipulation vulnerability

Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce = 3.1.4 versions...

7.5CVSS0.00236EPSS

Exploits0References1

Cvelist•added 2 days ago•25 views

CVE-2026-49065 WordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.5 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce = 1.9.5 versions...

8.2CVSS0.00244EPSS

Exploits0References1

CVE•added 2 days ago•7 views

CVE-2026-49065

The CVE applies to WordPress Hippoo Mobile App for WooCommerce plugin versions

8.2CVSS5.1AI score0.00244EPSS

Exploits0References1

CVE•added 2 days ago•13 views

CVE-2026-49061

CVE-2026-49061 : Unauthenticated arbitrary file download in the WordPress plugin WPC Product Options for WooCommerce (versions

7.5CVSS5.2AI score0.00373EPSS

Exploits0References1

Cvelist•added 2 days ago•24 views

CVE-2026-48873 WordPress Montonio for WooCommerce plugin <= 10.1.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Montonio for WooCommerce = 10.1.2 versions...

7.5CVSS0.00238EPSS

Exploits0References1

CVE•added 2 days ago•13 views

CVE-2026-48873

CVE-2026-48873 affects the WordPress plugin Montonio for WooCommerce (versions ≤ 10.1.2). The issue is Unauthenticated Broken Access Control in this plugin, allowing unauthenticated access to protected functionality (impact: high integrity impact; confidentiality/availability not affected per the...

7.5CVSS5.1AI score0.00238EPSS

Exploits0References1

Vulnrichment•added 2 days ago•3 views

CVE-2026-42668 WordPress Email Marketing for WooCommerce by Omnisend plugin <= 1.18.0 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in Email Marketing for WooCommerce by Omnisend = 1.18.0 versions...

7.5CVSS5.2AI score0.00528EPSS

Exploits0References1

Vulnrichment•added 2 days ago•4 views

CVE-2026-42386 WordPress Order Delivery Date for WooCommerce plugin <= 4.5.1 - SQL Injection vulnerability

Unauthenticated SQL Injection in Order Delivery Date for WooCommerce = 4.5.1 versions...

9.3CVSS5.7AI score0.00283EPSS

Exploits0References1

CVE•added 2 days ago•6 views

CVE-2026-40741

CVE-2026-40741 affects the WordPress plugin Redsys for WooCommerce Light up to version 7.0.0, exposing an unauthenticated broken access control vulnerability. The CVE entry notes unauthenticated access with high impact on integrity (CVSSv3.1: 7.5, I: High; A: None; C: None; V: Network, PR: None, ...

7.5CVSS5.1AI score0.00246EPSS

Exploits0References1

Cvelist•added 2 days ago•23 views

CVE-2026-39540 WordPress Shipment Tracker for Woocommerce plugin <= 1.5.3.2 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting XSS in Shipment Tracker for Woocommerce = 1.5.3.2 versions...

6.5CVSS0.00205EPSS

Exploits0References1

CVE•added 2 days ago•2 views

CVE-2026-39540

CVE-2026-39540 concerns WordPress plugin Shipment Tracker for Woocommerce (versions up to and including 1.5.3.2). The vulnerability is a Cross Site Scripting (XSS) issue in subscriber-facing context. Public sources indicate a CVSSv3.1 base score of 6.5 (Medium) with network attack vector, low att...

6.5CVSS5.1AI score0.00205EPSS

Exploits0References1

Cvelist•added 2 days ago•24 views

CVE-2026-39472 WordPress WooCommerce PDF Invoices & Packing Slips plugin < 5.9.0 - PHP Object Injection vulnerability

Shop manager PHP Object Injection in WooCommerce PDF Invoices & Packing Slips 5.9.0 versions...

7.2CVSS0.00446EPSS

Exploits0References1

CVE•added 2 days ago•5 views

CVE-2026-39470

CVE-2026-39470 affects the WordPress plugin WooCommerce Cart Abandonment Recovery, specifically versions earlier than 2.1.0. The issue is a Privilege Escalation that allows a shop manager to gain higher privileges. The reported impact is Confidentiality, Integrity, and Availability at high severi...

7.2CVSS5.2AI score0.00382EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by