CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

594 matches found

Wordfence Blog•added 5 days ago•11 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 15, 2026 to June 21, 2026)

Last week, there were 146 vulnerabilities disclosed in 127 WordPress Plugins and 1 WordPress Theme that have been added to the Wordfence Intelligence Vulnerability Database, and there were 85 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities ...

6.1AI score

Exploits0

EUVD•added 5 days ago•5 views

EUVD-2026-39187

The Email Address Encoder WordPress plugin before 1.0.25, email-encoder-premium WordPress plugin before 0.3.12 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks...

8.8CVSS5.8AI score0.00301EPSS

Exploits0References2

NVD•added 5 days ago•8 views

CVE-2026-5305

8.8CVSS0.00301EPSS

Exploits0References1

NVD•added 6 days ago•7 views

CVE-2026-10735

Multiple Shapedsmart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress plugin before 3.2.5, Product Slider for WooCommerce Pro WordPress plugin before 3.5.3 Pro smart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress plugin before 3.2.5, Produ...

7.5CVSS0.00387EPSS

Exploits1References1

EUVD•added 6 days ago•6 views

EUVD-2026-38693

7.5CVSS6.2AI score0.00387EPSS

Exploits1References1

Cvelist•added 6 days ago•35 views

CVE-2026-10735 ShapedPlugin Multiple Pro Plugins - Backdoor via Compromised Vendor Update Server

0.00387EPSS

Exploits1References1

EUVD•added 2026/06/20 1:27 a.m.•10 views

EUVD-2026-38104

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the viewpage function in all versions up to, and including, 1.5.1. This makes it possible for unauthenticated attackers to delete...

8.1CVSS6.7AI score0.00662EPSS

Exploits0References7

Positive Technologies•added 2026/06/16 12:0 a.m.•15 views

PT-2026-49831

Name of the Vulnerable Software and Affected Versions Real Testimonials Pro affected versions not specified Product Slider Pro for WooCommerce affected versions not specified Smart Post Show Pro affected versions not specified Description A supply chain compromise occurred where attackers...

7.5CVSS6.1AI score0.00387EPSS

Exploits1References14

NVD•added 2026/06/15 9:17 p.m.•12 views

CVE-2026-49104

Unauthenticated PHP Object Injection in Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms = 1.2.1 versions...

9.8CVSS0.00476EPSS

Exploits1References1

EUVD•added 2026/06/15 8:19 p.m.•6 views

EUVD-2026-36889

Unauthenticated PHP Object Injection in Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms = 1.1.8 versions...

9.8CVSS5.3AI score0.00383EPSS

Exploits0References1

EUVD•added 2026/06/15 8:19 p.m.•8 views

EUVD-2026-36881

Unauthenticated PHP Object Injection in Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms = 1.2.1 versions...

9.8CVSS5.3AI score0.00476EPSS

Exploits1References1

The Hacker News•added 2026/06/15 9:59 a.m.•13 views

Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites

An attacker tampered with trusted JavaScript files used by WordPress sites running PushEngage , OptinMonster , and TrustPulse , turning those files into a way to break into the sites. When a site administrator was logged in as the file loaded, the code created an admin account under the attacker'...

8.1CVSS6.2AI score0.0298EPSS

Exploits3

CNNVD•added 2026/06/11 12:0 a.m.•13 views

WordPress plugin Hippoo Mobile App for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

9.8CVSS5.4AI score0.00514EPSS

Exploits1References1

Positive Technologies•added 2026/06/11 12:0 a.m.•12 views

PT-2026-48750

Unauthenticated Broken Authentication in Booknetic = 4.8.5 versions...

8.1CVSS5.2AI score0.00322EPSS

Exploits0References3

Patchstack•added 2026/06/08 7:49 p.m.•8 views

WordPress Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Romain Deperne ang3L in WordPress Plugin Unlimited Elementor Inner Sections By BoomDevs versions = 1.3.3...

6.4CVSS5.4AI score0.00243EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/06/04 12:0 a.m.•14 views

PT-2026-46365

Unauthenticated Local File Inclusion in Snowy = 1.13 versions...

8.1CVSS5.2AI score0.00348EPSS

Exploits0References2

Positive Technologies•added 2026/06/04 12:0 a.m.•14 views

PT-2026-46337

Unauthenticated Local File Inclusion in Dazzle = 1.0.0 versions...

8.1CVSS5.2AI score0.00435EPSS

Exploits0References2