CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

554 matches found

NVD•added 2026/04/17 7:16 a.m.•40 views

CVE-2026-6441

The Canto plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 3.1.1. This is due to the absence of any capability check or nonce verification in the updateOptions function, which is exposed via two AJAX hooks: wpajaxupdateOptions class-canto.php line 231 an...

4.3CVSS0.00282EPSS

Exploits0References7

CNNVD•added 2026/04/08 12:0 a.m.•6 views

WordPress plugin Doofinder for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5.3CVSS5.8AI score0.0024EPSS

Exploits0References1

Patchstack•added 2026/02/18 12:37 a.m.•8 views

WordPress SiteOrigin Widgets Bundle plugin <= 1.70.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by bashu - KCSC in WordPress Plugin SiteOrigin Widgets Bundle versions = 1.70.4...

5.4CVSS5.5AI score0.00284EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/01/20 1:22 a.m.•5 views

CVE-2025-14978

The PeachPay — Payments & Express Checkout for WooCommerce supports Stripe, PayPal, Square, Authorize.net plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the ConvesioPay webhook REST endpoint in all versions up to, and including,...

5.3CVSS5.6AI score0.00219EPSS

Exploits0References3

RedhatCVE•added 2026/01/09 10:45 a.m.•6 views

CVE-2022-0328

The Simple Membership WordPress plugin before 4.0.9 does not have CSRF check when deleting members in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack...

4.7CVSS6.7AI score0.00464EPSS

Exploits2References1

RedhatCVE•added 2026/01/09 10:44 a.m.•5 views

CVE-2022-0884

The Profile Builder WordPress plugin before 3.6.8 does not sanitise and escape Form Fields titles and description, which could allow high privilege user such as admin to perform Criss-Site Scripting attacks even when unfilteredhtml is disallowed...

4.8CVSS6.3AI score0.00644EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:16 a.m.•11 views

CVE-2025-1783

The Gallery Styles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Gallery Block in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

6.4CVSS5.9AI score0.00247EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:15 a.m.•12 views

CVE-2024-2126

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Registration Form widget in all versions up to, and including, 2.10.32 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.8AI score0.00423EPSS

Exploits0References1