CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

111 matches found

Positive Technologies•added 2026/06/04 12:0 a.m.•11 views

PT-2026-46340

Unauthenticated Local File Inclusion in Especio = 1.0 versions...

8.1CVSS5.2AI score0.00435EPSS

Exploits0References3

EUVD•added 2026/04/22 9:31 a.m.•6 views

EUVD-2026-24688

The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3. This is due to the brnwpajaxform AJAX endpoint lacking both authorization checks and CSRF verification, combined with insufficient path validation when the brnwptheme option...

6.5CVSS5.8AI score0.00814EPSS

Exploits0References8

EUVD•added 2026/04/08 9:32 p.m.•4 views

EUVD-2024-47006

The Easy Image Collage plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajaximagecollage function in all versions up to, and including, 1.13.5. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

5.4CVSS6AI score0.00453EPSS

Exploits0References3

RedhatCVE•added 2026/01/09 12:31 p.m.•7 views

CVE-2023-4281

This Activity Log WordPress plugin before 2.8.8 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic...

5.3CVSS6.6AI score0.00627EPSS

Exploits2References1

RedhatCVE•added 2026/01/09 11:13 a.m.•11 views

CVE-2016-10762

The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV injection when the export tool is used...

7.5CVSS7.3AI score0.01798EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 11:11 a.m.•8 views

CVE-2016-10897

The sermon-browser plugin before 0.45.16 for WordPress has multiple XSS issues...

6.1CVSS6.2AI score0.00913EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:35 a.m.•7 views

CVE-2017-18565

The updater plugin before 1.35 for WordPress has multiple XSS issues...

6.1CVSS6.2AI score0.0139EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:34 a.m.•4 views

CVE-2017-18608

The spotim-comments plugin before 4.0.4 for WordPress has multiple XSS issues...

6.1CVSS6.2AI score0.00977EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:33 a.m.•5 views

CVE-2017-18586

The insert-pages plugin before 3.2.4 for WordPress has directory traversal via custom template paths...

9.1CVSS7.1AI score0.02503EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:32 a.m.•8 views

CVE-2017-18502

The subscriber plugin before 1.3.5 for WordPress has multiple XSS issues...

6.1CVSS6.2AI score0.01652EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:32 a.m.•5 views

CVE-2017-18492

The contact-form-to-db plugin before 1.5.7 for WordPress has multiple XSS issues...

6.1CVSS6.2AI score0.01458EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:32 a.m.•5 views

CVE-2017-18564

The sender plugin before 1.2.1 for WordPress has multiple XSS issues...

6.1CVSS6.2AI score0.0139EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:8 a.m.•5 views

CVE-2024-2172

The Malware Scanner plugin and the Web Application Firewall plugin for WordPress both by MiniOrange are vulnerable to privilege escalation due to a missing capability check on the mowpnsinit function in all versions up to, and including, 4.7.2 for Malware Scanner and 2.1.1 for Web Application...

9.8CVSS7.3AI score0.01712EPSS

Exploits1References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-23446

Malware in sbrugna...

5.5CVSS5.5AI score0.00566EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2021-11897

Malware in sbrugna...

6.1CVSS6.1AI score0.01109EPSS

Exploits2References3