CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

581 matches found

Wordfence Blog•added 2026/01/23 3:29 p.m.•11 views

Wordfence Bug Bounty Program Monthly Report – December 2025

Last month in December 2025, the Wordfence Bug Bounty Program received 759 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the Wordfen...

6.8AI score

Exploits0

CNNVD•added 2026/01/23 12:0 a.m.•4 views

WordPress plugin UX Flat security vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...

6.5CVSS5.7AI score0.00019EPSS

Exploits0References1

CNNVD•added 2026/01/23 12:0 a.m.•3 views

WordPress Plugin SiteLock Security Vulnerabilities

4.3CVSS5.8AI score0.00014EPSS

Exploits0References2

CNNVD•added 2026/01/23 12:0 a.m.•3 views

WordPress plugin terms description: Security vulnerabilities

5.9CVSS5.6AI score0.00059EPSS

Exploits0References1

Wordfence Blog•added 2026/01/22 2:50 p.m.•21 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (January 12, 2026 to January 18, 2026)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

10CVSS8.6AI score0.04525EPSS

Exploits15

CNNVD•added 2026/01/22 12:0 a.m.•3 views

WordPress plugin SearchAzon has a cross-site request forgeing vulnerability.

4.3CVSS5.7AI score0.00026EPSS

Exploits0References1

CNNVD•added 2026/01/22 12:0 a.m.•2 views

WordPress plugin WorkScout-Core has cross-site scripting vulnerabilities

7.1CVSS5.7AI score0.00064EPSS

Exploits0References1

CNNVD•added 2026/01/22 12:0 a.m.•3 views

WordPress plugin North: code-related vulnerabilities

8.8CVSS5.9AI score0.00114EPSS

Exploits0References1

CNNVD•added 2026/01/22 12:0 a.m.•5 views

WordPress plugin Malta security vulnerability

8.1CVSS5.8AI score0.00066EPSS

Exploits0References1

CNNVD•added 2026/01/22 12:0 a.m.•4 views

WordPress plugin Eldon security vulnerability

8.1CVSS5.8AI score0.00066EPSS

Exploits0References1

CNNVD•added 2026/01/22 12:0 a.m.•3 views

WordPress plugin North security vulnerability

8.1CVSS5.8AI score0.00066EPSS

Exploits0References1

CNNVD•added 2026/01/22 12:0 a.m.•3 views

WordPress plugin Overton has a security vulnerability

3.8CVSS5.8AI score0.00042EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:55 a.m.•7 views

CVE-2022-23987

The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape their Form Name, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS6AI score0.00206EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:45 a.m.•4 views

CVE-2022-0919

The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching bookings, allowing any unauthenticated users to search other's booking, as well as retrieve sensitive information about the bookings, such as the full name, email and phone number ...

5.3CVSS6.5AI score0.00981EPSS

Exploits2References1

RedhatCVE•added 2026/01/09 8:41 a.m.•5 views

CVE-2022-0215

The Login/Signup Popup, Waitlist Woocommerce Back in stock notifier , and Side Cart Woocommerce Ajax WordPress plugins by XootiX are vulnerable to Cross-Site Request Forgery via the savesettings function found in the /includes/xoo-framework/admin/class-xoo-admin-settings.php file which makes it...

8.8CVSS6.7AI score0.00318EPSS

Exploits2References1

Wordfence Blog•added 2026/01/08 6:20 p.m.•23 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (December 15, 2025 to January 4, 2026)

9.9CVSS8.4AI score0.30797EPSS

Exploits12

RedhatCVE•added 2026/01/07 9:19 a.m.•2 views

CVE-2024-2762

The FooGallery WordPress plugin before 2.4.15, foogallery-premium WordPress plugin before 2.4.15 does not validate and escape some of its Gallery settings before outputting them back in the page, which could allow users with a role as low as Author to perform Stored Cross-Site Scripting attacks...

6.3CVSS5.5AI score0.00306EPSS

Exploits2References1

RedhatCVE•added 2026/01/07 9:19 a.m.•2 views

CVE-2025-12067

The Table Field Add-on for ACF and SCF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table Cell Content in all versions up to, and including, 1.3.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5AI score0.00027EPSS

Exploits0References1

CVE•added 2026/01/06 8:30 p.m.•11 views

CVE-2025-30631

CVE-2025-30631 is a Reflected XSS in AA-Team Woocommerce Sales Funnel Builder and AA-Team Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer). Affected: Woocommerce Sales Funnel Builder up to version 1.1; Amazon Affiliates Addon for WPBakery Page Builder up to 1.2. Root c...

7.1CVSS5.2AI score0.00025EPSS

Exploits0References2

CNNVD•added 2026/01/06 12:0 a.m.•3 views

WordPress多款产品代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host a personal blog site on a PHP and MySQL bas...

9.9CVSS7.9AI score0.00195EPSS

Exploits0References10

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by