CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

VulnCheck KEV•added 2026/05/04 12:0 a.m.•5 views

VulnCheck KEV: CVE-2025-15403

The RegistrationMagic plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.0.7.1. This is due to the 'addmenu' function is accessible via the 'rmuserexists' AJAX action and allows arbitrary updates to the 'adminorder' setting. This makes it possible f...

9.8CVSS5.9AI score0.00065EPSS

In wildExploits2References2

Vulnrichment•added 2026/03/21 3:27 a.m.•2 views

CVE-2026-4261 Expire Users <= 1.2.2 - Authenticated (Subscriber+) Privilege Escalation to Administrator via save_extra_user_profile_fields

The Expire Users plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.2. This is due to the plugin allowing a user to update the 'onexpiredefaulttorole' meta through the 'saveextrauserprofilefields' function. This makes it possible for authenticated...

8.8CVSS5.8AI score0.00058EPSS

Exploits0References2

NVD•added 2026/03/03 12:15 a.m.•3 views

CVE-2026-1566

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 5.2.7. This is due to the plugin allowing users with a LatePoint Agent role, who are creating new customers to se...

8.8CVSS0.00058EPSS

Exploits0References2

EUVD•added 2025/11/11 6:30 a.m.•1 views

EUVD-2025-60972

The Mementor Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.2.5. This is due to plugin not properly handling the user switch back function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to eleva...

8.8CVSS5.4AI score0.00053EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•0 views

EUVD-2025-6717

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00291EPSS

Exploits0References4

RedhatCVE•added 2025/05/22 5:1 a.m.•5 views

CVE-2016-11004

The Elegant Themes Monarch plugin before 1.2.7 for WordPress has privilege escalation...

8.8CVSS7.2AI score0.00192EPSS

Exploits0References1

CVE•added 2025/04/12 6:37 a.m.•93 views

CVE-2025-3418

CVE-2025-3418 affects WPC Admin Columns for WordPress. The issue is a privilege-escalation via the ajax_edit_save path: authenticated users with Subscriber+ can update their user meta to elevate to administrator, due to insufficient access control on that update. Root cause: missing/weak authoriz...

8.8CVSS8.7AI score0.0034EPSS

Exploits0References2

CVE•added 2025/03/19 5:22 a.m.•41 views

CVE-2024-12922

CVE-2024-12922 affects the WordPress Altair theme (versions <= 5.2.4). A missing capability check in functions.php allows unauthenticated users to perform an arbitrary options update via pp_import_current, enabling privilege escalation (e.g., changing registration default role to administrator...

9.8CVSS9.7AI score0.00291EPSS

Exploits0References3

Cvelist•added 2024/12/12 3:23 a.m.•8 views

CVE-2024-11443 de:branding <= 1.0.2 - Authenticated (Subscriber+) Arbitrary Options Update

The de:branding plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the debrandingsave function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with...

8.8CVSS0.00309EPSS

Exploits0References3