CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

35 matches found

CVE•added yesterday•7 views

CVE-2026-11997

CVE-2026-11997 affects the WordPress plugin Bulk SEO Image

4.3CVSS5.8AI score0.00128EPSS

Exploits0References4

Cvelist•added 2026/05/20 6:46 a.m.•43 views

CVE-2026-6405 Anomify AI <= 0.3.6 - Cross-Site Request Forgery

The Anomify AI – Anomaly Detection and Alerting plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF leading to Stored Cross-Site Scripting XSS in versions up to and including 0.3.6. This is due to missing nonce verification on the settings page handler and insufficient output...

4.3CVSS0.00168EPSS

Exploits0References7

CVE•added 2026/05/05 2:26 a.m.•11 views

CVE-2026-6701

The WordPress addfreespace plugin (versions ≤ 0.1.3) is vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation, allowing unauthenticated attackers to modify settings and inject stored scripts via a forged request, by convincing an admin to perform an action. Root cause...

4.3CVSS5.7AI score0.00158EPSS

Exploits0References11

Vulnrichment•added 2026/04/22 7:45 a.m.•2 views

CVE-2026-4121 Kcaptcha <= 1.0.1 - Cross-Site Request Forgery to Settings Update

The Kcaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.1. This is due to missing nonce validation in the plugin's settings page handler admin/setting.php. The settings form does not include a wpnoncefield and the form processing code...

4.3CVSS5.7AI score0.00178EPSS

Exploits0References7

Cvelist•added 2026/03/21 3:27 a.m.•30 views

CVE-2026-1278 Mandatory Field <= 1.6.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Fields

The Mandatory Field plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...

4.4CVSS0.00195EPSS

Exploits0References5

Positive Technologies•added 2026/01/24 12:0 a.m.•11 views

PT-2026-4605

The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the settings page. This makes it possible for unauthenticated attackers to update plugin setting...

4.3CVSS5.5AI score0.0016EPSS

Exploits1References5

RedhatCVE•added 2026/01/07 9:19 a.m.•7 views

CVE-2024-2505

The GamiPress WordPress plugin before 6.8.9's access control mechanism fails to properly restrict access to its settings, permitting Authors to manipulate requests and extend access to lower privileged users, like Subscribers, despite initial settings prohibiting such access. This vulnerability...

8.1CVSS6.6AI score0.00635EPSS

Exploits2References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-11628

Malware in sbrugna...

5.4CVSS5.4AI score0.00629EPSS

Exploits2References2

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-58303