CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The CVE-2026-48836 entry concerns the WordPress Easy Invoice plugin (versions ≤ 2.1.19) with an unauthenticated Remote Code Execution (RCE) vulnerability. According to connected sources, an RCE exists in Easy Invoice up to 2.1.19; the Patchstack listing notes a critical CVSS 3.1 vector (AV:N/AC:L...

10CVSS5.5AI score0.00572EPSS

Exploits0References1

CVE•added 2026/06/15 8:18 p.m.•22 views

CVE-2026-48835

The CVE-2026-48835 entry concerns WordPress WPForms Contact Form plugin (<= 1.10.0.4). The vulnerability is an unauthenticated Broken Access Control in the contact form feature, per Patchstack and CVE metadata. Affected software: WordPress plugin WPForms Lite (Contact Form by WPForms)

7.5CVSS5.1AI score0.00305EPSS

Exploits0References1

CVE•added 2026/06/15 8:18 p.m.•18 views

CVE-2026-45439

CVE-2026-45439 is a reported unauthenticated SQL injection in the WordPress plugin “ Realtyna Organic IDX” (plugin version

9.3CVSS5.7AI score0.00291EPSS

Exploits0References1

Cvelist•added 2026/06/15 8:18 p.m.•25 views

CVE-2026-45439 WordPress Realtyna Organic IDX plugin plugin <= 5.1.0 - SQL Injection vulnerability

Unauthenticated SQL Injection in Realtyna Organic IDX plugin = 5.1.0 versions...

9.3CVSS0.00291EPSS

Exploits0References1

EUVD•added 2026/06/15 8:18 p.m.•6 views

EUVD-2026-36842

Unauthenticated Other Vulnerability Type in WpEvently = 5.3.3 versions...

7.5CVSS5.2AI score0.00259EPSS

Exploits0References1

Cvelist•added 2026/06/15 8:18 p.m.•29 views

CVE-2026-45437 WordPress Product Filter Widget for Elementor plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Product Filter Widget for Elementor = 1.0.6 versions...

7.1CVSS0.00175EPSS

Exploits0References1

CVE•added 2026/06/15 8:18 p.m.•16 views

CVE-2026-42775

The CVE-2026-42775 issue affects the WordPress plugin AutomatorWP (versions ≤ 5.7.2). It is an unauthenticated Cross Site Scripting (XSS) vulnerability in AutomatorWP ≤ 5.7.2. The provided data lists a CVSS v3.1 base score of 7.1 (High) with network attack vector, no privileges required, and user...

7.1CVSS5.1AI score0.00175EPSS

Exploits0References1

Vulnrichment•added 2026/06/15 8:18 p.m.•6 views

CVE-2026-42752 WordPress Stripe Payments plugin <= 2.0.98 - Bypass Vulnerability vulnerability

Unauthenticated Bypass Vulnerability in Stripe Payments = 2.0.98 versions...

6.5CVSS5.2AI score0.00222EPSS

Exploits0References1

Vulnrichment•added 2026/06/15 8:18 p.m.•9 views

CVE-2026-42775 WordPress AutomatorWP plugin <= 5.7.2 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in AutomatorWP = 5.7.2 versions...

7.1CVSS5.1AI score0.00175EPSS

Exploits0References1

Cvelist•added 2026/06/15 8:18 p.m.•26 views

CVE-2026-42743 WordPress Masteriyo - LMS plugin <= 2.1.8 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in Masteriyo - LMS = 2.1.8 versions...

6.5CVSS0.00144EPSS

Exploits0References1

Cvelist•added 2026/06/15 8:18 p.m.•25 views

CVE-2026-42668 WordPress Email Marketing for WooCommerce by Omnisend plugin <= 1.18.0 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in Email Marketing for WooCommerce by Omnisend = 1.18.0 versions...

7.5CVSS0.00427EPSS

Exploits0References1

CVE•added 2026/06/15 8:18 p.m.•14 views

CVE-2026-42666

The WordPress Salon Booking System plugin versions

7.5CVSS5.1AI score0.00278EPSS

Exploits0References1

Vulnrichment•added 2026/06/15 8:18 p.m.•6 views

CVE-2026-42666 WordPress Salon booking system plugin <= 10.30.25 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Salon booking system = 10.30.25 versions...

7.5CVSS5.1AI score0.00278EPSS

Exploits0References1

Cvelist•added 2026/06/15 8:18 p.m.•27 views

CVE-2026-42664 WordPress AI Product Search for WooCommerce – Motive Commerce Search plugin <= 1.38.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in AI Product Search for WooCommerce Motive Commerce Search = 1.38.2 versions...

8.2CVSS0.00254EPSS

Exploits0References1

Cvelist•added 2026/06/15 8:18 p.m.•26 views

CVE-2026-42661 WordPress WP Customer Area plugin <= 8.3.4 - Path Traversal vulnerability

Custom role Path Traversal in WP Customer Area = 8.3.4 versions...

8.8CVSS0.00371EPSS

Exploits0References1

CVE•added 2026/06/15 8:18 p.m.•9 views

CVE-2026-42659

The CVE concerns WordPress plugin “Advanced Form Integration” (versions

6.5CVSS5.1AI score0.00271EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by