CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

263149 matches found

CVE•added 4 days ago•13 views

CVE-2026-40776

CVE-2026-40776 affects the WP Event Solution (Eventin) plugin up to version 4.1.8, where unauthenticated requests can trigger Broken Access Control. The root cause involves three permission checks that accept a wp_rest nonce as authentication, plus an IDOR-prone Order endpoint and an open seat-bo...

7.5CVSS5.1AI score0.00414EPSS

Exploits2References1

Cvelist•added 4 days ago•26 views

CVE-2026-40776 WordPress Eventin plugin <= 4.1.8 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in WP Event SOlution = 4.1.8 versions...

7.5CVSS0.00414EPSS

Exploits2References1

Cvelist•added 4 days ago•22 views

CVE-2026-40774 WordPress Booking Package plugin <= 1.7.06 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Booking Package = 1.7.06 versions...

7.5CVSS0.00238EPSS

Exploits0References1

Cvelist•added 4 days ago•23 views

CVE-2026-40775 WordPress Royal MCP plugin <= 1.4.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Royal MCP = 1.4.2 versions...

7.3CVSS0.00219EPSS

Exploits0References1

Vulnrichment•added 4 days ago•4 views

CVE-2026-40774 WordPress Booking Package plugin <= 1.7.06 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Booking Package = 1.7.06 versions...

7.5CVSS5.2AI score0.00238EPSS

Exploits0References1

CVE•added 4 days ago•9 views

CVE-2026-40775

WordPress plugin Royal MCP (for the WordPress ecosystem) is affected up to version 1.4.2. The CVE describes an Unauthenticated Broken Access Control vulnerability, i.e., an attacker without credentials can access restricted functionality. The CVSS metrics (CVSS:3.1, AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:...

7.3CVSS5.1AI score0.00219EPSS

Exploits0References1

CVE•added 4 days ago•5 views

CVE-2026-40774

CVE-2026-40774 concerns the WordPress Booking Package plugin (versions

7.5CVSS5.1AI score0.00238EPSS

Exploits0References1

Cvelist•added 4 days ago•25 views

CVE-2026-40773 WordPress rtMedia for WordPress, BuddyPress and bbPress plugin <= 4.7.9 - Broken Access Control vulnerability

Subscriber Broken Access Control in rtMedia for WordPress, BuddyPress and bbPress = 4.7.9 versions...

6.5CVSS0.00279EPSS

Exploits0References1

CVE•added 4 days ago•6 views

CVE-2026-40773

The CVE covers WordPress plugin rtMedia for WordPress, BuddyPress and bbPress, vulnerable in versions

6.5CVSS5.1AI score0.00279EPSS

Exploits0References1

Cvelist•added 4 days ago•23 views

CVE-2026-40771 WordPress Contest Gallery plugin <= 28.1.6 - SQL Injection vulnerability

Unauthenticated SQL Injection in Contest Gallery = 28.1.6 versions...

9.3CVSS0.00283EPSS

Exploits0References1

Cvelist•added 4 days ago•23 views

CVE-2026-40772 WordPress GeekyBot plugin <= 1.2.2 - Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload in GeekyBot = 1.2.2 versions...

10CVSS0.00347EPSS

Exploits0References1

CVE•added 4 days ago•7 views

CVE-2026-40771

CVE-2026-40771 affects the WordPress Contest Gallery plugin and is an unauthenticated SQL Injection vulnerability in versions

9.3CVSS5.7AI score0.00283EPSS

Exploits0References1

CVE•added 4 days ago•8 views

CVE-2026-40772

CVE-2026-40772 pertains to the WordPress plugin GeekyBot (versions

10CVSS5.2AI score0.00347EPSS

Exploits0References1

Cvelist•added 4 days ago•25 views

CVE-2026-40770 WordPress Coupon Affiliates plugin <= 7.5.3 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Coupon Affiliates = 7.5.3 versions...

7.1CVSS0.00175EPSS

Exploits0References1

CVE•added 4 days ago•9 views

CVE-2026-40770

CVE-2026-40770 concerns the WordPress plugin Coupon Affiliates (versions

7.1CVSS5.1AI score0.00175EPSS

Exploits0References1

Vulnrichment•added 4 days ago•4 views

CVE-2026-40767 WordPress wpForo Forum plugin < 3.0.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in wpForo Forum 3.0.2 versions...

7.5CVSS5.2AI score0.00287EPSS

Exploits0References1

Cvelist•added 4 days ago•24 views

CVE-2026-40769 WordPress Contact Form Extender for Divi – Save Entries, File Upload & Country Code Field plugin <= 1.0.6 - Arbitrary File Deletion vulnerability

Unauthenticated Arbitrary File Deletion in Contact Form Extender for Divi Save Entries, File Upload & Country Code Field = 1.0.6 versions...

8.6CVSS0.00442EPSS

Exploits0References1

Cvelist•added 4 days ago•23 views

CVE-2026-40767 WordPress wpForo Forum plugin < 3.0.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in wpForo Forum 3.0.2 versions...

7.5CVSS0.00287EPSS

Exploits0References1

CVE•added 4 days ago•6 views

CVE-2026-40767

The CVE concerns WordPress wpForo Forum plugin, affected versions before 3.0.2, showing Unauthenticated Broken Access Control. The description indicates unauthenticated access via a network vector with no user interaction, affecting confidentiality (high) while other impacts are not noted. CVSSv3...

7.5CVSS5.1AI score0.00287EPSS

Exploits0References1

CVE•added 4 days ago•6 views

CVE-2026-40769

The CVE-2026-40769 entry concerns the WordPress plugin “Contact Form Extender for Divi – Save Entries, File Upload & Country Code Field” (versions

8.6CVSS5.3AI score0.00442EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by