CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

263151 matches found

CVE•added 4 days ago•6 views

CVE-2026-40767

The CVE concerns WordPress wpForo Forum plugin, affected versions before 3.0.2, showing Unauthenticated Broken Access Control. The description indicates unauthenticated access via a network vector with no user interaction, affecting confidentiality (high) while other impacts are not noted. CVSSv3...

7.5CVSS5.1AI score0.00287EPSS

Exploits0References1

CVE•added 4 days ago•6 views

CVE-2026-40769

The CVE-2026-40769 entry concerns the WordPress plugin “Contact Form Extender for Divi – Save Entries, File Upload & Country Code Field” (versions

8.6CVSS5.3AI score0.00442EPSS

Exploits0References1

Cvelist•added 4 days ago•24 views

CVE-2026-40766 WordPress MasterStudy LMS plugin <= 3.7.25 - SQL Injection vulnerability

Subscriber SQL Injection in MasterStudy LMS = 3.7.25 versions...

8.5CVSS0.00332EPSS

Exploits0References1

CVE•added 4 days ago•8 views

CVE-2026-40766

CVE-2026-40766 concerns the WordPress MasterStudy LMS plugin (versions

8.5CVSS5.7AI score0.00332EPSS

Exploits0References1

Cvelist•added 4 days ago•23 views

CVE-2026-40743 WordPress Tutor LMS plugin <= 3.9.7 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Tutor LMS = 3.9.7 versions...

6.5CVSS0.00252EPSS

Exploits0References1

Cvelist•added 4 days ago•23 views

CVE-2026-40762 WordPress WPGraphQL plugin < 2.11.1 - SQL Injection vulnerability

Unauthenticated SQL Injection in WPGraphQL 2.11.1 versions...

7.5CVSS0.00251EPSS

Exploits0References1

CVE•added 4 days ago•9 views

CVE-2026-40762

The WPGraphQL WordPress plugin is affected by an unauthenticated SQL Injection in versions earlier than 2.11.1. The issue originates in WPGraphQL

7.5CVSS5.7AI score0.00251EPSS

Exploits0References1

CVE•added 4 days ago•5 views

CVE-2026-40743

CVE-2026-40743 corresponds to an Unauthenticated Broken Access Control in the WordPress Tutor LMS plugin, versions

6.5CVSS5.1AI score0.00252EPSS

Exploits0References1

Cvelist•added 4 days ago•23 views

CVE-2026-40741 WordPress Redsys for WooCommerce Light plugin <= 7.0.0 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Redsys for WooCommerce Light = 7.0.0 versions...

7.5CVSS0.00246EPSS

Exploits0References1

CVE•added 4 days ago•6 views

CVE-2026-40741

CVE-2026-40741 affects the WordPress plugin Redsys for WooCommerce Light up to version 7.0.0, exposing an unauthenticated broken access control vulnerability. The CVE entry notes unauthenticated access with high impact on integrity (CVSSv3.1: 7.5, I: High; A: None; C: None; V: Network, PR: None, ...

7.5CVSS5.1AI score0.00246EPSS

Exploits0References1

Cvelist•added 4 days ago•25 views

CVE-2026-40727 WordPress Groundhogg plugin <= 4.4 - Arbitrary File Deletion vulnerability

Sales Representative Arbitrary File Deletion in Groundhogg = 4.4 versions...

7.7CVSS0.00342EPSS

Exploits0References1

Cvelist•added 4 days ago•23 views

CVE-2026-40732 WordPress Notification for Telegram plugin <= 3.5 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Notification for Telegram = 3.5 versions...

7.1CVSS0.00175EPSS

Exploits0References1

Vulnrichment•added 4 days ago•5 views

CVE-2026-40727 WordPress Groundhogg plugin <= 4.4 - Arbitrary File Deletion vulnerability

Sales Representative Arbitrary File Deletion in Groundhogg = 4.4 versions...

7.7CVSS5.2AI score0.00342EPSS

Exploits0References1

CVE•added 4 days ago•9 views

CVE-2026-40732

CVE-2026-40732 affects the WordPress plugin Notification for Telegram (versions ≤ 3.5). The issue is an unauthenticated Cross Site Scripting (XSS) vulnerability, with the root cause not explicitly described in the provided documents. The Patchstack entry assigns a CVSS v3.1 base score of 7.1 (HIG...

7.1CVSS5.1AI score0.00175EPSS

Exploits0References1

CVE•added 4 days ago•8 views

CVE-2026-40727

The CVE covers WordPress Groundhogg plugin versions ≤ 4.4, vulnerable to Arbitrary File Deletion in the Sales Representative component. The root cause details are not fully provided, but the CVSSv3.1 score is 7.7 (HIGH) with Network attack vector, low attack complexity, privilege requirement, and...

7.7CVSS5.2AI score0.00342EPSS

Exploits0References1

Cvelist•added 4 days ago•24 views

CVE-2026-39594 WordPress Ultra Addons for WPForms plugin <= 1.0.11 - Broken Access Control vulnerability

Subscriber Broken Access Control in Ultra Addons for WPForms = 1.0.11 versions...

6.4CVSS0.00287EPSS

Exploits0References1

CVE•added 4 days ago•7 views

CVE-2026-39594

CVE-2026-39594 affects the WordPress plugin Ultra Addons for WPForms (versions

6.4CVSS5.1AI score0.00287EPSS

Exploits0References1

Cvelist•added 4 days ago•23 views

CVE-2026-39587 WordPress WP BASE Booking plugin <= 5.9.0 - Privilege Escalation vulnerability

Unauthenticated Privilege Escalation in WP BASE Booking = 5.9.0 versions...

8.1CVSS0.00283EPSS

Exploits0References1

Cvelist•added 4 days ago•24 views

CVE-2026-39591 WordPress WP-BusinessDirectory plugin <= 4.0.0 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in WP-BusinessDirectory = 4.0.0 versions...

9.9CVSS0.00465EPSS

Exploits0References1

CVE•added 4 days ago•6 views

CVE-2026-39591

The CVE-2026-39591 entry concerns the WordPress WP-BusinessDirectory plugin up to version 4.0.0, where a Subscriber Arbitrary File Upload vulnerability is reported. Connected sources confirm the affected product and vulnerability class but do not provide exploit details or mitigation steps beyond...

9.9CVSS5.2AI score0.00465EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by