CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

263170 matches found

Cvelist•added 4 days ago•25 views

CVE-2026-39584 WordPress RepairBuddy plugin <= 4.1132 - Broken Access Control vulnerability

Subscriber Broken Access Control in RepairBuddy = 4.1132 versions...

6.5CVSS0.00326EPSS

Exploits0References1

Cvelist•added 4 days ago•23 views

CVE-2026-39583 WordPress Datalogics Ecommerce Delivery plugin <= 2.6.62 - Privilege Escalation vulnerability

Unauthenticated Privilege Escalation in Datalogics Ecommerce Delivery = 2.6.62 versions...

9.8CVSS0.00357EPSS

Exploits0References1

CVE•added 4 days ago•4 views

CVE-2026-39583

The CVE-2026-39583 entry concerns WordPress plugin Datalogics Ecommerce Delivery (versions

9.8CVSS5.2AI score0.00357EPSS

Exploits0References1

CVE•added 4 days ago•7 views

CVE-2026-39584

CVE-2026-39584 documents a Broken Access Control vulnerability in the WordPress RepairBuddy plugin, affecting versions

6.5CVSS5.1AI score0.00326EPSS

Exploits0References1

CVE•added 4 days ago•8 views

CVE-2026-39579

CVE-2026-39579 affects the WordPress plugin B Blocks up to version 2.0.31 . The vulnerability is a privilege escalation in contributor level, with a high impact (CVE metrics: CVSS 3.1 base score 8.8, scope UNCHANGED, confidentiality/integrity/availability all HIGH). Affected component is the plug...

8.8CVSS5.2AI score0.00278EPSS

Exploits0References1

Vulnrichment•added 4 days ago•5 views

CVE-2026-39579 WordPress B Blocks plugin <= 2.0.31 - Privilege Escalation vulnerability

Contributor Privilege Escalation in B Blocks = 2.0.31 versions...

8.8CVSS5.2AI score0.00278EPSS

Exploits0References1

Cvelist•added 4 days ago•23 views

CVE-2026-39579 WordPress B Blocks plugin <= 2.0.31 - Privilege Escalation vulnerability

Contributor Privilege Escalation in B Blocks = 2.0.31 versions...

8.8CVSS0.00278EPSS

Exploits0References1

Cvelist•added 4 days ago•23 views

CVE-2026-39534 WordPress WP Directory Kit plugin <= 1.5.0 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in WP Directory Kit = 1.5.0 versions...

7.5CVSS0.00306EPSS

Exploits0References1

CVE•added 4 days ago•2 views

CVE-2026-39534

WP Directory Kit plugin for WordPress, versions

7.5CVSS5.1AI score0.00306EPSS

Exploits0References1

CVE•added 4 days ago•2 views

CVE-2026-39540

CVE-2026-39540 concerns WordPress plugin Shipment Tracker for Woocommerce (versions up to and including 1.5.3.2). The vulnerability is a Cross Site Scripting (XSS) issue in subscriber-facing context. Public sources indicate a CVSSv3.1 base score of 6.5 (Medium) with network attack vector, low att...

6.5CVSS5.1AI score0.00205EPSS

Exploits0References1

Cvelist•added 4 days ago•24 views

CVE-2026-39533 WordPress AWP Classifieds plugin <= 4.4.4 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in AWP Classifieds = 4.4.4 versions...

7.5CVSS0.00304EPSS

Exploits0References1

CVE•added 4 days ago•7 views

CVE-2026-39533

The CVE-2026-39533 entry concerns the WordPress AWP Classifieds plugin (versions

7.5CVSS5.1AI score0.00304EPSS

Exploits0References1

Cvelist•added 4 days ago•25 views

CVE-2026-39532 WordPress Events Calendar for GeoDirectory plugin <= 2.3.25 - PHP Object Injection vulnerability

Contributor PHP Object Injection in Events Calendar for GeoDirectory = 2.3.25 versions...

8.8CVSS0.00344EPSS

Exploits0References1

CVE•added 4 days ago•5 views

CVE-2026-39530

CVE-2026-39530 involves the WordPress plugin SpeakOut! Email Petitions, affecting versions

9.3CVSS5.7AI score0.00296EPSS

Exploits0References1

CVE•added 4 days ago•6 views

CVE-2026-39532

The CVE-2026-39532 affects WordPress plugin “Events Calendar for GeoDirectory” up to version 2.3.25, with a PHP Object Injection vulnerability in Contributor PHP Object Injection in Events Calendar for GeoDirectory <= 2.3.25. The associated CVSS v3.1 score is 8.8 (HIGH), vector: CVSS:3.1/AV:N/...

8.8CVSS5.3AI score0.00344EPSS

Exploits0References1

Cvelist•added 4 days ago•23 views

CVE-2026-39530 WordPress SpeakOut! Email Petitions plugin <= 4.6.5 - SQL Injection vulnerability

Unauthenticated SQL Injection in SpeakOut! Email Petitions = 4.6.5 versions...

9.3CVSS0.00296EPSS

Exploits0References1

CVE•added 4 days ago•3 views

CVE-2026-39527

The CVE-2026-39527 entry concerns the WordPress WpStream plugin. Affected product: WordPress WpStream plugin versions prior to 4.11.2. Vulnerable component/behavior: Arbitrary File Upload under the Subscriber role, enabling an attacker with low privileges to upload arbitrary files. Root cause: de...

5.4CVSS5.2AI score0.00291EPSS

Exploits0References1

Vulnrichment•added 4 days ago•3 views

CVE-2026-39527 WordPress WpStream plugin < 4.11.2 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in WpStream 4.11.2 versions...

5.4CVSS5.2AI score0.00291EPSS

Exploits0References1

Cvelist•added 4 days ago•24 views

CVE-2026-39527 WordPress WpStream plugin < 4.11.2 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in WpStream 4.11.2 versions...

5.4CVSS0.00291EPSS

Exploits0References1

CVE•added 4 days ago•2 views

CVE-2026-39525

The CVE-2026-39525 entry documents an unauthenticated broken access control in the WordPress Booking Activities plugin, affected versions ≤ 1.16.48.1. The vulnerability allows unauthenticated actors to access or modify data via the plugin’s functionality (impact per CVSS: Confidentiality: None, I...

6.5CVSS5.1AI score0.00242EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by