CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

263170 matches found

Cvelist•added 4 days ago•26 views

CVE-2026-39524 WordPress Masteriyo - LMS plugin <= 2.1.5 - Payment Bypass vulnerability

Unauthenticated Broken Access Control in Masteriyo - LMS = 2.1.5 versions...

7.5CVSS0.00246EPSS

Exploits0References1

CVE•added 4 days ago•6 views

CVE-2026-39524

CVE-2026-39524 affects the WordPress Masteriyo LMS plugin <= 2.1.5. The vulnerability is described as Unauthenticated Broken Access Control, enabling a payment bypass vulnerability without authentication. CVSS 3.1 base score 7.5 (HIGH) with NETWORK attack vector, LOW attack complexity, and no ...

7.5CVSS5.1AI score0.00246EPSS

Exploits0References1

Cvelist•added 4 days ago•22 views

CVE-2026-39525 WordPress Booking Activities plugin <= 1.16.48.1 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Booking Activities = 1.16.48.1 versions...

6.5CVSS0.00242EPSS

Exploits0References1

CVE•added 4 days ago•4 views

CVE-2026-39519

CVE-2026-39519 affects the WordPress plugin GeekyBot (versions <= 1.2.0). The vulnerability is an unauthenticated SQL Injection in GeekyBot

9.3CVSS5.7AI score0.00283EPSS

Exploits0References1

Cvelist•added 4 days ago•22 views

CVE-2026-39519 WordPress GeekyBot plugin <= 1.2.0 - SQL Injection vulnerability

Unauthenticated SQL Injection in GeekyBot = 1.2.0 versions...

9.3CVSS0.00283EPSS

Exploits0References1

Cvelist•added 4 days ago•27 views

CVE-2026-39518 WordPress EventPrime plugin <= 4.3.0.0 - Insecure Direct Object References (IDOR) vulnerability

Subscriber Insecure Direct Object References IDOR in EventPrime = 4.3.0.0 versions...

7.1CVSS0.00278EPSS

Exploits0References1

CVE•added 4 days ago•2 views

CVE-2026-39515

The WordPress Motors plugin for WordPress, versions prior to 1.4.107, contains a Broken Access Control vulnerability that involves the Subscriber role. The issue enables unauthorized actions due to access control weaknesses in Motors

6.5CVSS5.1AI score0.00352EPSS

Exploits0References1

CVE•added 4 days ago•7 views

CVE-2026-39518

The CVE pertains to WordPress EventPrime plugin versions

7.1CVSS5.2AI score0.00278EPSS

Exploits0References1

Cvelist•added 4 days ago•23 views

CVE-2026-39515 WordPress Motors plugin < 1.4.107 - Broken Access Control vulnerability

Subscriber Broken Access Control in Motors 1.4.107 versions...

6.5CVSS0.00352EPSS

Exploits0References1

Vulnrichment•added 4 days ago•5 views

CVE-2026-39514 WordPress Paid Member Subscriptions plugin <= 2.17.3 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Paid Member Subscriptions = 2.17.3 versions...

7.1CVSS5.2AI score0.00175EPSS

Exploits0References1

CVE•added 4 days ago•4 views

CVE-2026-39514

The CVE describes an unauthenticated Reflected Cross Site Scripting (XSS) vulnerability in the WordPress plugin Paid Member Subscriptions (versions up to 2.17.3 ). The issue is triggered via reflected input, affecting the plugin’s handling of user-supplied data and potentially enabling code execu...

7.1CVSS5.1AI score0.00175EPSS

Exploits0References1

Cvelist•added 4 days ago•23 views

CVE-2026-39514 WordPress Paid Member Subscriptions plugin <= 2.17.3 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Paid Member Subscriptions = 2.17.3 versions...

7.1CVSS0.00175EPSS

Exploits0References1

Cvelist•added 4 days ago•22 views

CVE-2026-39512 WordPress GeoDirectory plugin <= 2.8.152 - SQL Injection vulnerability

Unauthenticated SQL Injection in GeoDirectory = 2.8.152 versions...

9.3CVSS0.00283EPSS

Exploits0References1

Cvelist•added 4 days ago•24 views

CVE-2026-39513 WordPress Easy Appointments plugin <= 3.12.21 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Easy Appointments = 3.12.21 versions...

7.5CVSS0.00287EPSS

Exploits0References1

CVE•added 4 days ago•5 views

CVE-2026-39512

WordPress GeoDirectory plugin ≤ 2.8.152 contains an Unauthenticated SQL Injection vulnerability. Affects that plugin version, enabling network-based attacks with no authentication; CVSSv3.1 base score 9.3 (CRITICAL) with high confidentiality impact and low availability impact. Connected sources p...

9.3CVSS5.7AI score0.00283EPSS

Exploits0References1

CVE•added 4 days ago•6 views

CVE-2026-39513

CVE-2026-39513 affects the WordPress Easy Appointments plugin for versions up to 3.12.21, with an Unauthenticated Broken Access Control vulnerability. The connected documents confirm the affected product, version range, and vulnerability type but do not provide exploitation details, confirmed roo...

7.5CVSS5.1AI score0.00287EPSS

Exploits0References1

CVE•added 4 days ago•8 views

CVE-2026-39511

CVE-2026-39511 affects the WordPress plugin WP Photo Album Plus

9.3CVSS5.7AI score0.00295EPSS

Exploits0References1

Cvelist•added 4 days ago•24 views

CVE-2026-39511 WordPress WP Photo Album Plus plugin <= 9.1.08.001 - SQL Injection vulnerability

Unauthenticated SQL Injection in WP Photo Album Plus = 9.1.08.001 versions...

9.3CVSS0.00295EPSS

Exploits0References1

CVE•added 4 days ago•5 views

CVE-2026-39507

The CVE-2026-39507 entry refers to the WordPress Social Slider Feed plugin, affected in versions <= 2.3.2, with an unauthenticated Cross Site Scripting (XSS) vulnerability. The issue is described as unauthenticated XSS in Social Slider Feed

7.1CVSS5.1AI score0.00175EPSS

Exploits0References1

CVE•added 4 days ago•4 views

CVE-2026-39503

CVE-2026-39503 affects the WordPress plugin Easy Digital Downloads (versions

7.5CVSS5.1AI score0.00246EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by