CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 4 days ago•7 views

CVE-2016-20074

WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into submitting POST requests to the plugin settings page via...

5.3CVSS0.00106EPSS

CVE-2016-20076

WordPress Simple-Backup 2.7.11 contains multiple vulnerabilities that allow unauthenticated attackers to delete arbitrary files and download sensitive files by manipulating the deletebackupfile and downloadbackupfile parameters in tools.php. Attackers can exploit insufficient input validation usi...

8.7CVSS0.00601EPSS

NVD•added 4 days ago•8 views

CVE-2016-20071

The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through unsanitized user input. Attackers can craft GET requests with SQL injection payloa...

8.8CVSS0.00302EPSS

CVE-2016-20067

WordPress CP Polls 1.0.8 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML pages that execute unwanted poll operations when administrators visit the page while logged in...

5.3CVSS0.00116EPSS

NVD•added 4 days ago•5 views

CVE-2016-20069

WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode function that fails to sanitize the calendar parameter before using it in database queries. Attackers can inject SQL commands through the calendar shortcode parameter to...

8.8CVSS0.0024EPSS

CVE-2016-20068

WordPress Booking Calendar Contact Form version 1.0.23 contains an unauthenticated blind SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send requests to the admin-ajax.php endpoint wit...

8.8CVSS0.00302EPSS

CVE-2016-20066

WordPress CP Polls 1.0.8 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unsanitized file upload functionality. Attackers can upload files containing script payloads with event handlers like onerror attributes to execute arbitrary...

7.2CVSS0.00192EPSS

Patchstack•added 4 days ago•4 views

WordPress JetEngine plugin <= 3.8.10.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by VanTastic in WordPress Plugin JetEngine versions = 3.8.10.1...

9.3CVSS5.8AI score0.00291EPSS

Exploits0Affected Software1

Cvelist•added 4 days ago•33 views

CVE-2025-64215 WordPress MasterStudy LMS Pro plugin < 4.7.16 - Broken Access Control vulnerability

Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects MasterStudy LMS Pro: from n/a before 4.7.16...

6.5CVSS0.00196EPSS

Vulnrichment•added 4 days ago•4 views

CVE-2025-64215 WordPress MasterStudy LMS Pro plugin < 4.7.16 - Broken Access Control vulnerability

6.5CVSS5.2AI score0.00196EPSS

CVE•added 4 days ago•11 views

CVE-2025-64215

CVE-2025-64215 affects WordPress MasterStudy LMS Pro (StylemixThemes) prior to 4.7.16. The issue is a Missing Authorization vulnerability causing Broken Access Control by allowing access to functionality not properly constrained by ACLs. The publicly cited source (Patchstack) lists the vulnerabil...

6.5CVSS5.3AI score0.00196EPSS

Cvelist•added 4 days ago•34 views

CVE-2026-49064 WordPress GetPaid plugin <= 2.8.49 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Stiofan GetPaid allows Retrieve Embedded Sensitive Data. This issue affects GetPaid: from n/a through 2.8.49...

7.5CVSS0.00245EPSS

Vulnrichment•added 4 days ago•4 views

CVE-2026-49064 WordPress GetPaid plugin <= 2.8.49 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Stiofan GetPaid allows Retrieve Embedded Sensitive Data. This issue affects GetPaid: from n/a through 2.8.49...

7.5CVSS5.2AI score0.00245EPSS

CVE•added 4 days ago•16 views

CVE-2026-49064

CVE-2026-49064 affects WordPress GetPaid plugin versions

7.5CVSS5.3AI score0.00245EPSS

Cvelist•added 4 days ago•35 views

CVE-2026-48969 WordPress Really Simple SSL plugin <= 9.5.9 - Broken Access Control vulnerability

Subscriber Broken Access Control in Really Simple SSL = 9.5.9 versions...

6.5CVSS0.00223EPSS

CVE•added 4 days ago•14 views

CVE-2026-48969

CVE-2026-48969 describes a Broken Access Control vulnerability in the WordPress plugin Really Simple SSL prior to or equal to version 9.5.9 . The initial description and connected records confirm the affected product and version range; the CVSS metrics indicate a Network attack vector with Low pr...

6.5CVSS5.2AI score0.00223EPSS

In wildExploits0References1

Vulnrichment•added 4 days ago•5 views

CVE-2026-49111 WordPress Masteriyo - LMS plugin <= 2.2.0 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation. This issue affects Masteriyo - LMS: from n/a through 2.2.0...

8.8CVSS5.2AI score0.00245EPSS

Cvelist•added 4 days ago•30 views

CVE-2026-49111 WordPress Masteriyo - LMS plugin <= 2.2.0 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation. This issue affects Masteriyo - LMS: from n/a through 2.2.0...

8.8CVSS0.00245EPSS