CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

263203 matches found

Patchstack•added 2026/06/09 9:46 a.m.•10 views

WordPress Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More plugin <= 1.0.15 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by PeterPatter - - in WordPress Plugin Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More versions = 1.0.15...

7.2CVSS5.5AI score0.00292EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/06/09 9:39 a.m.•9 views

WordPress Advanced Google reCAPTCHA plugin <= 5.38 - Authenticated (Subscriber+) Authentication Bypass vulnerability

Authenticated Subscriber+ Authentication Bypass vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin Advanced Google reCAPTCHA versions = 5.38...

8.8CVSS5.5AI score0.00335EPSS

Exploits1References1Affected Software1

CVE•added 2026/06/09 9:28 a.m.•17 views

CVE-2026-4058

The CVE-2026-4058 entry concerns the WordPress plugin “User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration”. A missing capability check in user_subscription_cancel() across all versions up to 4.3.2 allows authenticated users with Subscriber-level ac...

4.3CVSS5.5AI score0.00165EPSS

Exploits0References2

EUVD•added 2026/06/09 9:28 a.m.•9 views

EUVD-2026-35388

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the usersubscriptioncancel function in all versions up to, and including, 4.3.2. Thi...

4.3CVSS5.5AI score0.00165EPSS

Exploits0References2

Cvelist•added 2026/06/09 9:28 a.m.•36 views

CVE-2026-4058 User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.3.2 - Missing Authorization to Authenticated (Subscriber+) Subscription Pack Cancellation

4.3CVSS0.00165EPSS

Exploits0References2

Vulnrichment•added 2026/06/09 9:28 a.m.•6 views

4.3CVSS5.5AI score0.00165EPSS

Exploits0References2

Patchstack•added 2026/06/09 9:25 a.m.•6 views

WordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.4 - Unauthenticated Authentication Bypass to Administrator Account Takeover vulnerability

Unauthenticated Authentication Bypass to Administrator Account Takeover vulnerability discovered by Mitchell in WordPress Plugin Hippoo Mobile App for WooCommerce versions = 1.9.4...

9.8CVSS5.5AI score0.01791EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/06/09 9:22 a.m.•7 views

WordPress WP User Manager – User Profile Builder & Membership plugin <= 2.9.17 - Unauthenticated Path Traversal to Local File Inclusion vulnerability

Unauthenticated Path Traversal to Local File Inclusion vulnerability discovered by Yat in WordPress Plugin WP User Manager versions = 2.9.17...

7.5CVSS5.5AI score0.01862EPSS

Exploits0References1Affected Software1

NVD•added 2026/06/09 9:16 a.m.•7 views

CVE-2026-7542

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions 7.0 to 7.0.10. This is due to three compounding design flaws: 1 the plugin leaks a valid backend AJAX nonce revslideractions to all authenticated users including Subscribers via the adminfoote...

6.5CVSS0.00271EPSS

Exploits0References2

NVD•added 2026/06/09 9:16 a.m.•10 views

CVE-2026-11616

The Events Calendar for GeoDirectory plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 2.3.28. This is due to the ajaxayiaction handler only applying striptagsescsql — with no allow-list — to the attacker-controlled $POST'type' and $POST'postid' values...

8.8CVSS0.00304EPSS

Exploits0References4

Patchstack•added 2026/06/09 9:16 a.m.•6 views

WordPress 6Storage Rentals plugin <= 2.26.0 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by g0wthr in WordPress Plugin 6Storage Rentals versions = 2.26.0...

7.5CVSS5.2AI score0.00403EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/06/09 9:11 a.m.•8 views

WordPress Advanced Google reCAPTCHA plugin <= 5.38 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by h0xilo in WordPress Plugin Advanced Google reCAPTCHA versions = 5.38...

8.8CVSS5.5AI score0.00462EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/06/09 9:4 a.m.•10 views

WordPress Events Calendar for GeoDirectory plugin <= 2.3.28 - Authenticated (Subscriber+) Privilege Escalation vulnerability

Authenticated Subscriber+ Privilege Escalation vulnerability discovered by Mitchell in WordPress Plugin Events Calendar for GeoDirectory versions = 2.3.28...

8.8CVSS5.4AI score0.00304EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/06/09 9:0 a.m.•9 views

WordPress Recover Exit For WooCommerce plugin <= 1.0.3 - Unauthenticated Local File Inclusion vulnerability

Unauthenticated Local File Inclusion vulnerability discovered by hacnho - VCCorp in WordPress Plugin Recover Exit For WooCommerce versions = 1.0.3...

8.1CVSS5.4AI score0.00551EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/06/09 8:29 a.m.•34 views

CVE-2026-8677 Prime Elementor Addons <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget HTML Tag Settings

The Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Widget HTML Tag Settings in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS0.00262EPSS

Exploits0References16

Vulnrichment•added 2026/06/09 7:49 a.m.•4 views

CVE-2026-7542 Slider Revolution 7.0 - 7.0.10 - Authenticated (Subscriber+) Sensitive Information Disclosure

6.5CVSS5.3AI score0.00271EPSS

Exploits0References2

Vulnrichment•added 2026/06/09 7:49 a.m.•6 views

CVE-2026-8599 MailerPress <= 2.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via Campaign HTML Content Field

The MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Campaign HTML Content Field in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping. This makes...

6.4CVSS5.7AI score0.00252EPSS

Exploits0References11

EUVD•added 2026/06/09 7:49 a.m.•9 views

EUVD-2026-35377

6.4CVSS5.7AI score0.00252EPSS

Exploits0References11

Cvelist•added 2026/06/09 7:49 a.m.•34 views

CVE-2026-7542 Slider Revolution 7.0 - 7.0.10 - Authenticated (Subscriber+) Sensitive Information Disclosure

6.5CVSS0.00271EPSS

Exploits0References2

CVE•added 2026/06/09 7:49 a.m.•23 views

CVE-2026-7542

The CVE-2026-7542 issue affects the Slider Revolution WordPress plugin (versions up to 7.0.10). The vulnerability arises from three design flaws that enable Sensitive Information Disclosure: (1) a valid backend AJAX nonce (revslider_actions) is leaked to all authenticated users via the admin_foot...

6.5CVSS5.3AI score0.00271EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by