CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Name of the Vulnerable Software and Affected Versions WP Meta Sort Posts versions prior to 1.0 Description The WP Meta Sort Posts plugin for WordPress is subject to Cross-Site Request Forgery CSRF, a type of attack where an unauthorized user tricks a victim into performing actions they did not...

4.3CVSS5.2AI score0.00128EPSS

Exploits0References10

CNNVD•added 2026/06/04 12:0 a.m.•3 views

WordPress plugin Google Review Slider SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.8CVSS5.8AI score0.00262EPSS

Exploits0References3

CNNVD•added 2026/06/04 12:0 a.m.•4 views

WordPress plugin Soliloquy Lite 跨站脚本漏洞

5.4CVSS5.2AI score0.00171EPSS

Exploits0References4

CNNVD•added 2026/06/04 12:0 a.m.•4 views

wordpress plugin Contact Form 路径遍历漏洞

5.1CVSS5.4AI score0.00887EPSS

Exploits0References4

CNNVD•added 2026/06/04 12:0 a.m.•4 views

WordPress plugin Zoner Real Estate 跨站脚本漏洞

5.4CVSS5.2AI score0.00171EPSS

Exploits0References4

CNNVD•added 2026/06/04 12:0 a.m.•4 views

WordPress plugin Live Chat Unlimited 跨站脚本漏洞

6.1CVSS5.2AI score0.00211EPSS

Exploits0References4

CNNVD•added 2026/06/04 12:0 a.m.•5 views

WordPress plugin Hybrid Composer 访问控制错误漏洞

9.8CVSS5.4AI score0.00347EPSS

Exploits0References5

Positive Technologies•added 2026/06/04 12:0 a.m.•15 views

PT-2026-46333

Unauthenticated Local File Inclusion in Iona = 1.0.8 versions...

8.1CVSS5.2AI score0.00435EPSS

Exploits0References3

Positive Technologies•added 2026/06/04 12:0 a.m.•9 views

PT-2026-46343

Unauthenticated PHP Object Injection in Plumbing = 1.6 versions...

9.8CVSS5.3AI score0.00386EPSS

Exploits0References2

Positive Technologies•added 2026/06/04 12:0 a.m.•13 views

PT-2026-46129

The MasterStudy LMS Pro Plus plugin for WordPress is vulnerable to generic SQL Injection via the 'columns' parameter in all versions up to, and including, 4.8.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS5.9AI score0.00217EPSS

Exploits0References3

VulnCheck KEV•added 2026/06/04 12:0 a.m.•11 views

VulnCheck KEV: CVE-2026-5073

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'armdirectorypagingaction' AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient escaping on the user-supplied 'order' and 'orderby' parameters and the lack of...

7.5CVSS5.7AI score0.01383EPSS

In wildExploits1References2

CNNVD•added 2026/06/04 12:0 a.m.•6 views

WordPress plugin eMember 安全漏洞

5.3CVSS5.5AI score0.00192EPSS

Exploits0References1

CNNVD•added 2026/06/04 12:0 a.m.•4 views

WordPress plugin SP Project & Document Manager 安全漏洞

7.5CVSS5.5AI score0.003EPSS

Exploits0References4

CNNVD•added 2026/06/04 12:0 a.m.•5 views

WordPress plugin Photo Gallery by 10Web SQL注入漏洞