Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

263657 matches found

ATTACKERKB
ATTACKERKBadded 2026/06/02 6:30 p.m.12 views

CVE-2026-5076

The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of the password reset key in the armresetpasswordkey user meta field when a user requests a password reset. This is in...

9.8CVSS5.9AI score0.01383EPSS
Exploits3References3
Cvelist
Cvelistadded 2026/06/02 5:28 p.m.32 views

CVE-2026-1829 Content Visibility for Divi Builder <= 4.02 - Authenticated (Contributor+) Remote Code Execution

The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.02 via the 'etpbtext' shortcode 'cvdbcontentvisibilitycheck' parameter. This makes it possible for authenticated attackers, with Contributor-level access and...

8.8CVSS0.00682EPSS
Exploits0References3
EUVD
EUVDadded 2026/06/02 5:28 p.m.9 views

EUVD-2026-33993

The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.02 via the 'etpbtext' shortcode 'cvdbcontentvisibilitycheck' parameter. This makes it possible for authenticated attackers, with Contributor-level access and...

8.8CVSS6.1AI score0.00682EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/06/02 5:28 p.m.6 views

CVE-2026-1829

The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.02 via the 'etpbtext' shortcode 'cvdbcontentvisibilitycheck' parameter. This makes it possible for authenticated attackers, with Contributor-level access and...

8.8CVSS6.1AI score0.00682EPSS
Exploits0References4
Patchstack
Patchstackadded 2026/06/02 4:51 p.m.26 views

WordPress Sunshine Photo Cart plugin <= 3.6.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Sunshine Photo Cart versions = 3.6.7...

6.3CVSS5.8AI score0.00202EPSS
Exploits0Affected Software1
Wordfence Blog
Wordfence Blogadded 2026/06/02 4:36 p.m.10 views

Attackers Actively Exploiting Critical Vulnerability in Burst Statistics Plugin

On May 13th, 2026, we publicly disclosed a critical Authentication Bypass vulnerability in Burst Statistics, a WordPress plugin with 200,000 active installations. This vulnerability can be leveraged by unauthenticated attackers, with knowledge of an administrator username, to impersonate that...

9.8CVSS5.8AI score0.14608EPSS
Exploits10
Vulnrichment
Vulnrichmentadded 2026/06/02 3:7 p.m.10 views

CVE-2026-40780 WordPress BookIt plugin < 2.5.4.1 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Liquid Web / StellarWP BookIt allows Password Recovery Exploitation. This issue affects BookIt: from n/a before 2.5.4.1...

7.5CVSS5.8AI score0.00267EPSS
Exploits0References1
CVE
CVEadded 2026/06/02 3:7 p.m.10 views

CVE-2026-40780

CVE-2026-40780 (WordPress BookIt plugin) : Affected product is the BookIt plugin (Liquid Web / StellarWP) for WordPress. The vulnerability is a broken authentication/password-recovery bypass via an alternate path or channel, enabling password recovery exploitation. Affects BookIt versions prior t...

7.5CVSS5.8AI score0.00267EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/06/02 3:7 p.m.37 views

CVE-2026-40780 WordPress BookIt plugin < 2.5.4.1 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Liquid Web / StellarWP BookIt allows Password Recovery Exploitation. This issue affects BookIt: from n/a before 2.5.4.1...

7.5CVSS0.00267EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/06/02 2:48 p.m.8 views

CVE-2026-42654 WordPress Wallet System for WooCommerce plugin <= 2.7.5 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Swings Wallet System for WooCommerce allows Password Recovery Exploitation. This issue affects Wallet System for WooCommerce: from n/a through 2.7.5...

7.1CVSS5.8AI score0.00207EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/06/02 2:48 p.m.33 views

CVE-2026-42654 WordPress Wallet System for WooCommerce plugin <= 2.7.5 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Swings Wallet System for WooCommerce allows Password Recovery Exploitation. This issue affects Wallet System for WooCommerce: from n/a through 2.7.5...

7.1CVSS0.00207EPSS
Exploits0References1
Patchstack
Patchstackadded 2026/06/02 2:40 p.m.7 views

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Mukhlis Amien in WordPress Plugin ELEX WordPress HelpDesk & Customer Ticketing System versions = 3.3.6...

8.5CVSS5.9AI score0.00332EPSS
Exploits0Affected Software1
Patchstack
Patchstackadded 2026/06/02 2:33 p.m.7 views

WordPress JS Help Desk plugin <= 3.0.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nvz in WordPress Plugin JS Help Desk versions = 3.0.9...

6.5CVSS5.8AI score0.00235EPSS
Exploits0Affected Software1
Patchstack
Patchstackadded 2026/06/02 2:25 p.m.7 views

WordPress JS Help Desk plugin <= 3.0.9 - SQL Injection vulnerability

SQL Injection vulnerability discovered by sequenceX0 in WordPress Plugin JS Help Desk versions = 3.0.9...

9.3CVSS5.9AI score0.00283EPSS
Exploits0Affected Software1
Patchstack
Patchstackadded 2026/06/02 2:18 p.m.5 views

WordPress HollerBox plugin <= 2.3.10.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by she11f in WordPress Plugin HollerBox versions = 2.3.10.1...

7.1CVSS5.8AI score0.00175EPSS
Exploits0Affected Software1
Patchstack
Patchstackadded 2026/06/02 2:15 p.m.6 views

WordPress TrueBooker plugin <= 1.1.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Vincent Sevkli in WordPress Plugin TrueBooker versions = 1.1.9...

9.1CVSS5.8AI score0.00278EPSS
Exploits0Affected Software1
Patchstack
Patchstackadded 2026/06/02 2:13 p.m.7 views

WordPress WP Time Slots Booking Form plugin <= 1.2.50 - SQL Injection vulnerability

SQL Injection vulnerability discovered by xwii in WordPress Plugin WP Time Slots Booking Form versions = 1.2.50...

8.5CVSS5.9AI score0.00332EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichmentadded 2026/06/02 2:3 p.m.9 views

CVE-2026-49782 WordPress Elementor Website Builder plugin <= 4.1.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Elementor Elementor Website Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Elementor Website Builder: from n/a through 4.1.0...

5.4CVSS5.8AI score0.00145EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/06/02 2:3 p.m.41 views

CVE-2026-49782 WordPress Elementor Website Builder plugin <= 4.1.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Elementor Elementor Website Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Elementor Website Builder: from n/a through 4.1.0...

5.4CVSS0.00145EPSS
Exploits0References1
CVE
CVEadded 2026/06/02 2:3 p.m.105 views

CVE-2026-49782

CVE-2026-49782 concerns the WordPress Elementor Website Builder plugin (

5.4CVSS5.8AI score0.00145EPSS
Exploits0References1
Rows per page
Query Builder