CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

264077 matches found

Patchstack•added 2026/05/27 1:44 p.m.•9 views

WordPress Gamic theme <= 1.15 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Gamic versions = 1.15...

8.1CVSS5.8AI score0.00435EPSS

Exploits0Affected Software1

Vulnrichment•added 2026/05/27 1:20 p.m.•11 views

CVE-2026-48972 WordPress SeedProd Pro plugin < 6.19.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in SeedProd LLC SeedProd Pro allows PHP Local File Inclusion. This issue affects SeedProd Pro: from n/a before 6.19.5...

7.5CVSS5.8AI score0.00309EPSS

Exploits0References1

Cvelist•added 2026/05/27 1:20 p.m.•38 views

CVE-2026-48972 WordPress SeedProd Pro plugin < 6.19.5 - Local File Inclusion vulnerability

7.5CVSS0.00309EPSS

Exploits0References1

CVE•added 2026/05/27 1:20 p.m.•18 views

CVE-2026-48972

SeedProd Pro for WordPress is affected by a Local File Inclusion vulnerability (CVE-2026-48972) due to improper control of filename for include/require in PHP. Affected product/version: SeedProd Pro before 6.19.5. The underlying issue allows PHP Local File Inclusion, as described in multiple sour...

7.5CVSS5.8AI score0.00309EPSS

Exploits0References1

Patchstack•added 2026/05/27 1:18 p.m.•9 views

WordPress SeedProd Pro plugin < 6.19.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin SeedProd Pro versions 6.19.5...

7.5CVSS5.8AI score0.00309EPSS

Exploits0Affected Software1

Cvelist•added 2026/05/27 11:53 a.m.•35 views

CVE-2026-48971 WordPress Product Import Export for WooCommerce plugin <= 2.5.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in WebToffee Product Import Export for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product Import Export for WooCommerce: from n/a through 2.5.6...

4.3CVSS0.00231EPSS

Exploits0References1

Vulnrichment•added 2026/05/27 11:53 a.m.•9 views

CVE-2026-48971 WordPress Product Import Export for WooCommerce plugin <= 2.5.6 - Broken Access Control vulnerability

4.3CVSS5.8AI score0.00231EPSS

Exploits0References1

CVE•added 2026/05/27 11:53 a.m.•21 views

CVE-2026-48971

CVE-2026-48971 affects the WordPress plugin WordPress Product Import Export for WooCommerce (WebToffee) up to version 2.5.6. The issue is a Missing Authorization/Broken Access Control vulnerability due to incorrectly configured access control levels, enabling an attacker to exploit over the netwo...

4.3CVSS5.8AI score0.00231EPSS

Exploits0References1

Patchstack•added 2026/05/27 11:52 a.m.•9 views

WordPress Product Import Export for WooCommerce plugin <= 2.5.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Product Import Export for WooCommerce versions = 2.5.6...

4.3CVSS5.8AI score0.00231EPSS

Exploits0Affected Software1

NVD•added 2026/05/27 11:16 a.m.•7 views

CVE-2026-3349

The MinhNhut Link Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter on the redirect page in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

6.1CVSS0.00256EPSS

Exploits0References3

NVD•added 2026/05/27 11:16 a.m.•11 views

CVE-2026-3348

The MinhNhut Link Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings Description, Title, and other fields in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

4.4CVSS0.00237EPSS

Exploits0References3

NVD•added 2026/05/27 11:16 a.m.•12 views

CVE-2026-42726

Missing Authorization vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AWP Classifieds: from n/a through = 4.4.5...

6.5CVSS0.00242EPSS

Exploits0References1

NVD•added 2026/05/27 11:16 a.m.•10 views

CVE-2026-2280

The rexCrawler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.8CVSS0.0023EPSS

Exploits0References5

NVD•added 2026/05/27 11:16 a.m.•10 views

CVE-2026-2288

The myLinksDump plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'linktitle' parameter in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access...

4.8CVSS0.0023EPSS

Exploits0References5

NVD•added 2026/05/27 11:16 a.m.•11 views

CVE-2025-0898

The Xpro Elementor Addons - Pro plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 1.4.7 via the Draw SVG widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on...

6.5CVSS0.00281EPSS

Exploits0References2

Patchstack•added 2026/05/27 10:58 a.m.•12 views

WordPress Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder plugin <= 3.4.7 - Missing Authorization to Authenticated (Subscriber+) Email Sending vulnerability

Missing Authorization to Authenticated Subscriber+ Email Sending vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Plugin Everest Forms versions = 3.4.7...

4.3CVSS5.8AI score0.00275EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/05/27 9:49 a.m.•33 views

CVE-2026-42762 WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows DOM-Based XSS.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through = 1.8.9...

7.1CVSS0.00142EPSS

Exploits0References1

Vulnrichment•added 2026/05/27 9:49 a.m.•8 views

CVE-2026-42762 WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.9 - Cross Site Scripting (XSS) vulnerability

7.1CVSS5.8AI score0.00142EPSS

Exploits0References1

Cvelist•added 2026/05/27 9:49 a.m.•32 views

CVE-2026-42761 WordPress Active Products Tables for WooCommerce plugin <= 1.0.9 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows Blind SQL Injection.This issue affects Active Products Tables for WooCommerce: from n/a through = 1.0...

9.3CVSS0.00229EPSS

Exploits0References1

Vulnrichment•added 2026/05/27 9:49 a.m.•8 views

CVE-2026-42761 WordPress Active Products Tables for WooCommerce plugin <= 1.0.9 - SQL Injection vulnerability

9.3CVSS5.8AI score0.00229EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by