CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

263146 matches found

Cvelist•added 2 days ago•21 views

CVE-2026-52712 WordPress Attendance Manager plugin <= 0.6.2 - SQL Injection vulnerability

Subscriber SQL Injection in Attendance Manager = 0.6.2 versions...

7.6CVSS0.00235EPSS

Exploits0References1

Cvelist•added 2 days ago•25 views

CVE-2026-52711 WordPress WooCommerce POS plugin <= 1.8.14 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in WooCommerce POS = 1.8.14 versions...

7.5CVSS0.00232EPSS

Exploits0References1

EUVD•added 2 days ago•4 views

EUVD-2026-37047

Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic = 1.1.4 versions...

8.5CVSS5.8AI score0.0027EPSS

Exploits0References1

CVE•added 2 days ago•4 views

CVE-2026-39581

CVE-2026-39581 documents a SQL Injection in the WordPress plugin WP Sessions Time Monitoring Full Automatic for versions

8.5CVSS5.7AI score0.0027EPSS

Exploits0References1

Cvelist•added 2 days ago•24 views

CVE-2026-39581 WordPress WP Sessions Time Monitoring Full Automatic plugin <= 1.1.4 - SQL Injection vulnerability

Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic = 1.1.4 versions...

8.5CVSS0.0027EPSS

Exploits0References1

Cvelist•added 2 days ago•25 views

CVE-2026-39490 WordPress JupiterX Core plugin <= 4.14.1 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in JupiterX Core = 4.14.1 versions...

7.5CVSS0.00305EPSS

Exploits0References1

EUVD•added 2 days ago•4 views

EUVD-2025-210166

Unauthenticated Broken Access Control in WP Event SOlution = 4.1.12 versions...

7.5CVSS5.2AI score0.00232EPSS

Exploits0References1

Cvelist•added 2 days ago•22 views

CVE-2025-68045 WordPress WP Event SOlution plugin <= 4.1.12 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in WP Event SOlution = 4.1.12 versions...

7.5CVSS0.00232EPSS

Exploits0References1

CVE•added 2 days ago•5 views

CVE-2025-68045

CVE-2025-68045 concerns the WordPress WP Event Solution plugin, affected versions

7.5CVSS5.1AI score0.00232EPSS

Exploits0References1

Patchstack•added 2 days ago•4 views

WordPress WP Review Slider Pro plugin <= 12.6.8 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by h0xilo in WordPress Plugin WP Review Slider Pro versions = 12.6.8...

8.8CVSS5.8AI score0.00253EPSS

Exploits0References1Affected Software1

Patchstack•added 2 days ago•7 views

WordPress WP Review Slider Pro plugin <= 12.6.8 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by h0xilo in WordPress Plugin WP Review Slider Pro versions = 12.6.8...

8.8CVSS5.8AI score0.00253EPSS

Exploits0References1Affected Software1

Patchstack•added 2 days ago•4 views

WordPress WP Review Slider Pro plugin <= 12.6.8 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by h0xilo in WordPress Plugin WP Review Slider Pro versions = 12.6.8...

8.1CVSS5.2AI score0.00516EPSS

Exploits0References1Affected Software1

NVD•added 2 days ago•8 views

CVE-2026-8444

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs' parameter of the wpfbfindreviews AJAX action in versions up to, and including, 12.6.8. This is due to the handler reading $POST'curselrevs' raw with no sanitization or type casting, then concatenatin...

8.8CVSS0.00253EPSS

Exploits0References2

NVD•added 2 days ago•7 views

CVE-2026-10093

The File Sharing & Download Manager – User Private Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fldrttl' parameter in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00235EPSS

Exploits0References9

Cvelist•added 2 days ago•30 views

CVE-2026-10093 File Sharing & Download Manager <= 2.1.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'fldr_ttl' Parameter

6.4CVSS0.00235EPSS

Exploits0References9

Nuclei•added 2 days ago•109 views

Unauthenticated Remote Code Execution – Bricks <= 1.9.6

Bricks Builder is a popular WordPress development theme with approximately 25,000 active installations. It provides an intuitive drag-and-drop interface for designing and building WordPress websites. Bricks = 1.9.6 is vulnerable to unauthenticated remote code execution RCE which means that anybod...

10CVSS9.5AI score0.87452EPSS

Exploits16References5

Nuclei•added 2 days ago•11 views

WordPress Sexy Contact Form (<= 0.9.7) - Arbitrary File Upload

Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form formerly Sexy Contact Form before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute...

9.8CVSS9.1AI score0.91656EPSS

Exploits2References5

Nuclei•added 2 days ago•46 views

WordPress PHPMailer < 5.2.18 - Remote Code Execution

WordPress PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " backslash double quote in a crafted Sender property in isMail transport. id: CVE-2016-10033 info: name: WordPress PHPMailer 5.2.18 - Remote...

9.8CVSS8AI score0.99714EPSS

Exploits58References5

Nuclei•added 2 days ago•133 views

GiveWP - PHP Object Injection

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'givetitle' parameter. id: CVE-2024-5932 info: name: GiveWP - PHP Object Injection author:...

10CVSS8.8AI score0.74427EPSS

Exploits11References7

Nuclei•added 2 days ago•435 views

WordPress Automatic Plugin <= 3.92.0 - SQL Injection

The Automatic plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.92.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append...

9.9CVSS9.1AI score0.93971EPSS

Exploits16References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by