CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

263192 matches found

Cvelist•added 5 days ago•22 views

CVE-2026-34898 WordPress Event Tickets Manager for WooCommerce plugin <= 1.5.3 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Event Tickets Manager for WooCommerce = 1.5.3 versions...

7.5CVSS0.00246EPSS

Exploits0References1

Cvelist•added 5 days ago•25 views

CVE-2026-34900 WordPress GiveWP plugin <= 4.14.2 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in GiveWP = 4.14.2 versions...

7.1CVSS0.00175EPSS

Exploits0References1

CVE•added 5 days ago•4 views

CVE-2026-34898

The CVE-2026-34898 entry concerns the WordPress plugin “Event Tickets Manager for WooCommerce” (versions <= 1.5.3). It describes Unauthenticated Broken Access Control, with CVSS v3.1 base metrics: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N, base score 7.5 (HIGH). The vulnerability impacts integrity (...

7.5CVSS5.1AI score0.00246EPSS

Exploits0References1

CVE•added 5 days ago•9 views

CVE-2026-34900

CVE-2026-34900 concerns the WordPress GiveWP plugin up to version 4.14.2, with an Unauthenticated Reflected Cross Site Scripting (XSS) vulnerability reported. The connected Patchstack entry confirms the affected product and vulnerability type (Reflected XSS) but does not provide specific exploit ...

7.1CVSS5.1AI score0.00175EPSS

Exploits0References1

Cvelist•added 5 days ago•22 views

CVE-2026-34892 WordPress Rank Math SEO plugin <= 1.0.271 - Broken Access Control vulnerability

Subscriber Broken Access Control in Rank Math SEO = 1.0.271 versions...

6.5CVSS0.00271EPSS

Exploits0References1

CVE•added 5 days ago•6 views

CVE-2026-34892

The CVE-2026-34892 entry describes a Broken Access Control vulnerability in the WordPress Rank Math SEO plugin (versions

6.5CVSS5.1AI score0.00271EPSS

Exploits0References1

CVE•added 5 days ago•7 views

CVE-2026-34886

The CVE-2026-34886 entry affects WordPress WordPress Simple Membership plugin versions

7.5CVSS5.1AI score0.00251EPSS

Exploits0References1

Cvelist•added 5 days ago•24 views

CVE-2026-34886 WordPress Simple Membership plugin <= 4.7.1 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Simple Membership = 4.7.1 versions...

7.5CVSS0.00251EPSS

Exploits0References1

Cvelist•added 5 days ago•22 views

CVE-2026-34891 WordPress IDPay Payment Gateway for Woocommerce plugin <= 2.2.5 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in IDPay Payment Gateway for Woocommerce = 2.2.5 versions...

7.5CVSS0.00303EPSS

Exploits0References1

Vulnrichment•added 5 days ago•5 views

CVE-2026-34886 WordPress Simple Membership plugin <= 4.7.1 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Simple Membership = 4.7.1 versions...

7.5CVSS5.2AI score0.00251EPSS

Exploits0References1

CVE•added 5 days ago•9 views

CVE-2026-34891

CVE-2026-34891 concerns the WordPress IDPay Payment Gateway for WooCommerce plugin (

7.5CVSS5.2AI score0.00303EPSS

Exploits0References1

Cvelist•added 5 days ago•24 views

CVE-2026-27407 WordPress AI Engine plugin <= 3.4.9 - Privilege Escalation vulnerability

Editor Privilege Escalation in AI Engine = 3.4.9 versions...

7.2CVSS0.00503EPSS

Exploits0References1

CVE•added 5 days ago•16 views

CVE-2026-27407

CVE-2026-27407 concerns the WordPress AI Engine plugin, affected versions

7.2CVSS5.2AI score0.00503EPSS

Exploits0References1

CVE•added 5 days ago•9 views

CVE-2026-27089

WPTravelly plugin for WordPress, versions

7.5CVSS5.2AI score0.00267EPSS

Exploits0References1

CVE•added 5 days ago•11 views

CVE-2026-27333

The CVE concerns the WordPress plugin “Paid Videochat Turnkey Site” (versions

8.1CVSS5.2AI score0.00317EPSS

Exploits0References1

Cvelist•added 5 days ago•22 views

CVE-2026-27089 WordPress WpTravelly plugin <= 2.1.7 - Bypass Vulnerability vulnerability

Unauthenticated Bypass Vulnerability in WpTravelly = 2.1.7 versions...

7.5CVSS0.00267EPSS

Exploits0References1

Cvelist•added 5 days ago•26 views

CVE-2026-27333 WordPress Paid Videochat Turnkey Site plugin <= 7.3.23 - Deserialization of untrusted data vulnerability

Unauthenticated Deserialization of untrusted data in Paid Videochat Turnkey Site = 7.3.23 versions...

8.1CVSS0.00317EPSS

Exploits0References1

CVE•added 5 days ago•15 views

CVE-2026-27053

The CVE concerns WordPress plugin Broadcast Live Video (versions

9.8CVSS5.3AI score0.00386EPSS

Exploits0References1

Cvelist•added 5 days ago•19 views

CVE-2026-27053 WordPress Broadcast Live Video plugin < 7.1.3 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Broadcast Live Video 7.1.3 versions...

9.8CVSS0.00386EPSS

Exploits0References1

CVE•added 5 days ago•5 views

CVE-2026-25440

The CVE-2026-25440 entry concerns the WordPress plugin “Essential Addons for Elementor” (Lite) versions prior to 6.6.0, which contains an Unauthenticated Broken Access Control vulnerability. The issue is triggered in versions <6.6.0 and can be exploited without authentication, with no user int...

5.3CVSS5.1AI score0.00214EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by