CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

263201 matches found

CVE-2016-20075

WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields functionality. Attackers can upload PHP shells through the...

8.8CVSS0.00327EPSS

Exploits0References3

NVD•added 5 days ago•5 views

CVE-2016-20069

WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode function that fails to sanitize the calendar parameter before using it in database queries. Attackers can inject SQL commands through the calendar shortcode parameter to...

8.8CVSS0.0024EPSS

Exploits0References3

NVD•added 5 days ago•6 views

CVE-2016-20067

WordPress CP Polls 1.0.8 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML pages that execute unwanted poll operations when administrators visit the page while logged in...

5.3CVSS0.00116EPSS

Exploits0References2

NVD•added 5 days ago•6 views

CVE-2016-20068

WordPress Booking Calendar Contact Form version 1.0.23 contains an unauthenticated blind SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send requests to the admin-ajax.php endpoint wit...

8.8CVSS0.00302EPSS

Exploits0References3

NVD•added 5 days ago•6 views

CVE-2016-20066

WordPress CP Polls 1.0.8 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unsanitized file upload functionality. Attackers can upload files containing script payloads with event handlers like onerror attributes to execute arbitrary...

7.2CVSS0.00192EPSS

Exploits0References2

Patchstack•added 5 days ago•4 views

WordPress JetEngine plugin <= 3.8.10.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by VanTastic in WordPress Plugin JetEngine versions = 3.8.10.1...

9.3CVSS5.8AI score0.00291EPSS

Exploits0Affected Software1

Cvelist•added 5 days ago•33 views

CVE-2025-64215 WordPress MasterStudy LMS Pro plugin < 4.7.16 - Broken Access Control vulnerability

Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects MasterStudy LMS Pro: from n/a before 4.7.16...

6.5CVSS0.00196EPSS

Exploits0References1

Vulnrichment•added 5 days ago•4 views

CVE-2025-64215 WordPress MasterStudy LMS Pro plugin < 4.7.16 - Broken Access Control vulnerability

6.5CVSS5.2AI score0.00196EPSS

Exploits0References1

CVE•added 5 days ago•11 views

CVE-2025-64215

CVE-2025-64215 affects WordPress MasterStudy LMS Pro (StylemixThemes) prior to 4.7.16. The issue is a Missing Authorization vulnerability causing Broken Access Control by allowing access to functionality not properly constrained by ACLs. The publicly cited source (Patchstack) lists the vulnerabil...

6.5CVSS5.3AI score0.00196EPSS

Exploits0References1

Vulnrichment•added 5 days ago•5 views

CVE-2026-49064 WordPress GetPaid plugin <= 2.8.49 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Stiofan GetPaid allows Retrieve Embedded Sensitive Data. This issue affects GetPaid: from n/a through 2.8.49...

7.5CVSS5.2AI score0.00245EPSS

Exploits0References1

Cvelist•added 5 days ago•34 views

CVE-2026-49064 WordPress GetPaid plugin <= 2.8.49 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Stiofan GetPaid allows Retrieve Embedded Sensitive Data. This issue affects GetPaid: from n/a through 2.8.49...

7.5CVSS0.00245EPSS

Exploits0References1

CVE•added 5 days ago•17 views

CVE-2026-49064

CVE-2026-49064 affects WordPress GetPaid plugin versions

7.5CVSS5.3AI score0.00245EPSS

Exploits0References1

Cvelist•added 5 days ago•35 views

CVE-2026-48969 WordPress Really Simple SSL plugin <= 9.5.9 - Broken Access Control vulnerability

Subscriber Broken Access Control in Really Simple SSL = 9.5.9 versions...

6.5CVSS0.00223EPSS

Exploits0References1

CVE•added 5 days ago•14 views

CVE-2026-48969

CVE-2026-48969 describes a Broken Access Control vulnerability in the WordPress plugin Really Simple SSL prior to or equal to version 9.5.9 . The initial description and connected records confirm the affected product and version range; the CVSS metrics indicate a Network attack vector with Low pr...

6.5CVSS5.2AI score0.00223EPSS

In wildExploits0References1

Vulnrichment•added 5 days ago•5 views

CVE-2026-49111 WordPress Masteriyo - LMS plugin <= 2.2.0 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation. This issue affects Masteriyo - LMS: from n/a through 2.2.0...

8.8CVSS5.2AI score0.00245EPSS

Exploits0References1

Cvelist•added 5 days ago•30 views

CVE-2026-49111 WordPress Masteriyo - LMS plugin <= 2.2.0 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation. This issue affects Masteriyo - LMS: from n/a through 2.2.0...

8.8CVSS0.00245EPSS

Exploits0References1

CVE•added 5 days ago•14 views

CVE-2026-49111

The CVE covers WordPress Masteriyo LMS plugin versions up to 2.2.0 with an Incorrect Privilege Assignment vulnerability that enables Privilege Escalation. Affected component: Masteriyo LMS plugin. Root cause: incorrect privilege handling within the plugin. Impact: HIGH (CVSS 3.1, base score 8.8; ...

8.8CVSS5.3AI score0.00245EPSS

Exploits0References1

Vulnrichment•added 5 days ago•5 views

CVE-2026-49062 WordPress Faust.js plugin <= 1.8.7 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Engine Faust.Js allows Password Recovery Exploitation. This issue affects Faust.Js: from n/a through 1.8.7...

8.8CVSS5.2AI score0.00299EPSS

Exploits0References1

Cvelist•added 5 days ago•32 views

CVE-2026-49062 WordPress Faust.js plugin <= 1.8.7 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Engine Faust.Js allows Password Recovery Exploitation. This issue affects Faust.Js: from n/a through 1.8.7...

8.8CVSS0.00299EPSS

Exploits0References1

CVE•added 5 days ago•13 views

CVE-2026-49062

CVE-2026-49062 concerns the WordPress plugin Faust.js (faustwp)

8.8CVSS5.3AI score0.00299EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by