CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

263207 matches found

Cvelist•added 2026/06/09 11:48 a.m.•24 views

CVE-2016-20062 Simply Poll 1.4.1 Plugin for WordPress SQL Injection

Simply Poll 1.4.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the 'pollid' POST parameter. Attackers can send requests to the admin-ajax.php endpoint with the 'spAjaxResults' actio...

8.8CVSS0.0027EPSS

Exploits0References4

NVD•added 2026/06/09 10:16 a.m.•11 views

CVE-2026-4058

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the usersubscriptioncancel function in all versions up to, and including, 4.3.2. Thi...

4.3CVSS0.00165EPSS

Exploits0References2

Patchstack•added 2026/06/09 9:59 a.m.•10 views

WordPress Booking Package plugin <= 1.7.16 - Authenticated (Editor+) Privilege Escalation vulnerability

Authenticated Editor+ Privilege Escalation vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Booking Package versions = 1.7.16...

7.2CVSS5.5AI score0.00348EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/06/09 9:50 a.m.•10 views

WordPress Ad Inserter – Ad Manager & AdSense Ads plugin <= 2.8.15 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by darkmode in WordPress Plugin Ad Inserter versions = 2.8.15...

6.1CVSS5.4AI score0.00225EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/06/09 9:46 a.m.•11 views

WordPress Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More plugin <= 1.0.15 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by PeterPatter - - in WordPress Plugin Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More versions = 1.0.15...

7.2CVSS5.5AI score0.00292EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/06/09 9:39 a.m.•10 views

WordPress Advanced Google reCAPTCHA plugin <= 5.38 - Authenticated (Subscriber+) Authentication Bypass vulnerability

Authenticated Subscriber+ Authentication Bypass vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin Advanced Google reCAPTCHA versions = 5.38...

8.8CVSS5.5AI score0.00335EPSS

Exploits1References1Affected Software1

CVE•added 2026/06/09 9:28 a.m.•17 views

CVE-2026-4058

The CVE-2026-4058 entry concerns the WordPress plugin “User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration”. A missing capability check in user_subscription_cancel() across all versions up to 4.3.2 allows authenticated users with Subscriber-level ac...

4.3CVSS5.5AI score0.00165EPSS

Exploits0References2

EUVD•added 2026/06/09 9:28 a.m.•9 views

EUVD-2026-35388

4.3CVSS5.5AI score0.00165EPSS

Exploits0References2

Vulnrichment•added 2026/06/09 9:28 a.m.•7 views

CVE-2026-4058 User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.3.2 - Missing Authorization to Authenticated (Subscriber+) Subscription Pack Cancellation

4.3CVSS5.5AI score0.00165EPSS

Exploits0References2

Cvelist•added 2026/06/09 9:28 a.m.•36 views

4.3CVSS0.00165EPSS

Exploits0References2

Patchstack•added 2026/06/09 9:25 a.m.•6 views

WordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.4 - Unauthenticated Authentication Bypass to Administrator Account Takeover vulnerability

Unauthenticated Authentication Bypass to Administrator Account Takeover vulnerability discovered by Mitchell in WordPress Plugin Hippoo Mobile App for WooCommerce versions = 1.9.4...

9.8CVSS5.5AI score0.01791EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/06/09 9:22 a.m.•7 views

WordPress WP User Manager – User Profile Builder & Membership plugin <= 2.9.17 - Unauthenticated Path Traversal to Local File Inclusion vulnerability

Unauthenticated Path Traversal to Local File Inclusion vulnerability discovered by Yat in WordPress Plugin WP User Manager versions = 2.9.17...

7.5CVSS5.5AI score0.01862EPSS

Exploits0References1Affected Software1

NVD•added 2026/06/09 9:16 a.m.•8 views

CVE-2026-7542

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions 7.0 to 7.0.10. This is due to three compounding design flaws: 1 the plugin leaks a valid backend AJAX nonce revslideractions to all authenticated users including Subscribers via the adminfoote...

6.5CVSS0.00271EPSS

Exploits0References2

NVD•added 2026/06/09 9:16 a.m.•10 views

CVE-2026-11616

The Events Calendar for GeoDirectory plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 2.3.28. This is due to the ajaxayiaction handler only applying striptagsescsql — with no allow-list — to the attacker-controlled $POST'type' and $POST'postid' values...

8.8CVSS0.00304EPSS

Exploits0References4

Patchstack•added 2026/06/09 9:16 a.m.•6 views

WordPress 6Storage Rentals plugin <= 2.26.0 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by g0wthr in WordPress Plugin 6Storage Rentals versions = 2.26.0...

7.5CVSS5.2AI score0.00403EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/06/09 9:11 a.m.•8 views

WordPress Advanced Google reCAPTCHA plugin <= 5.38 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by h0xilo in WordPress Plugin Advanced Google reCAPTCHA versions = 5.38...

8.8CVSS5.5AI score0.00462EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/06/09 9:4 a.m.•10 views

WordPress Events Calendar for GeoDirectory plugin <= 2.3.28 - Authenticated (Subscriber+) Privilege Escalation vulnerability

Authenticated Subscriber+ Privilege Escalation vulnerability discovered by Mitchell in WordPress Plugin Events Calendar for GeoDirectory versions = 2.3.28...

8.8CVSS5.4AI score0.00304EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/06/09 9:0 a.m.•9 views

WordPress Recover Exit For WooCommerce plugin <= 1.0.3 - Unauthenticated Local File Inclusion vulnerability

Unauthenticated Local File Inclusion vulnerability discovered by hacnho - VCCorp in WordPress Plugin Recover Exit For WooCommerce versions = 1.0.3...

8.1CVSS5.4AI score0.00551EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/06/09 8:29 a.m.•35 views

CVE-2026-8677 Prime Elementor Addons <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget HTML Tag Settings

The Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Widget HTML Tag Settings in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS0.00262EPSS

Exploits0References16

Vulnrichment•added 2026/06/09 7:49 a.m.•4 views

CVE-2026-7542 Slider Revolution 7.0 - 7.0.10 - Authenticated (Subscriber+) Sensitive Information Disclosure

6.5CVSS5.3AI score0.00271EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by