CWE-86 CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (9483 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-1280	2 Najeebmedia, Wordpress	2 Frontend File Manager Plugin, Wordpress	2026-01-29	7.5 High
The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfm_send_file_in_email' AJAX action in all versions up to, and including, 23.5. This makes it possible for unauthenticated attackers to share arbitrary uploaded files via email by supplying a file ID. Since file IDs are sequential integers, attackers can enumerate all uploaded files on the site and exfiltrate sensitive data that was intended to be restricted to administrators only.
CVE-2026-1298	1 Wordpress	1 Wordpress	2026-01-29	5.3 Medium
The Easy Replace Image plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.5.2. This is due to missing capability checks on the `image_replacement_from_url` function that is hooked to the `eri_from_url` AJAX action. This makes it possible for authenticated attackers, with Contributor-level access and above, to replace arbitrary image attachments on the site with images from external URLs, potentially enabling site defacement, phishing attacks, or content manipulation.
CVE-2025-54743	2 Mkscripts, Wordpress	2 Download After Email, Wordpress	2026-01-29	5.3 Medium
Missing Authorization vulnerability in mkscripts Download After Email download-after-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download After Email: from n/a through 2.1.5-2.1.6.
CVE-2025-58877	2 Javothemes, Wordpress	2 Javo Core, Wordpress	2026-01-29	7.5 High
Missing Authorization vulnerability in javothemes Javo Core javo-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Javo Core: from n/a through <= 3.0.0.529.
CVE-2025-64352	2 Wordpress, Wpdeveloper	2 Wordpress, Essential Addons For Elementor	2026-01-29	2.7 Low
Missing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Addons for Elementor: from n/a through <= 6.2.4.
CVE-2025-67958	3 Taxcloud, Woocommerce, Wordpress	3 Taxcloud For Woocommerce, Woocommerce, Wordpress	2026-01-29	6.5 Medium
Missing Authorization vulnerability in Taxcloud TaxCloud for WooCommerce simple-sales-tax allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TaxCloud for WooCommerce: from n/a through <= 8.3.8.
CVE-2025-66143	1 Wordpress	1 Wordpress	2026-01-29	5.4 Medium
Missing Authorization vulnerability in merkulove Crumber crumber-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Crumber: from n/a through <= 1.0.10.
CVE-2025-66142	2 Merkulove, Wordpress	2 Comparimager For Elementor, Wordpress	2026-01-29	5.4 Medium
Missing Authorization vulnerability in merkulove Comparimager for Elementor comparimager-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Comparimager for Elementor: from n/a through <= 1.0.1.
CVE-2025-66141	1 Wordpress	1 Wordpress	2026-01-29	5.4 Medium
Missing Authorization vulnerability in merkulove Scroller scroller allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Scroller: from n/a through <= 2.0.2.
CVE-2025-66139	2 Merkulove, Wordpress	2 Audier For Elementor, Wordpress	2026-01-29	5.4 Medium
Missing Authorization vulnerability in merkulove Audier For Elementor audier-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audier For Elementor: from n/a through <= 1.0.9.
CVE-2025-68911	2 Solacewp, Wordpress	2 Solace, Wordpress	2026-01-29	6.5 Medium
Missing Authorization vulnerability in solacewp Solace solace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Solace: from n/a through <= 2.1.16.
CVE-2025-68019	2 Cleverplugins, Wordpress	2 Seo Booster, Wordpress	2026-01-29	6.5 Medium
Missing Authorization vulnerability in cleverplugins SEO Booster seo-booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEO Booster: from n/a through <= 6.1.8.
CVE-2025-67967	2 E-plugins, Wordpress	2 Lawyer Directory, Wordpress	2026-01-29	7.6 High
Missing Authorization vulnerability in e-plugins Lawyer Directory lawyer-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Directory: from n/a through <= 1.3.3.
CVE-2025-68009	1 Wordpress	1 Wordpress	2026-01-28	6.5 Medium
Missing Authorization vulnerability in Codeless Slider Templates slider-templates allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Slider Templates: from n/a through <= 1.0.3.
CVE-2025-68007	2 Eventespresso, Wordpress	2 Event Espresso 4 Decaf, Wordpress	2026-01-28	6.5 Medium
Missing Authorization vulnerability in Event Espresso Event Espresso 4 Decaf event-espresso-decaf allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Espresso 4 Decaf: from n/a through <= 5.0.37.decaf.
CVE-2025-68039	1 Wordpress	1 Wordpress	2026-01-28	6.5 Medium
Missing Authorization vulnerability in Chris Simmons WP BackItUp wp-backitup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP BackItUp: from n/a through <= 2.0.0.
CVE-2025-68020	2 Wanotifier, Wordpress	2 Wanotifier, Wordpress	2026-01-28	6.5 Medium
Missing Authorization vulnerability in WANotifier WANotifier notifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WANotifier: from n/a through <= 2.7.12.
CVE-2025-68013	3 Cardpaysolutions, Woocommerce, Wordpress	3 Payment Gateway Authorize.net Cim For Woocommerce, Woocommerce, Wordpress	2026-01-28	6.5 Medium
Missing Authorization vulnerability in cardpaysolutions Payment Gateway Authorize.Net CIM for WooCommerce authnet-cim-for-woo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway Authorize.Net CIM for WooCommerce: from n/a through <= 2.1.2.
CVE-2026-24529	2 Alejandro, Wordpress	2 Quick Restaurant Reservations, Wordpress	2026-01-28	5.3 Medium
Missing Authorization vulnerability in Alejandro Quick Restaurant Reservations quick-restaurant-reservations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Restaurant Reservations: from n/a through <= 1.6.7.
CVE-2026-22447	1 Wordpress	1 Wordpress	2026-01-28	5.3 Medium
Missing Authorization vulnerability in Select-Themes Prowess prowess allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Prowess: from n/a through <= 1.8.1.

« first previous Page 33 of 475. next last »