CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/03/28 6:46 a.m.•34 views

CVE-2026-1307 Ninja Forms <= 3.14.1 - Authenticated (Contributor+) Sensitive Information Disclosure via Block Editor Token

The Ninja Forms - The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.1 via a callback function for the adminenqueuescripts action handler in blocks/bootstrap.php. This makes it possible for...

6.5CVSS0.00039EPSS

RedhatCVE•added 2026/02/04 7:28 p.m.•2 views

CVE-2026-24952

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Stored XSS.This issue affects Seriously Simple Podcasting: from n/a through = 3.14.1...

ATTACKERKB•added 2026/02/03 2:8 p.m.•3 views

CVE-2026-24952

5.3AI score0.00045EPSS

Cvelist•added 2026/02/03 2:8 p.m.•26 views

CVE-2026-24952 WordPress Seriously Simple Podcasting plugin <= 3.14.1 - Cross Site Scripting (XSS) vulnerability

6.5CVSS0.00045EPSS

Vulnrichment•added 2026/02/03 2:8 p.m.•3 views

CVE-2026-24952 WordPress Seriously Simple Podcasting plugin <= 3.14.1 - Cross Site Scripting (XSS) vulnerability

CVE•added 2026/02/03 2:8 p.m.•7 views

CVE-2026-24952

Summary: CVE-2026-24952 affects the WordPress plugin Seriously Simple Podcasting (≤ 3.14.1). The issue is stored Cross-Site Scripting caused by improper input handling during web page generation. Impact: CVSSv3.1 base score 6.5 (Medium); confidentiality, integrity, and availability are LOW. Root ...

Positive Technologies•added 2026/02/03 12:0 a.m.•1 views

PT-2026-6222

Name of the Vulnerable Software and Affected Versions Seriously Simple Podcasting versions through 3.14.1 Description The software contains a flaw related to improper input handling during web page creation, which allows for Stored Cross-site Scripting XSS. This means malicious scripts can be...

6.5CVSS5.4AI score0.00045EPSS

Patchstack•added 2026/02/02 8:1 a.m.•7 views

WordPress GiveWP - Donation Plugin and Fundraising Platform plugin <= 3.14.1 - Unauthenticated PHP Object Injection to Remote Code Execution vulnerability

WordPress GiveWP - Donation Plugin and Fundraising Platform plugin = 3.14.1 - Unauthenticated PHP Object Injection to Remote Code Execution vulnerability discovered by villu164 in WordPress Plugin GiveWP versions = 3.14.1...

10CVSS8.7AI score0.94173EPSS

Exploits10References1Affected Software1

NVD•added 2026/01/22 5:16 p.m.•3 views

CVE-2026-24360

Server-Side Request Forgery SSRF vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Server Side Request Forgery.This issue affects Seriously Simple Podcasting: from n/a through = 3.14.1...

4.4CVSS0.00042EPSS

Vulnrichment•added 2026/01/22 4:52 p.m.•3 views

CVE-2026-24360 WordPress Seriously Simple Podcasting plugin <= 3.14.1 - Server Side Request Forgery (SSRF) vulnerability

4.4CVSS5.4AI score0.00042EPSS

CVE•added 2026/01/22 4:52 p.m.•3 views

CVE-2026-24360

CVE-2026-24360 is an SSRF vulnerability in the WordPress plugin Seriously Simple Podcasting (formerly named Seriously Simple Podcasting by Craig Hewitt). Public data confirms this affects Seriously Simple Podcasting versions from n/a up to and including 3.14.1. The CVSS v3.1 score is 4.6 (Medium)...

4.4CVSS5.4AI score0.00042EPSS

Positive Technologies•added 2026/01/22 12:0 a.m.•2 views

PT-2026-4255

5.4AI score0.00042EPSS

CNNVD•added 2026/01/22 12:0 a.m.•1 views

WordPress plugin Seriously Simple Podcasting has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. The WordPre...

4.4CVSS5.8AI score0.00042EPSS

Tenable Nessus•added 2026/01/16 12:0 a.m.•2 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000672)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000672 advisory. Integer overflow in the pinginitsock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service use-after-free an...

6.9CVSS7AI score0.00299EPSS

Exploits7References12

Patchstack•added 2025/12/21 2:9 a.m.•3 views

WordPress Seriously Simple Podcasting plugin <= 3.14.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Seriously Simple Podcasting versions = 3.14.1...