CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/05/12 11:2 a.m.•20 views

CVE-2026-45214

CVE-2026-45214 : SQL injection vulnerability in the WordPress plugin “Xpro Elementor Addons” (xpro-elementor-addons) up to version

ATTACKERKB•added 2026/05/12 11:2 a.m.•9 views

CVE-2026-45214

Vulnrichment•added 2026/05/12 11:2 a.m.•6 views

CVE-2026-45214 WordPress Xpro Elementor Addons plugin <= 1.5.1 - SQL Injection vulnerability

Cvelist•added 2026/05/12 11:2 a.m.•47 views

CVE-2026-45214 WordPress Xpro Elementor Addons plugin <= 1.5.1 - SQL Injection vulnerability

8.5CVSS0.00223EPSS

CNNVD•added 2026/05/12 12:0 a.m.•6 views

WordPress plugin Xpro Elementor Addons SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.5CVSS5.9AI score0.00223EPSS

Positive Technologies•added 2026/05/12 12:0 a.m.•6 views

PT-2026-40014

EUVD•added 2026/05/08 12:31 p.m.•9 views

EUVD-2026-28543

The Sky Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sky-custom-scripts custom post type in all versions up to, and including, 3.3.2. This is due to the custom post type being registered with capabilitytype = 'post' and showinrest = true, combined with...

6.4CVSS6AI score0.00244EPSS

Exploits0References8

NVD•added 2026/05/08 10:16 a.m.•8 views

CVE-2026-7475

6.4CVSS0.00244EPSS

Exploits0References7

Cvelist•added 2026/05/08 9:26 a.m.•29 views

CVE-2026-7475 Sky Addons <= 3.3.2 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Script

6.4CVSS0.00244EPSS

Exploits0References7

ATTACKERKB•added 2026/05/08 9:26 a.m.•4 views

CVE-2026-7475

6.4CVSS6AI score0.00244EPSS

Exploits0References8

Vulnrichment•added 2026/05/08 9:26 a.m.•7 views

CVE-2026-7475 Sky Addons <= 3.3.2 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Script

6.4CVSS6AI score0.00244EPSS

Exploits0References7

vulnersOsv•added 2026/05/08 12:0 a.m.•4 views

ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +518 more potentially affected by CVE-2026-41713 via org.springframework.ai:spring-ai-model (>=1.1.0-M1 <=1.1.5)

org.springframework.ai:spring-ai-model MAVEN version =1.1.0-M1, =0.1.0, =0.1.0, =0.8.0, =0.7.0, =0.7.0, =0.8.0, =1.0.0, =1.0.0, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.6 and more Source cves: CVE-2026-41713 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16624613...

8.2CVSS5.4AI score0.00218EPSS

Exploits0

vulnersOsv•added 2026/05/08 12:0 a.m.•4 views

ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +62 more potentially affected by CVE-2026-41712 via org.springframework.ai:spring-ai-openai (>=1.1.0-M1 <=1.1.5)

org.springframework.ai:spring-ai-openai MAVEN version =1.1.0-M1, =0.1.0, =0.1.0, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =0.6.0, =1.21.2, =1.1.0.0, =1.1.0.0, =1.1.2.3 and more Source cves: CVE-2026-41712 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16624639...

7.5CVSS5.4AI score0.0026EPSS

Exploits0

CNNVD•added 2026/05/08 12:0 a.m.•6 views

WordPress plugin Sky Addons 跨站脚本漏洞

6.4CVSS5.9AI score0.00244EPSS

Positive Technologies•added 2026/05/08 12:0 a.m.•6 views

PT-2026-38904

Name of the Vulnerable Software and Affected Versions Sky Addons versions prior to 3.3.3 Description The Sky Addons plugin for WordPress allows authenticated attackers with Author-level access or higher to inject arbitrary web scripts. This occurs because the sky-custom-scripts custom post type i...

6.4CVSS5.9AI score0.00244EPSS

Exploits0References10

vulnersOsv•added 2026/05/08 12:0 a.m.•4 views

ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +288 more potentially affected by CVE-2026-41713 via org.springframework.ai:spring-ai-client-chat (>=1.1.0-M1 <=1.1.5)

org.springframework.ai:spring-ai-client-chat MAVEN version =1.1.0-M1, =0.1.0, =0.1.0, =1.0.0, =1.0.0, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =0.6.0, =1.1.0, =1.1.0, =1.1.0, =1.1.4 and more Source cves: CVE-2026-41713 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16624614...

8.2CVSS5.4AI score0.00218EPSS

Exploits0

Patchstack•added 2026/05/07 8:49 p.m.•4 views

WordPress Sky Addons – Elementor Addons with Widgets & Templates plugin <= 3.3.2 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Sky Addons for Elementor versions = 3.3.2...

6.4CVSS5.8AI score0.00244EPSS

Exploits0References1Affected Software1

EUVD•added 2026/05/07 9:31 a.m.•7 views

EUVD-2026-28338

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WProyal Royal Elementor Addons allows Stored XSS. This issue affects Royal Elementor Addons: from n/a before 1.7.1053...

6.5CVSS5.8AI score0.00127EPSS

EUVD•added 2026/05/07 9:31 a.m.•6 views

EUVD-2026-28332

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs Happy Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Happy Addons for Elementor: from n/a through 3.20.8...

5.3CVSS5.8AI score0.00262EPSS