CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

304 matches found

CVE-2026-11434

A weakness has been identified in FluentCMS 0.0.5. The impacted element is an unknown function of the file /admin/blocks of the component Blocks Plugin. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could...

4.8CVSS

Exploits0References5

ATTACKERKB•added 5 hours ago•5 views

CVE-2026-11434

4.8CVSS3.8AI score

Exploits0References5

EUVD•added 5 hours ago•7 views

EUVD-2026-34969

4.8CVSS3.9AI score

Exploits0References5

CVE•added 5 hours ago•18 views

CVE-2026-11434

CVE-2026-11434 affects FluentCMS 0.0.5, specifically the Blocks Plugin via an unknown function in the /admin/blocks file. The issue allows a cross site scripting (XSS) flaw due to manipulation of that function, with remote initiation possible. Public exploits exist according to the record, and th...

4.8CVSS3.8AI score

Exploits0References5

Cvelist•added 5 hours ago•8 views

CVE-2026-11434 FluentCMS Blocks Plugin blocks cross site scripting

4.8CVSS

Exploits0References5

Positive Technologies•added 20 hours ago•6 views

PT-2026-47156

4.8CVSS3.8AI score

Exploits0References6

RedhatCVE•added yesterday•3 views

CVE-2026-6551

The Timeline Blocks for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titleTag' attribute of the timeline-blocks/tb-timeline-blocks block in all versions up to, and including, 1.1.10 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS5.7AI score0.00046EPSS

Exploits0References1

EUVD•added 2026/05/30 9:29 a.m.•8 views

EUVD-2026-33454

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.19.25. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server...

8.8CVSS6.1AI score0.00077EPSS

Exploits1References6

NVD•added 2026/05/20 2:16 a.m.•10 views

CVE-2026-6394

The Nexa Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Server-Side Request Forgery SSRF in versions up to and including 1.1.1. This is due to the importdemo function accepting a user-supplied URL in the demojsonfile POST parameter and...

5.4CVSS0.001EPSS

Exploits0References7

Positive Technologies•added 2026/05/20 12:0 a.m.•6 views

PT-2026-42060

The Nexa Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Server-Side Request Forgery SSRF in versions up to and including 1.1.1. This is due to the import demo function accepting a user-supplied URL in the demo json file POST parameter and...

5.4CVSS5.9AI score0.001EPSS

Exploits0References9

RedhatCVE•added 2026/05/04 8:21 p.m.•2 views

CVE-2026-6378

The Maxi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the /wp-json/maxi-blocks/v1.0/style-card REST API endpoint in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping of the scstyles parameter. This makes it possible...

6.4CVSS6AI score0.00073EPSS

Exploits0References1

NVD•added 2026/05/02 5:16 a.m.•1 views

CVE-2026-4658

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the className, classHook, and blockId attributes in the Add to Cart block essential-blocks/add-to-cart in all versions up to, and including, 6.0.4. This...

6.4CVSS0.00027EPSS

Exploits0References10

CVE•added 2026/05/02 4:27 a.m.•7 views

CVE-2026-4658

The CVE-2026-4658 entry concerns the WordPress plugin Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates (Add-to-Cart block). Affected: all versions up to 6.0.4. Root cause: insufficient output escaping in render_callback() where class and data-id attributes are built via raw ...

6.4CVSS6AI score0.00027EPSS

Exploits0References10

NVD•added 2026/05/02 4:16 a.m.•2 views

CVE-2026-6378

6.4CVSS0.00073EPSS

Exploits0References10

EUVD•added 2026/05/02 3:36 a.m.•1 views

EUVD-2026-26728

6.4CVSS6AI score0.00073EPSS

Exploits0References10

Cvelist•added 2026/05/02 3:36 a.m.•23 views

CVE-2026-6378 Maxi Blocks <= 2.1.9 - Authenticated (Author+) Stored Cross-Site Scripting via Style Card REST API

6.4CVSS0.00073EPSS

Exploits0References10

RedhatCVE•added 2026/05/01 8:48 p.m.•3 views

CVE-2026-2892

The Otter Blocks plugin for WordPress is vulnerable to Purchase Verification Bypass in all versions up to, and including, 3.1.4. This is due to the 'getcustomerdata' method relying on an unsigned 'ostripedata' cookie to determine Stripe product ownership for unauthenticated users. The...

7.5CVSS5.8AI score0.00081EPSS

Exploits0References1

CVE•added 2026/04/30 1:28 p.m.•4 views

CVE-2026-2892

Summary (CVE-2026-2892): The Otter Blocks WordPress plugin (all versions up to 3.1.4) is vulnerable to a Purchase Verification Bypass. The root cause is the get_customer_data function relying on an unsigned o_stripe_data cookie to determine Stripe product ownership for unauthenticated users, whil...

7.5CVSS5.3AI score0.00081EPSS

Exploits0References5

NVD•added 2026/04/28 6:16 a.m.•1 views

CVE-2026-6551

6.4CVSS0.00046EPSS

Exploits0References7

ATTACKERKB•added 2026/04/22 7:45 a.m.•3 views

CVE-2026-5820

The Zypento Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 1.0.6. This is due to the front-end TOC rendering script reading heading text via innerText and inserting it into the page using innerHTML...

6.4CVSS5.9AI score0.00012EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by