CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

138 matches found

Packet Storm•added 2026/04/10 12:0 a.m.•101 views

📄 WordPress Contact List 3.0.17 Cross Site Scripting

WordPress Contact List plugin versions 3.0.17 and below suffer from a persistent cross site scripting vulnerability. CVE-2026-3516: Authenticated Stored Cross-Site Scripting XSS in Contact List Plugin Disclaimer: This repository is created for educational purposes and ethical disclosure only. The...

6.4CVSS5.2AI score0.00024EPSS

Exploits1

RedhatCVE•added 2026/03/26 3:12 p.m.•3 views

CVE-2026-3516

The Contact List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'clmapiframe' parameter in all versions up to, and including, 3.0.18. This is due to insufficient input sanitization and output escaping when handling the Google Maps iframe custom field. The saveCustomFiel...

6.4CVSS6AI score0.00024EPSS

Exploits1References1

EUVD•added 2026/03/21 12:31 a.m.•3 views

EUVD-2026-13922

6.4CVSS6AI score0.00024EPSS

Exploits1References9

NVD•added 2026/03/21 12:16 a.m.•3 views

CVE-2026-3516

6.4CVSS0.00024EPSS

Exploits1References8

CNNVD•added 2026/03/21 12:0 a.m.•5 views

WordPress plugin Contact List 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.6AI score0.00024EPSS

Exploits1References8

ATTACKERKB•added 2026/03/20 11:25 p.m.•3 views

CVE-2026-3516

6.4CVSS6AI score0.00024EPSS

Exploits1References9

Vulnrichment•added 2026/03/20 11:25 p.m.•2 views

CVE-2026-3516 Contact List <= 3.0.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via '_cl_map_iframe' Parameter

6.4CVSS6AI score0.00024EPSS

Exploits1References8

Cvelist•added 2026/03/20 11:25 p.m.•27 views

CVE-2026-3516 Contact List <= 3.0.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via '_cl_map_iframe' Parameter

6.4CVSS0.00024EPSS

Exploits1References8

Patchstack•added 2026/03/20 9:14 p.m.•5 views

WordPress Contact List plugin <= 3.0.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via '_cl_map_iframe' Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'clmapiframe' Parameter vulnerability discovered by Tharadol Suksamran d3kc4rt1 in WordPress Plugin Contact List versions = 3.0.18...

6.4CVSS5.8AI score0.00024EPSS

Exploits1References1Affected Software1

Positive Technologies•added 2026/03/20 12:0 a.m.•2 views

PT-2026-26720

The Contact List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ' cl map iframe' parameter in all versions up to, and including, 3.0.18. This is due to insufficient input sanitization and output escaping when handling the Google Maps iframe custom field. The...

6.4CVSS6AI score0.00024EPSS

Exploits1References9

Malwarebytes•added 2026/02/27 11:29 a.m.•6 views

Inside a fake Google security check that becomes a browser RAT

A website styled to resemble a Google Account security page is distributing what may be one of the most fully featured browser-based surveillance toolkits we have observed in the wild. Disguised as a routine security checkup, it walks victims through a four-step flow that grants the attacker push...

6.3AI score

Exploits0

RedhatCVE•added 2026/01/09 9:5 a.m.•6 views

CVE-2024-34821

Missing Authorization vulnerability in Anssi Laitila Contact List contact-list.This issue affects Contact List: from n/a through = 2.9.87...

5.3CVSS5.9AI score0.00111EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2011-4780

Malware in sbrugna...

5.8CVSS6.4AI score0.00243EPSS

Exploits1References3