CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20675 matches found

EUVD•added yesterday•3 views

EUVD-2026-36923

Unauthenticated Cross Site Scripting XSS in WooCommerce Product Table Lite = 4.6.3 versions...

7.1CVSS5.1AI score

Exploits0References2

CVE•added yesterday•6 views

CVE-2026-49773

CVE-2026-49773 refers to a Cross Site Scripting (XSS) vulnerability in WordPress FV Flowplayer Video Player plugin versions earlier than 7.5.51.7212. The vulnerability is described as a Subscriber XSS issue; CVSS v3.1 base score is 6.5 (MEDIUM) with network attack vector, required user interactio...

6.5CVSS5.1AI score

Exploits0References1

EUVD•added yesterday•3 views

EUVD-2026-36865

Unauthenticated Cross Site Scripting XSS in Funnel Builder by FunnelKit = 3.15.0.2 versions...

7.1CVSS5.1AI score

Exploits0References1

EUVD•added yesterday•2 views

EUVD-2026-36859

Unauthenticated Cross Site Scripting XSS in HollerBox = 2.3.10.1 versions...

7.1CVSS5.1AI score

Exploits0References1

CVE•added yesterday•8 views

CVE-2026-48885

CVE-2026-48885 concerns a Cross-Site Scripting (XSS) vulnerability in the WordPress HollerBox plugin for versions ≤ 2.3.10.1. The issue is described as unauthenticated XSS. The PatchStack entry assigns a CVSS v3.1 base score of 7.1 (HIGH), with network attack vector, no privileges required, user ...

7.1CVSS5.1AI score

Exploits0References1

CVE•added yesterday•7 views

CVE-2026-45437

The CVE-2026-45437 entry concerns the WordPress Product Filter Widget for Elementor plugin (versions

7.1CVSS5.1AI score

Exploits0References1

Cvelist•added yesterday•12 views

CVE-2026-45437 WordPress Product Filter Widget for Elementor plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Product Filter Widget for Elementor = 1.0.6 versions...

7.1CVSS

Exploits0References1

EUVD•added yesterday•4 views

EUVD-2026-36836

Subscriber Cross Site Scripting XSS in Modula Image Gallery = 2.14.23 versions...

6.5CVSS5.1AI score

Exploits0References1

CVE•added yesterday•3 views

CVE-2026-42663

CVE-2026-42663 affects WordPress plug‑in Simple Membership (versions ≤ 4.7.2). Unauthenticated Cross Site Scripting (XSS) vulnerability reported. Connected sources confirm the impact type but do not provide concrete exploit details, affected files, root cause, or remediation steps within the supp...

6.5CVSS5.1AI score

Exploits0References1

CVE•added yesterday•6 views

CVE-2026-42650

The CVE-2026-42650 entry concerns the WordPress AutomatorWP plugin (versions

7.2CVSS5.1AI score

Exploits0References1

CVE•added yesterday•4 views

CVE-2026-41556

CVE-2026-41556 concerns the WordPress ProfilePress plugin (versions <= 4.16.13) with a Cross Site Scripting (XSS) vulnerability. According to the CVE record, the issue affects ProfilePress

6.5CVSS5.1AI score

Exploits0References1

CVE•added yesterday•3 views

CVE-2026-40791

CVE-2026-40791 affects the WordPress plugin WP Time Slots Booking Form (versions

7.1CVSS5.1AI score

Exploits0References1

Cvelist•added yesterday•12 views

CVE-2026-40791 WordPress WP Time Slots Booking Form plugin <= 1.2.46 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in WP Time Slots Booking Form = 1.2.46 versions...

7.1CVSS

Exploits0References1

CVE•added yesterday•4 views

CVE-2026-39463

CVE-2026-39463 affects the WordPress plugin ManageWP Worker (versions

7.1CVSS5.1AI score

Exploits0References1

CVE•added yesterday•13 views

CVE-2026-23970

The CVE covers WordPress plugin Redirection for Contact Form 7 (versions

7.1CVSS5.1AI score

Exploits0References1

CVE•added yesterday•4 views

CVE-2026-49294

Valhalla (open source routing engine) versions ≤ 3.6.3 are affected by a reflected XSS in the JSONP callback parameter. The input is reflected into the JavaScript response without validation or encoding, enabling an attacker to craft a URL whose callback contains arbitrary JavaScript. If a victim...

6.1CVSS5.1AI score

Exploits0References1

NVD•added yesterday•6 views

CVE-2025-15658

Administrator Cross Site Scripting XSS in WP Emmet = 0.3.4 versions...

5.9CVSS

Exploits0References1

CVE•added yesterday•4 views

CVE-2025-15658

The CVE describes an Administrator-XSS vulnerability in the WordPress WP Emmet plugin versions

5.9CVSS5.1AI score

Exploits0References1

Cvelist•added yesterday•19 views

CVE-2016-20070 WordPress Booking Calendar Contact Form 1.0.23 Privilege Escalation Stored XSS

WordPress Booking Calendar Contact Form 1.0.23 contains privilege escalation and stored cross-site scripting vulnerabilities that allow authenticated users to modify plugin options and inject malicious scripts by failing to verify user privileges and sanitize input parameters. Attackers with...

6.4CVSS

Exploits0References3

CVE•added yesterday•5 views

CVE-2016-20066

WordPress CP Polls 1.0.8 is affected by a persistent cross-site scripting (XSS) vulnerability via unsanitized file upload functionality. Attackers can upload files containing script payloads (e.g., onerror handlers) to execute arbitrary JavaScript in the browsers of users viewing the affected con...

7.2CVSS5.4AI score

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by