CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1111109 matches found

CVE-2026-7796

The EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block 'url' attribute in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping...

6.4CVSS

Exploits0References12

CVE•added 1 hour ago•3 views

CVE-2026-7796 EmbedPress <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block 'url' Attribute

6.4CVSS

Exploits0References11

Cvelist•added 1 hour ago•2 views

CVE-2026-7796 EmbedPress <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block 'url' Attribute

6.4CVSS

Exploits0References11

CVE•added 1 hour ago•3 views

CVE-2026-7795 Click to Chat <= 4.39 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'num' Shortcode Parameter

The Click to Chat – WA Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the chat shortcode 'num' parameter in all versions up to, and including, 4.38. This is due to insufficient escaping when embedding user-supplied shortcode attribute values inside JavaScript string...

6.4CVSS

Exploits0References11

ATTACKERKB•added 1 hour ago•1 views

CVE-2026-7795

6.4CVSS

Exploits0References12

Cvelist•added 1 hour ago•2 views

CVE-2026-9280 Ad Inserter <= 2.8.15 - Reflected Cross-Site Scripting via URL Parameters in iframe Mode

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL Parameters in iframe Mode in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS

Exploits0References8

ATTACKERKB•added 1 hour ago•1 views

CVE-2026-8991

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dragndroptext' and 'dragndropbrowsetext' Settings in all versions up to, and including, 1.3.9.7 due to insufficient input sanitization and output escaping. This makes i...

4.4CVSS

Exploits0References9

CVE•added 1 hour ago•2 views

CVE-2026-8991 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'drag_n_drop_text' and 'drag_n_drop_browse_text' Settings

4.4CVSS

Exploits0References8

Cvelist•added 1 hour ago•2 views

4.4CVSS

Exploits0References8

NVD•added 1 hour ago•4 views

CVE-2026-9281

The Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'jtlmacustomjs' Page Setting Custom JS Extension in all versions up to, and including, 3.1.0 due to insufficient input...

6.4CVSS

Exploits0References8

NVD•added 1 hour ago•3 views

CVE-2026-8438

The All-In-One Security AIOS – Security and Firewall plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.4.7. This is due to insufficient input sanitization in the getrestroute function and missing output escaping in the columndefault method of the...

7.2CVSS

Exploits0References10

ATTACKERKB•added 2 hours ago•2 views

CVE-2026-8901

The Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Form Submission Data in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This make...

7.2CVSS

Exploits0References11

Cvelist•added 2 hours ago•5 views

CVE-2026-8901 Integration for Freshsales <= 1.0.15 - Unauthenticated Stored Cross-Site Scripting via Form Submission Data

7.2CVSS

Exploits0References10

ATTACKERKB•added 2 hours ago•1 views

CVE-2026-8438

7.2CVSS

Exploits0References11

CVE•added 2 hours ago•6 views

CVE-2026-8901

CVE-2026-8901 affects the WordPress plugin “Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More.” It is vulnerable to Stored Cross-Site Scripting via Form Submission Data in all versions up to 1.0.15, caused by insufficient input sanitization and output escapin...

7.2CVSS5.7AI score

Exploits0References10

ATTACKERKB•added 2 hours ago•1 views

CVE-2026-9281

6.4CVSS

Exploits0References9

CVE•added 2 hours ago•6 views

CVE-2026-9281

The CVE-2026-9281 affects the WordPress plugin Master Addons For Elementor (Widgets/Extensions/Theme Builder/Popup Builder & Template Kits). Vulnerable component: the jtlma_custom_js (Custom JS Extension) page-setting storage, where insufficient input sanitization and output escaping allow a stor...

6.4CVSS5.7AI score

Exploits0References8

RedhatCVE•added 2 hours ago•5 views

CVE-2026-38579

Multiple reflected Cross-Site Scripting XSS vulnerabilities in damasac thaipalliativelte through version 3.0 allow remote attackers to inject arbitrary web script or HTML via the idFormMain parameter line 24, the id parameter lines 25, 75, and the ptidkey parameter lines 26, 42 in...

5.6AI score

Exploits1References1

RedhatCVE•added 2 hours ago•2 views

CVE-2026-42547

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assigned to them. This can be abused to falsely attribute fake alerts to customers. In combination wit...

5.4CVSS5.4AI score0.00025EPSS

Exploits0References1

RedhatCVE•added 2 hours ago•3 views

CVE-2026-42538

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application can therefore be misused to host phishing pages, amongst other things. This also creates another...

6.3CVSS5.4AI score0.00031EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by