CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

94 matches found

The Hacker News•added 2026/05/23 9:51 a.m.•17 views

Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver a comprehensive credential-stealing framework. The affected packages include - laravel-lang/lang laravel-lang/http-statuses...

6AI score

Exploits0

RedhatCVE•added 2026/04/20 7:23 p.m.•3 views

CVE-2026-6048

The Flipbox Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flipbox widget's button URL customattributes field in all versions up to, and including, 2.1.1 due to insufficient validation of custom attribute names. Specifically, the plugin uses eschtml ...

6.4CVSS5.9AI score0.00014EPSS

Exploits0References1

Patchstack•added 2026/04/19 11:22 p.m.•5 views

WordPress Flipbox Addon for Elementor plugin <= 2.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Attributes vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Custom Attributes vulnerability discovered by WordFence in WordPress Plugin Ultimate Flipbox Addon for Elementor versions = 2.0.8...

6.4CVSS5.8AI score0.00014EPSS

Exploits0References1Affected Software1

NVD•added 2026/04/18 5:16 a.m.•2 views

CVE-2026-6048

6.4CVSS0.00014EPSS

Exploits0References5

CVE•added 2026/04/18 3:37 a.m.•12 views

CVE-2026-6048

The Flipbox Addon for Elementor (WordPress) contains a Stored Cross-Site Scripting (XSS) vulnerability in the Flipbox widget button URL parameter custom_attributes. In versions up to 2.1.1, it validates attribute names with esc_html(), which does not block event handler attributes (e.g., onmouseo...

6.4CVSS5.9AI score0.00014EPSS

Exploits0References5

ATTACKERKB•added 2026/04/18 3:37 a.m.•3 views

CVE-2026-6048

6.4CVSS5.9AI score0.00014EPSS

Exploits0References6

EUVD•added 2026/04/18 3:37 a.m.•2 views

EUVD-2026-23652

6.4CVSS5.9AI score0.00014EPSS

Exploits0References5

Vulnrichment•added 2026/04/18 3:37 a.m.•2 views

CVE-2026-6048 Flipbox Addon for Elementor <= 2.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Attributes

6.4CVSS5.9AI score0.00014EPSS

Exploits0References5

Cvelist•added 2026/04/18 3:37 a.m.•22 views

CVE-2026-6048 Flipbox Addon for Elementor <= 2.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Attributes

6.4CVSS0.00014EPSS

Exploits0References5

Positive Technologies•added 2026/04/18 12:0 a.m.•3 views

PT-2026-33589

The Flipbox Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flipbox widget's button URL custom attributes field in all versions up to, and including, 2.1.1 due to insufficient validation of custom attribute names. Specifically, the plugin uses esc htm...

6.4CVSS5.9AI score0.00014EPSS

Exploits0References6

CNNVD•added 2026/04/18 12:0 a.m.•4 views

WordPress plugin Flipbox Addon for Elementor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.4CVSS5.9AI score0.00014EPSS

Exploits0References2

RedhatCVE•added 2026/01/09 9:6 a.m.•5 views

CVE-2024-34572

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemePrix Fancy Elementor Flipbox fancy-elementor-flipbox allows Stored XSS.This issue affects Fancy Elementor Flipbox: from n/a through 2.4.2...

6.5CVSS5.2AI score0.00242EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2018-7670

Malware in sbrugna...

7.5CVSS7.6AI score0.00999EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-26930