CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

120 matches found

NVD•added 2026/02/25 7:16 a.m.•2 views

CVE-2026-1614

The Rise Blocks – A Complete Gutenberg Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘logoTag’ Site Identity block attribute in all versions up to, and including, 3.7 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00043EPSS

Exploits0References2

Vulnrichment•added 2026/02/19 4:36 a.m.•1 views

CVE-2025-13842 Breadcrumb NavXT <= 7.5.0 - Missing Authorization to Sensitive Information Exposure

The Breadcrumb NavXT plugin for WordPress is vulnerable to authorization bypass through user-controlled key in versions up to and including 7.5.0. This is due to the Gutenberg block renderer trusting the $REQUEST'postid' parameter without verification in the...

5.3CVSS5.5AI score0.00053EPSS

Exploits0References3

Positive Technologies•added 2026/02/19 12:0 a.m.•3 views

PT-2026-20795

The Dealia – Request a Quote plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Gutenberg block attributes in all versions up to, and including, 1.0.6. This is due to the use of wp kses for output escaping within HTML attribute contexts where esc attr is required. This makes it...

6.4CVSS5.7AI score0.00048EPSS

Exploits0References5

RedhatCVE•added 2026/01/13 10:53 p.m.•1 views

CVE-2025-14506

The ConvertForce Popup Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Gutenberg block's entranceanimation attribute in all versions up to, and including, 0.0.7. This is due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5AI score0.00055EPSS

Exploits0References1

Cvelist•added 2026/01/10 11:22 a.m.•19 views

CVE-2025-14506 ConvertForce Popup Builder <= 0.0.7 - Stored Cross-Site Scripting via entrance_animation

6.4CVSS0.00055EPSS

Exploits0References4

CVE•added 2026/01/10 11:22 a.m.•10 views

CVE-2025-14506

CVE-2025-14506 affects the WordPress plugin ConvertForce Popup Builder (versions up to 0.0.7). The issue is Stored Cross-Site Scripting via the Gutenberg block’s entrance_animation attribute caused by insufficient input sanitization and output escaping. The vulnerability can be exploited by authe...

6.4CVSS4.7AI score0.00055EPSS

Exploits0References4

Positive Technologies•added 2026/01/10 12:0 a.m.•0 views

PT-2026-1744

Name of the Vulnerable Software and Affected Versions ConvertForce Popup Builder plugin for WordPress versions up to and including 0.0.7 Description The ConvertForce Popup Builder plugin for WordPress is susceptible to Stored Cross-Site Scripting. The issue stems from inadequate input sanitizatio...

6.4CVSS5.6AI score0.00055EPSS

Exploits0References10

CNNVD•added 2026/01/10 12:0 a.m.•1 views

WordPress plugin ConvertForce Popup Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS5.9AI score0.00055EPSS

Exploits0References5

RedhatCVE•added 2026/01/07 9:14 a.m.•4 views

CVE-2024-2794

The Gutenberg Block Editor Toolkit – EditorsKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'editorskit' shortcode in all versions up to, and including, 1.40.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...

6.4CVSS7.4AI score0.00256EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-11458

Malware in sbrugna...

8.8CVSS8.6AI score0.0097EPSS

Exploits2References2

EUVD•added 2025/10/03 8:7 p.m.•0 views

EUVD-2024-27738