CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/05/27 7:45 a.m.•7 views

EUVD-2026-32114

ATTACKERKB•added 2026/05/27 7:45 a.m.•8 views

CVE-2026-3001

CVE•added 2026/05/27 7:45 a.m.•16 views

Exploits0References4

CVE-2026-3001

The CWE: CVE-2026-3001 affects the Gutenverse WordPress plugin, up to version 3.4.6. The vulnerability is a Reflected Cross-Site Scripting (XSS) in the search title block: render_content() echoes get_query_var('s') directly into HTML without escaping, enabling an attacker to craft a URL that inje...

CNNVD•added 2026/05/27 12:0 a.m.•7 views

WordPress plugin Gutenverse 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.1CVSS5.7AI score0.00204EPSS

Positive Technologies•added 2026/05/27 12:0 a.m.•9 views

PT-2026-43544

The Gutenverse plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 3.4.6 due to insufficient input sanitization and output escaping. Specifically, the render content method in class-search-result-title.php outputs the...

RedhatCVE•added 2026/05/06 8:21 p.m.•6 views

Exploits0References4

CVE-2026-2868

The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'separatorIconSVG' parameter in versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping. This makes it possible for...

RedhatCVE•added 2026/05/06 8:21 p.m.•6 views

Exploits0References1

CVE-2026-2948

The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.5.3 via the importimages function. This makes it possible for authenticated attackers, with contributor-level access and above, t...

6.4CVSS5.9AI score0.00151EPSS

Exploits0References1

NVD•added 2026/05/05 4:16 a.m.•4 views

CVE-2026-2948

6.4CVSS0.00151EPSS

ATTACKERKB•added 2026/05/05 3:37 a.m.•1 views

CVE-2026-2948

6.4CVSS5.9AI score0.00151EPSS

CVE•added 2026/05/05 3:37 a.m.•12 views

CVE-2026-2948

The vulnerability CVE-2026-2948 affects the Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress (versions ≤ 3.5.3). It permits Server-Side Request Forgery via the import_images() function, exploitable by authenticated users with contributor-level access or higher. T...

6.4CVSS5.9AI score0.00151EPSS

EUVD•added 2026/05/05 3:31 a.m.•5 views

EUVD-2026-27171

NVD•added 2026/05/05 3:15 a.m.•6 views

CVE-2026-2868

6.4CVSS0.00152EPSS

ATTACKERKB•added 2026/05/05 2:26 a.m.•3 views

CVE-2026-2868

CVE•added 2026/05/05 2:26 a.m.•9 views

CVE-2026-2868

The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress (versions up to 3.5.3) is vulnerable to Stored Cross-Site Scripting via the 'separatorIconSVG' parameter due to insufficient input sanitization and output escaping. Authenticated attackers with contributor-leve...

Cvelist•added 2026/05/05 2:26 a.m.•36 views

CVE-2026-2868 Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem <= 3.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'separatorIconSVG'

6.4CVSS0.00152EPSS

CNNVD•added 2026/05/05 12:0 a.m.•7 views

WordPress plugin Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem 代码问题漏洞

6.4CVSS6AI score0.00151EPSS

CNNVD•added 2026/05/05 12:0 a.m.•10 views

WordPress plugin Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem 跨站脚本漏洞

6.4CVSS5.7AI score0.00152EPSS