CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1352 matches found

NVD•added 2026/05/27 11:16 a.m.•6 views

CVE-2026-3348

The MinhNhut Link Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings Description, Title, and other fields in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

4.4CVSS0.00035EPSS

Exploits0References3

ATTACKERKB•added 2026/05/27 9:27 a.m.•4 views

CVE-2026-2288

The myLinksDump plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'linktitle' parameter in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access...

4.8CVSS6AI score0.00032EPSS

Exploits0References6

EUVD•added 2026/05/12 12:32 p.m.•5 views

EUVD-2026-29444

The Continually plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS6AI score0.0003EPSS

Exploits0References6

NVD•added 2026/05/12 10:16 a.m.•5 views

CVE-2026-6813

4.4CVSS0.0003EPSS

Exploits0References5

NVD•added 2026/04/22 9:16 a.m.•1 views

CVE-2026-2719

The Private WP suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Exceptions' setting in all versions up to, and including, 0.4.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.00011EPSS

Exploits0References3

NVD•added 2026/04/22 9:16 a.m.•0 views

CVE-2026-1845

The Real Estate Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...

5.5CVSS0.0001EPSS

Exploits0References2

Vulnrichment•added 2026/04/16 5:29 a.m.•1 views

CVE-2026-3551 Custom New User Notification <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'User Mail Subject' Setting

The Custom New User Notification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's admin settings in all versions up to, and including, 1.2.0. This is due to insufficient input sanitization and output escaping on multiple settings fields including 'User Mail...

4.4CVSS5.9AI score0.00029EPSS

Exploits0References17

CNNVD•added 2026/04/16 12:0 a.m.•4 views

WordPress plugin My Calendar 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.8CVSS5.8AI score0.02306EPSS

Exploits0References1

CVE•added 2026/04/14 11:26 p.m.•3 views

CVE-2026-2396

The CVE affects the WordPress List View Google Calendar plugin (

4.4CVSS5.9AI score0.00012EPSS

Exploits0References2

Cvelist•added 2026/04/14 3:37 a.m.•23 views

CVE-2026-4479 WholeSale Products Dynamic Pricing Management WooCommerce <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings

The WholeSale Products Dynamic Pricing Management WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.4CVSS0.00031EPSS

Exploits0References2

EUVD•added 2026/04/14 3:37 a.m.•0 views

EUVD-2026-22219

4.4CVSS5.9AI score0.00031EPSS

Exploits0References2

CNVD•added 2026/04/10 12:0 a.m.•2 views

Discourse Information Disclosure Vulnerability (CNVD-2026-17250)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse has an information leakage vulnerability , the vulnerability stems from the discourse-subscriptions plugin leaks stripe API key...

5.3CVSS5.6AI score0.00048EPSS

Exploits0

RedhatCVE•added 2026/03/26 3:8 p.m.•1 views

CVE-2026-2277

The rexCrawler plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' and 'regex' parameters in the search-pattern tester page in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS5.9AI score0.00126EPSS

Exploits0References1

NVD•added 2026/03/21 4:16 a.m.•1 views

CVE-2026-2277

6.1CVSS0.00126EPSS

Exploits0References5

Vulnrichment•added 2026/03/21 3:27 a.m.•0 views

CVE-2026-4161 Review Map by RevuKangaroo <= 1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings

The Review Map by RevuKangaroo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

4.4CVSS5.9AI score0.00057EPSS

Exploits0References13

Positive Technologies•added 2026/03/21 12:0 a.m.•1 views

PT-2026-26854

The Wikilookup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Popup Width' setting in all versions up to, and including, 1.1.5. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.9AI score0.00039EPSS

Exploits0References4

Positive Technologies•added 2026/03/21 12:0 a.m.•0 views

PT-2026-26829

6.1CVSS5.9AI score0.00126EPSS

Exploits0References6

NVD•added 2026/03/20 9:16 a.m.•2 views

CVE-2026-2432

The CM Custom Reports – Flexible reporting to track what matters most plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

4.4CVSS0.0001EPSS

Exploits0References4

RedhatCVE•added 2026/03/08 1:44 a.m.•3 views

CVE-2026-2722

The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.26.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...

4.8CVSS5.9AI score0.00029EPSS

Exploits0References1

EUVD•added 2026/03/07 9:30 a.m.•2 views

EUVD-2026-10123

The Carta Online plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.13.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...

4.4CVSS5.9AI score0.00032EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by