CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2 days ago•3 views

CVE-2025-5085

5.5CVSS6AI score0.00028EPSS

Exploits0References5

Positive Technologies•added 2 days ago•5 views

PT-2026-45698

The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blogrole link’ parameter in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.5CVSS6AI score0.00028EPSS

Exploits0References5

ATTACKERKB•added 2026/05/27 9:27 a.m.•7 views

CVE-2026-3348

The MinhNhut Link Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings Description, Title, and other fields in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

4.4CVSS6AI score0.00035EPSS

CVE•added 2026/05/27 9:27 a.m.•9 views

CVE-2026-3348

Summary: CVE-2026-3348 affects the MinhNhut Link Gateway WordPress plugin up to version 3.6.1. The issue is a Stored Cross-Site Scripting flaw caused by insufficient input sanitization and output escaping in plugin settings (Description, Title, and other fields). Exploitation requires authenticat...

4.4CVSS6AI score0.00035EPSS

EUVD•added 2026/05/27 9:27 a.m.•6 views

EUVD-2026-32174

4.4CVSS6AI score0.00035EPSS

Positive Technologies•added 2026/05/27 12:0 a.m.•5 views

PT-2026-43633

The rexCrawler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.8CVSS6AI score0.00025EPSS

ATTACKERKB•added 2026/05/13 4:26 a.m.•4 views

CVE-2025-9989

The Broadstreet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.53.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.4CVSS6AI score0.00029EPSS

ATTACKERKB•added 2026/05/12 9:29 a.m.•1 views

CVE-2026-6813

The Continually plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS6AI score0.0003EPSS

ATTACKERKB•added 2026/05/12 9:29 a.m.•3 views

CVE-2026-6800

The FastBots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS6AI score0.0003EPSS

Positive Technologies•added 2026/05/12 12:0 a.m.•7 views

PT-2026-40002

4.4CVSS6AI score0.0003EPSS

NVD•added 2026/05/02 6:16 a.m.•3 views

CVE-2026-6447

The Call for Price for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.00011EPSS

Vulnrichment•added 2026/05/02 5:29 a.m.•3 views

CVE-2026-6447 Call for Price for WooCommerce <= 4.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Call for Price' Label Settings

4.4CVSS6AI score0.00011EPSS

CVE•added 2026/05/02 5:29 a.m.•5 views

CVE-2026-6447

The CVE-2026-6447 entry describes a Stored Cross-Site Scripting vulnerability in the Call for Price for WooCommerce plugin for WordPress, affecting all versions up to and including 4.2.0. The root cause is insufficient input sanitization and output escaping in admin settings, allowing authenticat...

4.4CVSS6AI score0.00011EPSS

ATTACKERKB•added 2026/05/02 5:29 a.m.•1 views

CVE-2026-6447

4.4CVSS6AI score0.00011EPSS

Exploits0References7

NVD•added 2026/04/22 9:16 a.m.•1 views

CVE-2026-2714

The Institute Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Enquiry Form Title' setting in all versions up to, and including, 5.5. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.00011EPSS

ATTACKERKB•added 2026/04/22 7:45 a.m.•0 views

CVE-2026-2719

The Private WP suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Exceptions' setting in all versions up to, and including, 0.4.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.8AI score0.00011EPSS

Cvelist•added 2026/04/22 7:45 a.m.•21 views

CVE-2026-2714 Institute Management <= 5.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Enquiry Form Title' Setting

4.4CVSS0.00011EPSS

ATTACKERKB•added 2026/04/22 7:45 a.m.•1 views

CVE-2026-2714

4.4CVSS5.8AI score0.00011EPSS

CVE•added 2026/04/22 7:45 a.m.•3 views

CVE-2026-2714

CVE-2026-2714 affects the Institute Management plugin for WordPress (up to version 5.5). The vulnerability is a stored cross-site scripting issue in the Enquiry Form Title setting caused by insufficient input sanitization and output escaping. Exploitation requires authenticated access at Administ...

4.4CVSS5.8AI score0.00011EPSS