CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2 days ago•34 views

CVE-2025-5085 wp-nano-ad <= 1.31 - Authenticated (Administrator+) Stored Cross-Site Scripting via blogrole_link Parameter

The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blogrolelink’ parameter in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.5CVSS0.00028EPSS

EUVD•added 2026/05/27 9:27 a.m.•4 views

EUVD-2026-32176

The myLinksDump plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'linktitle' parameter in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access...

4.8CVSS6AI score0.00032EPSS

Vulnrichment•added 2026/05/27 9:27 a.m.•5 views

CVE-2026-2288 myLinksDump <= 1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'link_title' Parameter

4.8CVSS6AI score0.00032EPSS

Cvelist•added 2026/05/27 9:27 a.m.•22 views

CVE-2026-3348 MinhNhut Link Gateway <= 3.6.1 - Authenticated (Admin+) Stored Cross-Site Scripting via Plugin Settings

The MinhNhut Link Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings Description, Title, and other fields in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

4.4CVSS0.00035EPSS

Exploits0References3

CVE•added 2026/05/27 9:27 a.m.•7 views

CVE-2026-2280

CVE-2026-2280 affects the WordPress plugin rexCrawler, all versions up to and including 1.0.15. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw in admin/settings that arises from insufficient input sanitization and output escaping. Exploitation requires authenticated access at admin...

4.8CVSS6AI score0.00025EPSS

Cvelist•added 2026/05/13 4:26 a.m.•28 views

CVE-2025-9989 Broadstreet <= 1.53.1 - Authenticated (Admin+) Stored Cross-Site Scripting

The Broadstreet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.53.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.4CVSS0.00029EPSS

EUVD•added 2026/05/12 12:32 p.m.•6 views

EUVD-2026-29443

The FastBots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS6AI score0.0003EPSS

Exploits0References6

EUVD•added 2026/04/22 9:31 p.m.•0 views

EUVD-2026-22776

The List View Google Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the event description in all versions up to, and including, 7.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

EUVD•added 2026/04/22 9:31 a.m.•0 views

Exploits0References3

EUVD-2026-24638

The Private WP suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Exceptions' setting in all versions up to, and including, 0.4.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.8AI score0.00011EPSS

NVD•added 2026/04/22 9:16 a.m.•0 views

CVE-2026-3362

The Short Comment Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Minimum Count' settings field in all versions up to and including 2.2. This is due to insufficient input sanitization no sanitize callback on registersetting and missing output escaping no escattr ...

4.4CVSS0.00026EPSS

Exploits0References9

ATTACKERKB•added 2026/04/22 7:45 a.m.•1 views

CVE-2026-1379

The HTTP Headers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.19.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...

4.4CVSS5.8AI score0.00009EPSS

Positive Technologies•added 2026/04/22 12:0 a.m.•1 views

PT-2026-34273

Name of the Vulnerable Software and Affected Versions Private WP suite versions prior to 0.4.2 Description The Private WP suite plugin for WordPress contains a Stored Cross-Site Scripting issue within the 'Exceptions' setting. This occurs because of insufficient input sanitization and output...

4.4CVSS5.9AI score0.00011EPSS

Exploits0References6

Positive Technologies•added 2026/04/22 12:0 a.m.•1 views

PT-2026-34269

Name of the Vulnerable Software and Affected Versions Real Estate Pro versions prior to 1.1.0 Description The Real Estate Pro plugin for WordPress contains a Stored Cross-Site Scripting issue within the admin settings. This occurs because of insufficient input sanitization and output escaping,...

5.5CVSS5.9AI score0.0001EPSS

RedhatCVE•added 2026/04/16 7:22 p.m.•1 views

CVE-2026-2396

NVD•added 2026/04/15 4:17 a.m.•0 views

Exploits0References1

CVE-2026-2396

4.4CVSS0.00012EPSS

Vulnrichment•added 2026/04/14 11:26 p.m.•0 views

CVE-2026-2396 List View Google Calendar <= 7.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via Event Description

ATTACKERKB•added 2026/04/14 11:26 p.m.•0 views

CVE-2026-2396

Vulnrichment•added 2026/04/14 3:37 a.m.•0 views

Exploits0References3

CVE-2026-4479 WholeSale Products Dynamic Pricing Management WooCommerce <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings

The WholeSale Products Dynamic Pricing Management WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.4CVSS5.9AI score0.00031EPSS