Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3423 matches found

EUVD
EUVDadded 2026/04/22 9:31 a.m.0 views

EUVD-2026-24638

The Private WP suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Exceptions' setting in all versions up to, and including, 0.4.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.8AI score0.00011EPSS
Exploits0References4
EUVD
EUVDadded 2026/04/22 9:31 a.m.1 views

EUVD-2026-24634

The HTTP Headers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.19.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...

4.4CVSS5.8AI score0.00009EPSS
Exploits0References4
EUVD
EUVDadded 2026/04/22 9:31 a.m.1 views

EUVD-2026-24635

The Real Estate Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...

5.5CVSS5.8AI score0.0001EPSS
Exploits0References3
EUVD
EUVDadded 2026/04/22 9:31 a.m.0 views

EUVD-2026-24636

The Institute Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Enquiry Form Title' setting in all versions up to, and including, 5.5. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.8AI score0.00011EPSS
Exploits0References4
NVD
NVDadded 2026/04/22 9:16 a.m.0 views

CVE-2026-3362

The Short Comment Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Minimum Count' settings field in all versions up to and including 2.2. This is due to insufficient input sanitization no sanitize callback on registersetting and missing output escaping no escattr ...

4.4CVSS0.00026EPSS
Exploits0References9
NVD
NVDadded 2026/04/22 9:16 a.m.0 views

CVE-2026-2714

The Institute Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Enquiry Form Title' setting in all versions up to, and including, 5.5. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.00011EPSS
Exploits0References3
NVD
NVDadded 2026/04/22 9:16 a.m.1 views

CVE-2026-1379

The HTTP Headers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.19.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...

4.4CVSS0.00009EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/04/22 7:45 a.m.0 views

CVE-2026-2719 Private WP suite <= 0.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Exceptions' Setting

The Private WP suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Exceptions' setting in all versions up to, and including, 0.4.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.8AI score0.00011EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/04/22 7:45 a.m.25 views

CVE-2026-2719 Private WP suite <= 0.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Exceptions' Setting

The Private WP suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Exceptions' setting in all versions up to, and including, 0.4.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.00011EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/04/22 7:45 a.m.0 views

CVE-2026-2719

The Private WP suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Exceptions' setting in all versions up to, and including, 0.4.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.8AI score0.00011EPSS
Exploits0References4
CVE
CVEadded 2026/04/22 7:45 a.m.3 views

CVE-2026-2719

Vulnerability summary: The Private WP suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Exceptions' setting in all versions up to 0.4.1 due to insufficient input sanitization and output escaping. Attack requirements: Authenticated attackers with Administrator-level ...

4.4CVSS5.8AI score0.00011EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/04/22 7:45 a.m.2 views

CVE-2026-3362

The Short Comment Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Minimum Count' settings field in all versions up to and including 2.2. This is due to insufficient input sanitization no sanitize callback on registersetting and missing output escaping no escattr ...

4.4CVSS5.9AI score0.00026EPSS
Exploits0References10
Vulnrichment
Vulnrichmentadded 2026/04/22 7:45 a.m.0 views

CVE-2026-3362 Short Comment Filter <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Minimum Count' Setting

The Short Comment Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Minimum Count' settings field in all versions up to and including 2.2. This is due to insufficient input sanitization no sanitize callback on registersetting and missing output escaping no escattr ...

4.4CVSS5.9AI score0.00026EPSS
Exploits0References9
CVE
CVEadded 2026/04/22 7:45 a.m.2 views

CVE-2026-3362

The CVE-2026-3362 entry affects the WordPress Short Comment Filter plugin (versions up to 2.2). The vulnerability is a Stored Cross-Site Scripting (Stored XSS) via the Minimum Count settings field. Root cause: insufficient input sanitization (no sanitize callback on register_setting) and missing ...

4.4CVSS5.9AI score0.00026EPSS
Exploits0References9
Cvelist
Cvelistadded 2026/04/22 7:45 a.m.21 views

CVE-2026-2714 Institute Management <= 5.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Enquiry Form Title' Setting

The Institute Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Enquiry Form Title' setting in all versions up to, and including, 5.5. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.00011EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/04/22 7:45 a.m.0 views

CVE-2026-2714 Institute Management <= 5.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Enquiry Form Title' Setting

The Institute Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Enquiry Form Title' setting in all versions up to, and including, 5.5. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.8AI score0.00011EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/04/22 7:45 a.m.1 views

CVE-2026-2714

The Institute Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Enquiry Form Title' setting in all versions up to, and including, 5.5. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.8AI score0.00011EPSS
Exploits0References4
CVE
CVEadded 2026/04/22 7:45 a.m.2 views

CVE-2026-2714

CVE-2026-2714 affects the Institute Management plugin for WordPress (up to version 5.5). The vulnerability is a stored cross-site scripting issue in the Enquiry Form Title setting caused by insufficient input sanitization and output escaping. Exploitation requires authenticated access at Administ...

4.4CVSS5.8AI score0.00011EPSS
Exploits0References3
CVE
CVEadded 2026/04/22 7:45 a.m.6 views

CVE-2026-1845

CVE-2026-1845 concerns the WordPress plugin Real Estate Pro (

5.5CVSS5.8AI score0.0001EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/04/22 7:45 a.m.27 views

CVE-2026-1845 Real Estate Pro <= 1.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting via Settings

The Real Estate Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...

5.5CVSS0.0001EPSS
Exploits0References2
Rows per page
Query Builder