CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3423 matches found

EUVD•added 2026/05/27 9:27 a.m.•4 views

EUVD-2026-32176

The myLinksDump plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'linktitle' parameter in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access...

4.8CVSS6AI score0.00032EPSS

Exploits0References5

CVE•added 2026/05/27 9:27 a.m.•9 views

CVE-2026-3348

Summary: CVE-2026-3348 affects the MinhNhut Link Gateway WordPress plugin up to version 3.6.1. The issue is a Stored Cross-Site Scripting flaw caused by insufficient input sanitization and output escaping in plugin settings (Description, Title, and other fields). Exploitation requires authenticat...

4.4CVSS6AI score0.00035EPSS

Exploits0References3

Vulnrichment•added 2026/05/27 9:27 a.m.•5 views

CVE-2026-2288 myLinksDump <= 1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'link_title' Parameter

4.8CVSS6AI score0.00032EPSS

Exploits0References5

Cvelist•added 2026/05/27 9:27 a.m.•22 views

CVE-2026-3348 MinhNhut Link Gateway <= 3.6.1 - Authenticated (Admin+) Stored Cross-Site Scripting via Plugin Settings

The MinhNhut Link Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings Description, Title, and other fields in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

4.4CVSS0.00035EPSS

Exploits0References3

Vulnrichment•added 2026/05/27 9:27 a.m.•6 views

CVE-2026-3348 MinhNhut Link Gateway <= 3.6.1 - Authenticated (Admin+) Stored Cross-Site Scripting via Plugin Settings

4.4CVSS6AI score0.00035EPSS

Exploits0References3

CVE•added 2026/05/27 9:27 a.m.•9 views

CVE-2026-2288

CVE-2026-2288 affects the WordPress plugin myLinksDump (versions up to 1.6). The vulnerability is a Stored Cross-Site Scripting flaw triggered by the attack vector through the public-facing parameter 'link_title', caused by insufficient input sanitization and output escaping. Authentication requi...

4.8CVSS6AI score0.00032EPSS

Exploits0References5

EUVD•added 2026/05/27 9:27 a.m.•6 views

EUVD-2026-32174

4.4CVSS6AI score0.00035EPSS

Exploits0References3

ATTACKERKB•added 2026/05/27 9:27 a.m.•3 views

CVE-2026-2280

The rexCrawler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.8CVSS6AI score0.00025EPSS

Exploits0References6

Cvelist•added 2026/05/27 9:27 a.m.•22 views

CVE-2026-2280 rexCrawler <= 1.0.15 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings

4.8CVSS0.00025EPSS

Exploits0References5

Vulnrichment•added 2026/05/27 9:27 a.m.•7 views

CVE-2026-2280 rexCrawler <= 1.0.15 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings

4.8CVSS6AI score0.00025EPSS

Exploits0References5

EUVD•added 2026/05/27 9:27 a.m.•5 views

EUVD-2026-32173

4.8CVSS6AI score0.00025EPSS

Exploits0References5

CVE•added 2026/05/27 9:27 a.m.•7 views

CVE-2026-2280

CVE-2026-2280 affects the WordPress plugin rexCrawler, all versions up to and including 1.0.15. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw in admin/settings that arises from insufficient input sanitization and output escaping. Exploitation requires authenticated access at admin...

4.8CVSS6AI score0.00025EPSS

Exploits0References5

Positive Technologies•added 2026/05/27 12:0 a.m.•5 views

PT-2026-43633

4.8CVSS6AI score0.00025EPSS

Exploits0References6

Positive Technologies•added 2026/05/27 12:0 a.m.•4 views

PT-2026-43634

The myLinksDump plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link title' parameter in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level acces...

4.8CVSS6AI score0.00032EPSS

Exploits0References6

Positive Technologies•added 2026/05/27 12:0 a.m.•6 views

PT-2026-43635

4.4CVSS6AI score0.00035EPSS

Exploits0References4

NVD•added 2026/05/14 1:16 p.m.•7 views

CVE-2026-4029

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized database export in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check. This makes it possible for unauthenticated attackers to...

7.5CVSS0.00077EPSS

Exploits0References5

NVD•added 2026/05/14 1:16 p.m.•7 views

CVE-2026-4030

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized arbitrary file read and deletion in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check combined with a user-controlled backup...

8.1CVSS0.0019EPSS

Exploits0References6

Cvelist•added 2026/05/14 12:32 p.m.•31 views

CVE-2026-4029 Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Database Export

7.5CVSS0.00077EPSS

Exploits0References5

Vulnrichment•added 2026/05/14 12:32 p.m.•4 views

CVE-2026-4030 Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Arbitrary File Read and Deletion

8.1CVSS5.9AI score0.0019EPSS

Exploits0References6

CVE•added 2026/05/14 12:32 p.m.•5 views

CVE-2026-4030

The vulnerability CVE-2026-4030 affects the Database Backup for WordPress plugin for WordPress (all versions up to 2.5.2). The root cause is the plugin not properly enforcing the return value of its authorization check when combined with a user-controlled backup directory parameter, enabling unau...

8.1CVSS5.9AI score0.0019EPSS

Exploits0References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by