CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3426 matches found

Cvelist•added 2026/03/07 7:22 a.m.•26 views

CVE-2026-1071 Carta Online <= 2.13.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings

The Carta Online plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.13.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...

4.4CVSS0.00032EPSS

Exploits0References3

Vulnrichment•added 2026/03/07 7:22 a.m.•0 views

CVE-2026-1071 Carta Online <= 2.13.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings

4.4CVSS5.9AI score0.00032EPSS

Exploits0References3

CVE•added 2026/03/07 7:22 a.m.•5 views

CVE-2026-1071

CVE-2026-1071 concerns the Carta Online WordPress plugin. The Wordfence article and CVE entry agree on a vulnerability class of Stored Cross-Site Scripting via plugin settings in versions up to 2.13.0, caused by insufficient input sanitization and output escaping. The impact is that an attacker w...

4.4CVSS5.9AI score0.00032EPSS

Exploits0References3

EUVD•added 2026/03/07 3:30 a.m.•2 views

EUVD-2026-10103

The MailArchiver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.8CVSS5.9AI score0.00033EPSS

Exploits0References9

EUVD•added 2026/03/07 3:30 a.m.•3 views

EUVD-2026-10104

The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.26.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...

4.8CVSS5.9AI score0.00029EPSS

Exploits0References5

NVD•added 2026/03/07 2:16 a.m.•1 views

CVE-2026-2722

4.8CVSS0.00029EPSS

Exploits0References4

OSV•added 2026/03/07 2:16 a.m.•0 views

CVE-2026-2721

4.8CVSS5.9AI score

Exploits0References8

NVD•added 2026/03/07 2:16 a.m.•2 views

CVE-2026-2721

4.8CVSS0.00033EPSS

Exploits0References8

Vulnrichment•added 2026/03/07 1:21 a.m.•1 views

CVE-2026-2722 Stock Ticker <= 3.26.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Template

4.8CVSS5.9AI score0.00029EPSS

Exploits0References4

ATTACKERKB•added 2026/03/07 1:21 a.m.•0 views

CVE-2026-2722

4.8CVSS5.9AI score0.00029EPSS

Exploits0References5

Cvelist•added 2026/03/07 1:21 a.m.•30 views

CVE-2026-2722 Stock Ticker <= 3.26.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Template

4.8CVSS0.00029EPSS

Exploits0References4

CVE•added 2026/03/07 1:21 a.m.•5 views

CVE-2026-2722

The CVE-2026-2722 entry refers to the WordPress Stock Ticker plugin (versions up to and including 3.26.1) being vulnerable to Stored Cross-Site Scripting via admin settings/Templates, exploitable by authenticated administrators (and higher) on multi-site setups where unfiltered_html is disabled. ...

4.8CVSS5.9AI score0.00029EPSS

Exploits0References4

Cvelist•added 2026/03/07 1:21 a.m.•23 views

CVE-2026-2721 MailArchiver <= 4.4.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings

4.8CVSS0.00033EPSS

Exploits0References8

Vulnrichment•added 2026/03/07 1:21 a.m.•0 views

CVE-2026-2721 MailArchiver <= 4.4.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings

4.8CVSS5.9AI score0.00033EPSS

Exploits0References8

ATTACKERKB•added 2026/03/07 1:21 a.m.•1 views

CVE-2026-2721

4.8CVSS5.9AI score0.00033EPSS

Exploits0References9

Positive Technologies•added 2026/03/07 12:0 a.m.•4 views

PT-2026-23819

4.8CVSS5.9AI score0.00029EPSS

Exploits0References5

Positive Technologies•added 2026/03/07 12:0 a.m.•2 views

PT-2026-23833

4.4CVSS5.9AI score0.00032EPSS

Exploits0References4

Positive Technologies•added 2026/03/07 12:0 a.m.•4 views

PT-2026-23818

4.8CVSS5.9AI score0.00033EPSS

Exploits0References9

RedhatCVE•added 2026/03/05 1:57 a.m.•2 views

CVE-2026-2289

The Taskbuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS5.9AI score0.00011EPSS

Exploits0References1

RedhatCVE•added 2026/03/05 1:57 a.m.•1 views

CVE-2026-2292

The Morkva UA Shipping plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS5.9AI score0.0001EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by