CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3426 matches found

RedhatCVE•added 2026/01/15 7:23 a.m.•3 views

CVE-2026-0734

The WP Allowed Hosts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'allowed-hosts' parameter in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5AI score0.00048EPSS

Exploits0References1

RedhatCVE•added 2026/01/15 6:22 a.m.•2 views

CVE-2025-14725

The Internal Link Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS5AI score0.0004EPSS

Exploits0References1

RedhatCVE•added 2026/01/15 6:21 a.m.•3 views

CVE-2025-14379

The Testimonials Creator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject...

4.4CVSS5.2AI score0.00011EPSS

Exploits0References1

RedhatCVE•added 2026/01/15 6:21 a.m.•1 views

CVE-2026-0680

The Real Post Slider Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS5AI score0.00048EPSS

Exploits0References1

RedhatCVE•added 2026/01/15 6:21 a.m.•1 views

CVE-2025-15021

The Gotham Block Extra Light plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS5AI score0.00039EPSS

Exploits0References1

NVD•added 2026/01/14 7:16 a.m.•2 views

CVE-2026-0734

4.4CVSS0.00048EPSS

Exploits0References3

EUVD•added 2026/01/14 6:40 a.m.•3 views

EUVD-2026-2524

4.4CVSS4.6AI score0.00048EPSS

Exploits0References4

CVE•added 2026/01/14 6:40 a.m.•6 views

CVE-2026-0734

The CVE-2026-0734 entry concerns WordPress WP Allowed Hosts (

4.4CVSS4.7AI score0.00048EPSS

Exploits0References3

Cvelist•added 2026/01/14 6:40 a.m.•23 views

CVE-2026-0734 WP Allowed Hosts <= 1.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'allowed-hosts' Parameter

4.4CVSS0.00048EPSS

Exploits0References3

Vulnrichment•added 2026/01/14 6:40 a.m.•2 views

CVE-2026-0734 WP Allowed Hosts <= 1.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'allowed-hosts' Parameter

4.4CVSS4.7AI score0.00048EPSS

Exploits0References3

NVD•added 2026/01/14 6:15 a.m.•1 views

CVE-2025-15486

The Kunze Law plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's shortcode in all versions up to, and including, 2.1 due to the plugin fetching HTML content from a remote server and injecting it into pages without any sanitization or escaping. This makes it possible fo...

4.4CVSS0.00048EPSS

Exploits0References3

NVD•added 2026/01/14 6:15 a.m.•2 views

CVE-2025-14725

4.4CVSS0.0004EPSS

Exploits0References2

NVD•added 2026/01/14 6:15 a.m.•2 views

CVE-2025-15021

4.4CVSS0.00039EPSS

Exploits0References3

NVD•added 2026/01/14 6:15 a.m.•2 views

CVE-2025-14379