Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3423 matches found

ATTACKERKB
ATTACKERKBadded 2026/05/02 5:29 a.m.1 views

CVE-2026-6447

The Call for Price for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS6AI score0.00011EPSS
Exploits0References7
EUVD
EUVDadded 2026/05/02 5:29 a.m.2 views

EUVD-2026-26746

The Call for Price for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS6AI score0.00011EPSS
Exploits0References6
NVD
NVDadded 2026/05/02 5:16 a.m.2 views

CVE-2026-7641

The Import and export users and customers plugin for WordPress is vulnerable to Privilege Escalation in all versions up to and including 2.0.8 via the saveextrauserprofilefields function. This is due to an incomplete blocklist that correctly restricts capability meta keys for the primary site e.g...

8.8CVSS0.0003EPSS
Exploits0References14
CVE
CVEadded 2026/05/02 4:27 a.m.12 views

CVE-2026-7641

The WordPress plugin Import and export users and customers (versions ≤ 2.0.8) is vulnerable to Privilege Escalation. The root cause is an incomplete blocklist for multisite capability meta keys: primary-site keys (e.g., wp_capabilities, wp_user_level) are blocked, but multisite keys (e.g., wp_2_c...

8.8CVSS5.7AI score0.0003EPSS
Exploits0References14
Vulnrichment
Vulnrichmentadded 2026/05/02 4:27 a.m.2 views

CVE-2026-7641 Import and export users and customers <= 2.0.8 - Authenticated (Subscriber+) Privilege Escalation via Multisite Capability Meta Fields

The Import and export users and customers plugin for WordPress is vulnerable to Privilege Escalation in all versions up to and including 2.0.8 via the saveextrauserprofilefields function. This is due to an incomplete blocklist that correctly restricts capability meta keys for the primary site e.g...

8.8CVSS5.7AI score0.0003EPSS
Exploits0References14
EUVD
EUVDadded 2026/05/02 4:27 a.m.3 views

EUVD-2026-26740

The Import and export users and customers plugin for WordPress is vulnerable to Privilege Escalation in all versions up to and including 2.0.8 via the saveextrauserprofilefields function. This is due to an incomplete blocklist that correctly restricts capability meta keys for the primary site e.g...

8.8CVSS5.7AI score0.0003EPSS
Exploits0References14
Cvelist
Cvelistadded 2026/05/02 4:27 a.m.24 views

CVE-2026-7641 Import and export users and customers <= 2.0.8 - Authenticated (Subscriber+) Privilege Escalation via Multisite Capability Meta Fields

The Import and export users and customers plugin for WordPress is vulnerable to Privilege Escalation in all versions up to and including 2.0.8 via the saveextrauserprofilefields function. This is due to an incomplete blocklist that correctly restricts capability meta keys for the primary site e.g...

8.8CVSS0.0003EPSS
Exploits0References14
ATTACKERKB
ATTACKERKBadded 2026/05/02 4:27 a.m.0 views

CVE-2026-7641

The Import and export users and customers plugin for WordPress is vulnerable to Privilege Escalation in all versions up to and including 2.0.8 via the saveextrauserprofilefields function. This is due to an incomplete blocklist that correctly restricts capability meta keys for the primary site e.g...

8.8CVSS5.7AI score0.0003EPSS
Exploits0References15
Positive Technologies
Positive Technologiesadded 2026/05/02 12:0 a.m.1 views

PT-2026-36572

Name of the Vulnerable Software and Affected Versions Import and export users and customers plugin for WordPress versions prior to 2.0.9 Description An issue exists in the save extra user profile fields function where an incomplete blocklist fails to restrict capability meta keys for subsites in ...

8.8CVSS5.8AI score0.0003EPSS
Exploits0References20
Positive Technologies
Positive Technologiesadded 2026/05/02 12:0 a.m.1 views

PT-2026-36578

The Call for Price for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS6AI score0.00011EPSS
Exploits0References7
RedhatCVE
RedhatCVEadded 2026/04/23 8:38 p.m.0 views

CVE-2026-2719

The Private WP suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Exceptions' setting in all versions up to, and including, 0.4.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.8AI score0.00011EPSS
Exploits0References1
EUVD
EUVDadded 2026/04/23 9:32 a.m.1 views

EUVD-2026-25197

The reCaptcha by WebDesignBy WordPress plugin before 2.0 does not sanitize or escape the Site Key setting before outputting it in a JavaScript string context via the grecaptchajs function. This allows administrators on multisite installations who do not have the unfilteredhtml capability to injec...

3.5CVSS5.9AI score0.0001EPSS
Exploits0References2
NVD
NVDadded 2026/04/23 7:16 a.m.0 views

CVE-2026-4512

The reCaptcha by WebDesignBy WordPress plugin before 2.0 does not sanitize or escape the Site Key setting before outputting it in a JavaScript string context via the grecaptchajs function. This allows administrators on multisite installations who do not have the unfilteredhtml capability to injec...

3.5CVSS0.0001EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/04/23 6:0 a.m.1 views

CVE-2026-4512 WP reCaptcha by WebDesignBy < 2.0 – Admin+ Stored XSS

The reCaptcha by WebDesignBy WordPress plugin before 2.0 does not sanitize or escape the Site Key setting before outputting it in a JavaScript string context via the grecaptchajs function. This allows administrators on multisite installations who do not have the unfilteredhtml capability to injec...

5.9AI score0.0001EPSS
Exploits0References1
CVE
CVEadded 2026/04/23 6:0 a.m.6 views

CVE-2026-4512

The CVE-2026-4512 entry concerns the WordPress plugin “reCaptcha by WebDesignBy” (before version 2.0). The root cause is the plugin’s Site Key setting not being sanitized/escaped before being output in a JavaScript string context via grecaptcha_js(), enabling stored XSS on multisite installations...

3.5CVSS5.9AI score0.0001EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/04/23 6:0 a.m.1 views

CVE-2026-4512

The reCaptcha by WebDesignBy WordPress plugin before 2.0 does not sanitize or escape the Site Key setting before outputting it in a JavaScript string context via the grecaptchajs function. This allows administrators on multisite installations who do not have the unfilteredhtml capability to injec...

5.9AI score0.0001EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/04/23 6:0 a.m.22 views

CVE-2026-4512 WP reCaptcha by WebDesignBy < 2.0 – Admin+ Stored XSS

The reCaptcha by WebDesignBy WordPress plugin before 2.0 does not sanitize or escape the Site Key setting before outputting it in a JavaScript string context via the grecaptchajs function. This allows administrators on multisite installations who do not have the unfilteredhtml capability to injec...

0.0001EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/04/23 12:0 a.m.1 views

PT-2026-34643

Name of the Vulnerable Software and Affected Versions reCaptcha by WebDesignBy WordPress plugin versions prior to 2.0 Description The plugin fails to sanitize or escape the Site Key setting before it is output within a JavaScript string context through the grecaptcha js function. This allows...

3.5CVSS6AI score0.0001EPSS
Exploits0References4
EUVD
EUVDadded 2026/04/22 9:31 p.m.0 views

EUVD-2026-22776

The List View Google Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the event description in all versions up to, and including, 7.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.9AI score0.00012EPSS
Exploits0References3
EUVD
EUVDadded 2026/04/22 9:31 a.m.2 views

EUVD-2026-24642

The Short Comment Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Minimum Count' settings field in all versions up to and including 2.2. This is due to insufficient input sanitization no sanitize callback on registersetting and missing output escaping no escattr ...

4.4CVSS5.9AI score0.00026EPSS
Exploits0References10
Rows per page
Query Builder