CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

RedhatCVE•added 2026/01/09 11:10 a.m.•5 views

CVE-2016-10996

The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak...

5.3CVSS7.1AI score0.00157EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2016-1987

Malware in sbrugna...

5.3CVSS5.6AI score0.00157EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-32610

Malicious code in bioql PyPI...

6.4CVSS6.5AI score0.00176EPSS

Exploits0References3

Patchstack•added 2024/05/27 1:47 a.m.•4 views

WordPress OptinMonster plugin <= 2.16.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by wesley wcraft in WordPress Plugin OptinMonster versions = 2.16.1...

6.4CVSS5.7AI score0.00176EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2021/11/01 9:1 p.m.•5 views

CVE-2021-39341 OptinMonster <= 2.6.4 Unprotected REST-API Endpoints

The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the loggedinorhasapikey function in the /OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on sites with...

8.2CVSS7.7AI score0.44317EPSS

Exploits1References3

Positive Technologies•added 2021/10/29 12:0 a.m.•2 views

PT-2021-22548 · WordPress · Optinmonster

Name of the Vulnerable Software and Affected Versions: OptinMonster WordPress plugin versions up to, and including, 2.6.4 Description: The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation...

8.2CVSS8AI score0.44317EPSS

Exploits1References11

VulnCheck KEV•added 2021/10/27 12:0 a.m.•3 views

VulnCheck KEV: CVE-2021-39341

8.2CVSS7.2AI score0.44317EPSS

Exploits1References1

OSV•added 2021/09/20 8:15 p.m.•2 views

CVE-2021-39325

The OptinMonster WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input validation in the loadpreviews function found in the /OMAPI/Output.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.6.0...

6.1CVSS6.4AI score0.00186EPSS

Exploits0References2

Vulnrichment•added 2021/09/20 7:59 p.m.•5 views

CVE-2021-39325 OptinMonster <= 2.6.0 Reflected Cross-Site Scripting

6.1CVSS6.1AI score0.00186EPSS

Exploits0References2

CNNVD•added 2021/09/20 12:0 a.m.•2 views

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the...

6.1CVSS5.9AI score0.00186EPSS

Exploits0References4

OSV•added 2019/09/20 3:15 p.m.•2 views

CVE-2016-10996

The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak...

5.3CVSS5.8AI score

Exploits0References2