CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

39 matches found

NVD•added 2026/06/18 8:16 a.m.•11 views

CVE-2026-12136

The Customize My Account For Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sysbasicsuseravatar' shortcode in versions up to, and including, 4.3.6. This is due to insufficient input sanitization and output escaping on user supplied attributes minheight,...

6.4CVSS0.00193EPSS

Exploits0References5

NVD•added 2026/06/18 8:16 a.m.•8 views

CVE-2026-12137

The SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 4.3.6 due to insufficient input sanitization and output escaping. Thi...

6.1CVSS0.00211EPSS

Exploits0References4

EUVD•added 2026/06/18 6:50 a.m.•8 views

EUVD-2026-37861

The SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 4.3.6 due to insufficient input sanitization and output escaping. Thi...

6.1CVSS5.5AI score0.00211EPSS

Exploits0References4

CVE•added 2026/06/18 6:50 a.m.•23 views

CVE-2026-12137

The CVE concerns the WordPress plugin SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager. It is vulnerable to a Reflected Cross-Site Scripting (XSS) via the tab parameter in all versions up to and including 4.3.6, caused by insufficient input sanitization...

6.1CVSS5.5AI score0.00211EPSS

Exploits0References4

EUVD•added 2026/06/18 6:50 a.m.•9 views

EUVD-2026-37859

The Customize My Account For Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sysbasicsuseravatar' shortcode in versions up to, and including, 4.3.6. This is due to insufficient input sanitization and output escaping on user supplied attributes minheight,...

6.4CVSS5.5AI score0.00193EPSS

Exploits0References5

Cvelist•added 2026/06/18 6:50 a.m.•21 views

CVE-2026-12136 SysBasics Customize My Account for WooCommerce <= 4.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Customize My Account For Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sysbasicsuseravatar' shortcode in versions up to, and including, 4.3.6. This is due to insufficient input sanitization and output escaping on user supplied attributes minheight,...

6.4CVSS0.00193EPSS

Exploits0References5

CVE•added 2026/06/18 6:50 a.m.•26 views

CVE-2026-12136

CVE-2026-12136 affects the WordPress plugin “Customize My Account for WooCommerce” up to version 4.3.6. The root cause is insufficient input sanitization and output escaping on shortcode attributes (min_height, min_width, max_height, max_width) used by sysbasics_user_avatar, which are concatenate...

6.4CVSS5.6AI score0.00193EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2024-23227

Malicious code in bioql PyPI...

10CVSS8.8AI score0.0063EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-56090

Malicious code in bioql PyPI...

8.8CVSS9.1AI score0.00263EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2024-42894

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00237EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2024-33322

Malicious code in bioql PyPI...

6.1CVSS8.7AI score0.00368EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-3796

Malicious code in bioql PyPI...

7.1CVSS6.5AI score0.00236EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 9:10 a.m.•9 views

CVE-2024-48022

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in SysBasics Shortcode For Elementor Templates allows Stored XSS.This issue affects Shortcode For Elementor Templates: from n/a through 1.0.0...

6.5CVSS5.2AI score0.00237EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 6:26 a.m.•7 views

CVE-2024-10837

The SysBasics Customize My Account for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in all versions up to, and including, 2.7.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS6.4AI score0.00368EPSS

Exploits0References1

RedhatCVE•added 2025/02/16 1:20 p.m.•7 views

CVE-2025-24592

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SysBasics Customize My Account for WooCommerce customize-my-account-for-woocommerce allows Reflected XSS.This issue affects Customize My Account for WooCommerce: from n/a through = 2.8.22...

7.1CVSS5.9AI score0.00236EPSS

Exploits0References1

NVD•added 2025/02/14 1:15 p.m.•8 views

CVE-2025-24592

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SysBasics Customize My Account for WooCommerce customize-my-account-for-woocommerce allows Reflected XSS.This issue affects Customize My Account for WooCommerce: from n/a through = 2.8.22...

7.1CVSS0.00236EPSS

Exploits0References1

Vulnrichment•added 2025/02/14 12:44 p.m.•12 views

CVE-2025-24592 WordPress SysBasics Customize My Account for WooCommerce plugin <= 2.8.22 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SysBasics Customize My Account for WooCommerce customize-my-account-for-woocommerce allows Reflected XSS.This issue affects Customize My Account for WooCommerce: from n/a through = 2.8.22...

7.1CVSS5.9AI score0.00236EPSS

Exploits0References1

Cvelist•added 2025/02/14 12:44 p.m.•16 views

CVE-2025-24592 WordPress SysBasics Customize My Account for WooCommerce plugin <= 2.8.22 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SysBasics Customize My Account for WooCommerce customize-my-account-for-woocommerce allows Reflected XSS.This issue affects Customize My Account for WooCommerce: from n/a through = 2.8.22...

7.1CVSS0.00236EPSS

Exploits0References1

CVE•added 2025/02/14 12:44 p.m.•61 views

CVE-2025-24592

The CVE-2025-24592 entry concerns a WordPress plugin vulnerability: SysBasics Customize My Account for WooCommerce (affected versions up to 2.8.22). The issue is an improper neutralization of input during web page generation, resulting in a Reflected Cross-Site Scripting (XSS) vulnerability. Impa...

7.1CVSS5.9AI score0.00236EPSS

Exploits0References1

NVD•added 2024/11/09 1:15 p.m.•24 views

CVE-2024-10837

The SysBasics Customize My Account for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in all versions up to, and including, 2.7.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS0.00368EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by