CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6236 matches found

EUVD•added 2026/02/03 6:7 p.m.•2 views

EUVD-2026-5177

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Name & Description fields in Ta...

6.1CVSS5.4AI score0.00025EPSS

Exploits1References4

Cvelist•added 2026/02/03 7:59 a.m.•26 views

CVE-2026-1592 Stored XSS via Create New Layer Field found in Foxit PDF Editor Cloud

Foxit PDF Editor Cloud pdfonline contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded into the HTML output, allowing arbitrary JavaScript execution when the layer is referenced. This issue affects pdfonline.foxit.com: before...

6.3CVSS0.00066EPSS

Exploits0References1

NVD•added 2026/02/03 7:16 a.m.•1 views

CVE-2026-1210

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'elementordata' meta field in all versions up to, and including, 3.20.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00026EPSS

Exploits0References8

Cvelist•added 2026/02/03 6:38 a.m.•22 views

CVE-2026-1210 Happy Addons for Elementor <= 3.20.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via '_elementor_data' Meta Field

6.4CVSS0.00026EPSS

Exploits0References8

Patchstack•added 2026/02/02 7:57 p.m.•1 views

WordPress Brizy - Page Builder plugin <= 2.4.41 - Authenticated(Contributor+) Stored Cross-Site Scripting vulnerability

WordPress Brizy - Page Builder plugin = 2.4.41 - AuthenticatedContributor+ Stored Cross-Site Scripting vulnerability discovered by stealthcopter in WordPress Plugin Brizy versions = 2.4.41...

7.1CVSS5.2AI score0.00106EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/02/02 12:39 p.m.•4 views

WordPress The Plus Addons for Elementor - Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin <= 5.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

WordPress The Plus Addons for Elementor - Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin = 5.5.2 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin The Plus Addons for Elementor Page Builder Lite...

6.4CVSS5.4AI score0.03483EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/02/02 9:10 a.m.•5 views

WordPress Gutenberg Blocks by Kadence Blocks plugin <= 3.2.37 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typer Effect vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Typer Effect vulnerability discovered by Webbernaut in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.2.37...

6.4CVSS5.2AI score0.00311EPSS

Exploits0References1Affected Software1

Packet Storm•added 2026/02/02 12:0 a.m.•103 views

📄 Clicky by Yoast 1.4.3 Cross Site Scripting

Multiple persistent cross site scripting vulnerabilities exist in Clicky by Yoast WordPress Plugin version 1.4.3. This issue is older research added to the archive. Clicky by Yoast 1.4.3 - Multiple Stored Cross-site Scripting Advisory ID: RO-16-006 Severity: Medium Vendor: Yoast Product: Clicky b...

5AI score

Exploits0

ATTACKERKB•added 2026/01/28 8:2 p.m.•4 views

CVE-2025-13984

Permissive Cross-domain Security Policy with Untrusted Domains vulnerability in Drupal Next.Js allows Cross-Site Scripting XSS.This issue affects Next.Js: from 0.0.0 before 1.6.4, from 2.0.0 before 2.0.1...

5.9AI score0.00051EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2026/01/26 12:0 a.m.•6 views

PT-2026-4778

Xeroneit Library Management System 3.1 contains a stored cross-site scripting vulnerability in the Book Category feature that allows administrators to inject malicious scripts. Attackers can insert a payload in the Category Name field to execute arbitrary JavaScript code when the page is loaded...

6.4CVSS6.1AI score0.00017EPSS

Exploits0References5

RedhatCVE•added 2026/01/24 9:15 a.m.•13 views

CVE-2025-14745

The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-rss-aggregator' shortcode in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping on...

6.4CVSS5.8AI score0.00016EPSS

Exploits0References1

CVE•added 2026/01/24 7:26 a.m.•11 views

CVE-2026-1097

CVE-2026-1097 refers to ThemeRuby Multi Authors – Assign Multiple Writers to Posts (WordPress). The vulnerability is a Stored XSS via the shortcodes’ before and after attributes, affecting all versions up to and including 1.0.0. Exploitation requires authenticated access at Contributor level or h...

6.4CVSS5.8AI score0.00016EPSS

Exploits0References4

Positive Technologies•added 2026/01/23 12:0 a.m.•2 views

PT-2026-4394

Name of the Vulnerable Software and Affected Versions Kaira Blockons versions through 1.2.15 Description The software contains a flaw related to improper input handling during web page generation, which allows for Stored Cross-site Scripting XSS. This means that malicious scripts can be stored on...

5.4CVSS5.3AI score0.00064EPSS

Exploits0References3

CVE•added 2026/01/22 4:52 p.m.•5 views

CVE-2025-68866

CVE-2025-68866 affects the WordPress plugin Dinatur (versions up to and including 1.18). The issue is an Stored XSS caused by improper neutralization of input during web page generation, exposing site visitors to injected scripts. The vulnerability is rated with a CVSSv3.1 base score of 7.1 (High...

7.1CVSS5.4AI score0.00019EPSS

Exploits0References1

Vulnrichment•added 2026/01/22 4:51 p.m.•2 views

CVE-2025-67964 WordPress Homey Core plugin <= 2.4.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in favethemes Homey Core homey-core allows Reflected XSS.This issue affects Homey Core: from n/a through = 2.4.3...

5.9AI score0.00019EPSS

Exploits0References1

Cvelist•added 2026/01/22 4:51 p.m.•18 views

CVE-2025-50006 WordPress xSmart theme <= 1.2.9.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jthemes xSmart xsmart allows Reflected XSS.This issue affects xSmart: from n/a through = 1.2.9.4...

7.1CVSS0.00064EPSS

Exploits0References1

Patchstack•added 2026/01/22 11:4 a.m.•3 views

WordPress Grand Magazine theme <= 3.5.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Grand Magazine versions = 3.5.7...

7.1CVSS5.3AI score0.00064EPSS

Exploits0Affected Software1

ATTACKERKB•added 2026/01/22 1:17 a.m.•1 views

CVE-2025-27379

A stored cross-site scripting XSS vulnerability in the BOM Viewer in Altium AES 7.0.3 allows an authenticated attacker to inject arbitrary JavaScript into the Description field of a schematic, which is executed when the BOM Viewer renders the affected content...

6.8CVSS5.2AI score0.00017EPSS

Exploits0References2Affected Software1

RedhatCVE•added 2026/01/21 3:27 p.m.•2 views

CVE-2026-0690

The FlatPM – Ad Manager, AdSense and Custom Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rankmathdescription' custom field in all versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.8AI score0.00052EPSS

Exploits0References1

NVD•added 2026/01/20 3:20 p.m.•1 views

CVE-2026-0608

The Head Meta Data plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'head-meta-data' post meta field in all versions up to, and including, 20251118 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00052EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by