CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1123436 matches found

CVE-2026-1451 rognone <= 0.6.2 - Reflected Cross-Site Scripting via 'a' Parameter

The rognone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'a' parameter in versions up to, and including, 0.6.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

6.1CVSS6AI score0.00082EPSS

Exploits0References3

Cvelist•added 5 days ago•38 views

CVE-2026-1451 rognone <= 0.6.2 - Reflected Cross-Site Scripting via 'a' Parameter

6.1CVSS0.00082EPSS

Exploits0References3

Cvelist•added 5 days ago•37 views

CVE-2026-3620 Word Replacer <= 0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Replacement' Parameter

The Word Replacer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'replacement' parameter in all versions up to, and including, 0.4. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.00073EPSS

Exploits0References9

EUVD•added 5 days ago•7 views

EUVD-2026-33895

4.4CVSS6AI score0.00073EPSS

Exploits0References9

ATTACKERKB•added 5 days ago•6 views

CVE-2026-3620

4.4CVSS6AI score0.00073EPSS

Exploits0References10

Cvelist•added 5 days ago•33 views

CVE-2026-4080 Easy Cart <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Easy Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'addtocart' shortcode in all versions up to and including 1.8. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Specifically, the ectpaddtocart function...

6.4CVSS0.00042EPSS

Exploits0References15

EUVD•added 5 days ago•11 views

EUVD-2026-33893

The DeMomentSomTres Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'callout' shortcode in all versions up to, and including, 1.1.1. This is due to insufficient input sanitization and output escaping on the 'width' and 'align' shortcode attributes...

6.4CVSS6AI score0.00029EPSS

Exploits0References3

Cvelist•added 5 days ago•36 views

CVE-2026-2425 hiWeb Migration Simple <= 2.0.0.1 - Reflected Cross-Site Scripting via 'new_domain' Parameter

The hiWeb Migration Simple plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'newdomain' parameter in all versions up to, and including, 2.0.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.00082EPSS

Exploits0References3

EUVD•added 5 days ago•9 views

EUVD-2026-33892

6.4CVSS6AI score0.00042EPSS

Exploits0References15

ATTACKERKB•added 5 days ago•6 views

CVE-2026-2425

6.1CVSS6AI score0.00082EPSS

Exploits0References4

ATTACKERKB•added 5 days ago•6 views

CVE-2026-8885

6.4CVSS6AI score0.00029EPSS

Exploits0References4

EUVD•added 5 days ago•8 views

EUVD-2026-33891

6.1CVSS6AI score0.00082EPSS

Exploits0References3

Vulnrichment•added 5 days ago•8 views

CVE-2026-2425 hiWeb Migration Simple <= 2.0.0.1 - Reflected Cross-Site Scripting via 'new_domain' Parameter

6.1CVSS6AI score0.00082EPSS

Exploits0References3

CVE•added 5 days ago•8 views

CVE-2026-8885

The CVE-2026-8885 entry concerns the WordPress plugin DeMomentSomTres Shortcodes (versions

6.4CVSS6AI score0.00029EPSS

Exploits0References3

ATTACKERKB•added 5 days ago•7 views

CVE-2026-4080

6.4CVSS6AI score0.00042EPSS

Exploits0References16

EUVD•added 5 days ago•8 views

EUVD-2025-210029

The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blogrolelink’ parameter in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.5CVSS6AI score0.00028EPSS

Exploits0References4

Vulnrichment•added 5 days ago•8 views

CVE-2025-5085 wp-nano-ad <= 1.31 - Authenticated (Administrator+) Stored Cross-Site Scripting via blogrole_link Parameter

5.5CVSS6AI score0.00028EPSS

Exploits0References4

ATTACKERKB•added 5 days ago•6 views

CVE-2025-5085

5.5CVSS6AI score0.00028EPSS

Exploits0References5

Cvelist•added 5 days ago•36 views

CVE-2025-5085 wp-nano-ad <= 1.31 - Authenticated (Administrator+) Stored Cross-Site Scripting via blogrole_link Parameter

5.5CVSS0.00028EPSS

Exploits0References4

CVE•added 5 days ago•11 views

CVE-2025-5085

CVE-2025-5085 affects the WP Nano AD WordPress plugin (versions up to 1.31). It enables Stored Cross-Site Scripting via the blogrole_link parameter due to insufficient input sanitization/escaping. Impact: authenticated attackers with administrator rights can inject scripts that run for users on i...

5.5CVSS6AI score0.00028EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by