CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/02/27 10:16 a.m.•8 views

CVE-2025-14142

6.4CVSS0.0024EPSS

ATTACKERKB•added 2026/02/27 9:23 a.m.•5 views

CVE-2025-14142

6.4CVSS6AI score0.0024EPSS

Vulnrichment•added 2026/02/27 9:23 a.m.•7 views

CVE-2025-14142 Electric Enquiries <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'button' Shortcode Attribute

6.4CVSS6AI score0.0024EPSS

Cvelist•added 2026/02/27 9:23 a.m.•25 views

CVE-2025-14142 Electric Enquiries <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'button' Shortcode Attribute

6.4CVSS0.0024EPSS

Patchstack•added 2026/02/26 11:54 p.m.•9 views

WordPress Electric Enquiries plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'button' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'button' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin Electric Enquiries versions = 1.1...

6.4CVSS5.3AI score0.0024EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/02/26 10:14 a.m.•7 views

CVE-2026-2367

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'aysblock' shortcode in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This...

EUVD•added 2026/02/26 3:31 a.m.•7 views

Exploits0References1

EUVD-2026-8806

The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the labbpricingitem shortcode's title and value attributes in all versions up to, and including, 3.9.2 due to insufficient input sanitization and output escaping. Specifically, the plugin...

6.4CVSS5.8AI score0.00191EPSS

NVD•added 2026/02/26 2:16 a.m.•6 views

CVE-2026-2029

6.4CVSS0.00191EPSS

CVE•added 2026/02/26 1:24 a.m.•12 views

CVE-2026-2029

The CVE-2026-2029 entry describes a Stored XSS in the Livemesh Addons for Beaver Builder WordPress plugin, affecting all versions up to 3.9.2. The root cause is improper input sanitization: the shortcode attribute values in [labb_pricing_item] (title and value) are sanitized with wp_kses_post(), ...

6.4CVSS5.8AI score0.00191EPSS

Cvelist•added 2026/02/26 1:24 a.m.•22 views

CVE-2026-2029 Livemesh Addons for Beaver Builder <= 3.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' and 'value' Shortcode Attributes

6.4CVSS0.00191EPSS

ATTACKERKB•added 2026/02/26 1:24 a.m.•4 views

CVE-2026-2029

6.4CVSS5.8AI score0.00191EPSS

EUVD•added 2026/02/25 12:30 p.m.•5 views

EUVD-2026-8519

NVD•added 2026/02/25 10:16 a.m.•6 views

Exploits0References5

CVE-2026-2367

6.4CVSS0.00193EPSS

Cvelist•added 2026/02/25 9:26 a.m.•29 views

CVE-2026-2367 Secure Copy Content Protection and Content Locking <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attribute

6.4CVSS0.00193EPSS

Vulnrichment•added 2026/02/25 9:26 a.m.•3 views

CVE-2026-2367 Secure Copy Content Protection and Content Locking <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attribute

CVE•added 2026/02/25 9:26 a.m.•19 views

CVE-2026-2367

CVE-2026-2367 is a stored cross-site scripting (XSS) vulnerability in the WordPress plugin Secure Copy Content Protection and Content Locking (auth level: Contributor+). The issue arises from insufficient input sanitization and output escaping for attributes passed to the plugin’s shortcodes (not...

Positive Technologies•added 2026/02/25 12:0 a.m.•8 views

PT-2026-21894

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ays block' shortcode in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This...