CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

643 matches found

CVE•added 2026/01/09 8:20 a.m.•17 views

CVE-2026-0627

CVE-2026-0627 affects the AMP for WP plugin for WordPress (vulnerable up to 1.1.10). It is a stored XSS via malicious SVG uploads; requires Author-level authentication and executes when a user views the uploaded file. The issue arises from insufficient sanitization that only removes script tags, ...

6.4CVSS4.4AI score0.00188EPSS

Exploits0References4

Vulnrichment•added 2026/01/08 5:11 p.m.•7 views

CVE-2026-22233 OPEXUS eCASE Audit Project Cost stored XSS

OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment in the "Estimated Staff Hours" field. The JavaScript is executed whenever another user visits the Project Cost tab. Fixed in OPEXUS eCASE Audit 11.14.2.0...

5.5CVSS6.3AI score0.00207EPSS

Exploits0References3

NVD•added 2026/01/07 12:16 p.m.•2 views

CVE-2025-13848

The STM Gallery 1.9 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'composicion' parameter in all versions up to, and including, 0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS0.00287EPSS

Exploits0References3

Cvelist•added 2026/01/07 9:21 a.m.•23 views

CVE-2025-15058 Responsive Pricing Table <= 5.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'table_currency'

The Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tablecurrency' parameter in all versions up to, and including, 5.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00234EPSS

Exploits0References3

CVE•added 2026/01/07 9:20 a.m.•12 views

CVE-2025-14453

CVE-2025-14453 affects the My Album Gallery WordPress plugin. A stored XSS exists via the style_css shortcode attribute in all versions up to 1.0.4 due to insufficient input sanitization and output escaping. Exploitation requires authenticated access (Contributor level or higher) and affects page...

6.4CVSS4.7AI score0.00187EPSS

Exploits0References3

Vulnrichment•added 2026/01/07 9:20 a.m.•1 views

CVE-2025-13849 Cool YT Player <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Cool YT Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'videoid' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

6.4CVSS4.8AI score0.00228EPSS

Exploits0References3

CVE•added 2026/01/07 9:20 a.m.•14 views

CVE-2025-14028

CVE-2025-14028 affects Contact Us Simple Form (WordPress) plugins

4.4CVSS4.7AI score0.003EPSS

Exploits0References5

Patchstack•added 2026/01/07 8:0 a.m.•5 views

WordPress SVG Map Plugin plugin <= 1.0.0 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting vulnerability discovered by dayea song - Ahnlab in WordPress Plugin SVG Map Plugin versions = 1.0.0...

6.1CVSS5.8AI score0.00115EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/01/07 3:21 a.m.•26 views

CVE-2025-14891 Customer Reviews for WooCommerce <= 5.93.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via displayName Parameter

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'displayName' parameter in all versions up to, and including, 5.93.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00242EPSS

Exploits0References4

RedhatCVE•added 2026/01/01 5:32 a.m.•4 views

CVE-2025-49346

Cross-Site Request Forgery CSRF vulnerability in peterwsterling Simple Archive Generator simple-archive-generator allows Stored XSS.This issue affects Simple Archive Generator: from n/a through = 5.2...

7.1CVSS5.9AI score0.00094EPSS

Exploits0References1

Vulnrichment•added 2025/12/31 1:4 p.m.•3 views

CVE-2025-49357 WordPress Audiomack plugin <= 1.4.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Audiomack allows Stored XSS.This issue affects Audiomack: from n/a through 1.4.8...

6.5CVSS5.6AI score0.00127EPSS

Exploits0References1

EUVD•added 2025/12/31 1:3 p.m.•4 views

EUVD-2025-205969

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Curator.Io allows Stored XSS.This issue affects Curator.Io: from n/a through 1.9.5...

6.5CVSS5.5AI score0.00127EPSS

Exploits0References2

Cvelist•added 2025/12/31 5:34 a.m.•28 views

CVE-2025-68885 WordPress Custom Post Status plugin <= 1.1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in page-carbajal Custom Post Status custom-post-status allows Stored XSS.This issue affects Custom Post Status: from n/a through = 1.1.0...

7.1CVSS0.00096EPSS

Exploits0References1

Vulnrichment•added 2025/12/31 5:34 a.m.•2 views

CVE-2025-68885 WordPress Custom Post Status plugin <= 1.1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in page-carbajal Custom Post Status custom-post-status allows Stored XSS.This issue affects Custom Post Status: from n/a through = 1.1.0...

7.1CVSS5.7AI score0.00096EPSS

Exploits0References1

NVD•added 2025/12/31 5:16 a.m.•3 views

CVE-2025-49346

7.1CVSS0.00094EPSS

Exploits0References1

Patchstack•added 2025/12/31 12:0 a.m.•5 views

WordPress Ultimate Blocks plugin <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via content Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via content Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Ultimate Blocks versions = 3.2.7...

6.4CVSS5.9AI score0.00262EPSS

Exploits0References1Affected Software1

Patchstack•added 2025/12/31 12:0 a.m.•8 views

WordPress FunnelKit plugin <= 3.13.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wfop_phone Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via wfopphone Shortcode vulnerability discovered by zaim in WordPress Plugin Funnel Builder by FunnelKit versions = 3.13.1.2...

6.4CVSS5.9AI score0.00209EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2025/12/30 1:2 a.m.•14 views

CVE-2025-65442

DOM-based Cross-Site Scripting XSS vulnerability in 201206030 novel V3.5.0 allows remote attackers to execute arbitrary JavaScript code or disclose sensitive information e.g., user session cookies via a crafted "wvstest" parameter in the URL or malicious script injection into window.localStorage...

6.1CVSS6AI score0.00291EPSS

Exploits1References1

NVD•added 2025/12/24 8:15 p.m.•5 views

CVE-2019-25244

Legrand BTicino Driver Manager F454 1.0.51 contains multiple web vulnerabilities that allow attackers to perform administrative actions without proper request validation. Attackers can exploit cross-site request forgery to change passwords and inject stored cross-site scripting payloads through...

5.3CVSS0.00216EPSS

Exploits2References4

Vulnrichment•added 2025/12/23 7:34 p.m.•3 views

CVE-2021-47732 CMSimple 5.2 Stored Cross-Site Scripting via Filebrowser External Input

CMSimple 5.2 contains a stored cross-site scripting vulnerability in the Filebrowser External input field that allows attackers to inject malicious JavaScript. Attackers can place unfiltered JavaScript code that executes when users click on Page or Files tabs, enabling persistent script injection...

6.1CVSS5.8AI score0.00235EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by