CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/03/31 11:26 p.m.•2 views

GHSA-PQHR-MP3F-HRPP Nuxt OG Image vulnerable to Server-Side Request Forgery via user-controlled parameters

Product: Nuxt OG Image Version: injection via html parameter GET /og/d/og.png?html= When verbose errors are enabled, the response content is leaked in base64-encoded error messages. Vector 3: SVG injection via html parameter GET /og/d/og.png?html= Mitigation Fixed in v6.2.5. The image source plug...

5.3CVSS5.9AI score

RedhatCVE•added 2026/02/07 7:22 a.m.•4 views

CVE-2026-1808

The Orange Confort+ accessibility toolbar for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' parameter of the ocplusbutton shortcode in all versions up to, and including, 0.7 due to insufficient input sanitization and output escaping. This makes it...

ATTACKERKB•added 2026/02/06 6:46 a.m.•3 views

Exploits0References1

CVE-2026-1808

EUVD•added 2026/02/06 6:46 a.m.•4 views

Exploits0References5

EUVD-2026-5613

Vulnrichment•added 2026/02/06 6:46 a.m.•5 views

CVE-2026-1808 Orange Confort+ accessibility toolbar for WordPress <= 0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

CNNVD•added 2026/02/06 12:0 a.m.•5 views

WordPress plugin Orange Confort+ 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.7AI score0.00235EPSS

RedhatCVE•added 2026/01/09 9:26 a.m.•3 views

CVE-2023-4482

The Auto Amazon Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access to inject...

6.4CVSS5AI score0.00323EPSS

Exploits0References1

Patchstack•added 2025/12/31 12:0 a.m.•4 views

WordPress 3D FlipBook - Lite Edition plugin <= 1.16.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via style and mode Parameters vulnerability

WordPress 3D FlipBook - Lite Edition plugin = 1.16.15 - Authenticated Contributor+ Stored Cross-Site Scripting via style and mode Parameters vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery versions = 1.16.15...

6.4CVSS5.9AI score0.00205EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2025/12/12 12:0 a.m.•4 views

PT-2025-50827

The Hide Email Address plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'inline css' parameter in the bg-hide-email-address shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...

6.4CVSS5.1AI score0.00228EPSS

Cvelist•added 2025/10/20 7:27 p.m.•7 views

CVE-2025-62697 Improperly sanitized style parameter in LanguageSelector

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in The Wikimedia Foundation Mediawiki - LanguageSelector Extension allows Code Injection.This issue affects Mediawiki - LanguageSelector Extension: from master before 1.39...

8.8CVSS0.00317EPSS

CVE•added 2025/10/20 7:27 p.m.•15 views

CVE-2025-62697

Summary (CVE-2025-62697) : A code injection vulnerability exists in the Wikimedia Foundation’s MediaWiki LanguageSelector Extension due to improper neutralization of special elements in output used by downstream components. Affected: LanguageSelector Extension for MediaWiki, specifically versions...

8.8CVSS6.7AI score0.00317EPSS