CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/06/18 8:16 a.m.•8 views

CVE-2026-12137

The SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 4.3.6 due to insufficient input sanitization and output escaping. Thi...

6.1CVSS0.00211EPSS

EUVD•added 2026/06/18 6:50 a.m.•8 views

EUVD-2026-37861

6.1CVSS5.5AI score0.00211EPSS

Cvelist•added 2026/06/18 6:50 a.m.•23 views

CVE-2026-12137 SysBasics Customize My Account for WooCommerce <= 4.3.6 - Reflected Cross-Site Scripting via 'tab' Parameter

6.1CVSS0.00211EPSS

CVE•added 2026/06/18 6:50 a.m.•23 views

CVE-2026-12137

The CVE concerns the WordPress plugin SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager. It is vulnerable to a Reflected Cross-Site Scripting (XSS) via the tab parameter in all versions up to and including 4.3.6, caused by insufficient input sanitization...

6.1CVSS5.5AI score0.00211EPSS

Cvelist•added 2026/06/05 11:28 p.m.•69 views

CVE-2026-9290 WP User Manager <= 2.9.17 - Unauthenticated Path Traversal to Local File Inclusion via 'tab' Query Parameter

The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.17 via the profile template scope function. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files...

7.5CVSS0.02403EPSS

Exploits0References13

RedhatCVE•added 2026/06/05 7:32 p.m.•8 views

CVE-2026-6711

The Website LLMs.txt plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.6. This is due to the use of filterinput without a sanitization filter and insufficient output escaping. This makes it possible for...

6.1CVSS5.7AI score0.00215EPSS

Exploits0References1

NVD•added 2026/05/12 9:16 a.m.•8 views

CVE-2026-3604

The WP SEO Structured Data Schema plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the kcseoativetab parameter in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.9CVSS0.00229EPSS

Exploits0References5

EUVD•added 2026/05/10 3:31 p.m.•13 views

EUVD-2022-55991

WordPress Plugin AAWP 3.16 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the tab parameter. Attackers can craft URLs with XSS payloads in the tab parameter of the aawp-settings admin page to execute arbitrar...

NVD•added 2026/05/10 1:16 p.m.•14 views

CVE-2022-50970

5.4CVSS0.00172EPSS

Cvelist•added 2026/05/10 12:13 p.m.•34 views

CVE-2022-50970 WordPress Plugin AAWP 3.16 Reflected XSS via tab Parameter

5.4CVSS0.00172EPSS

Vulnrichment•added 2026/05/10 12:13 p.m.•8 views

CVE-2022-50970 WordPress Plugin AAWP 3.16 Reflected XSS via tab Parameter

ATTACKERKB•added 2026/05/10 12:13 p.m.•9 views

CVE-2022-50970

Exploits0References3Affected Software1

CVE•added 2026/05/10 12:13 p.m.•14 views

CVE-2022-50970

CVE-2022-50970 affects WordPress Plugin AAWP 3.16. It describes a reflected XSS vulnerability in the aawp-settings admin page, where an attacker can craft a URL with a payload in the tab parameter to execute arbitrary JavaScript in the context of authenticated users. The vulnerability is triggere...

Positive Technologies•added 2026/05/10 12:0 a.m.•12 views

PT-2026-39495