CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

54 matches found

Cvelist•added 4 days ago•24 views

CVE-2024-49269 WordPress my flatonica theme <= 0.0.8 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in my flatonica = 0.0.8 versions...

7.1CVSS0.00241EPSS

Exploits0References1

NVD•added 6 days ago•4 views

CVE-2026-42649

Unauthenticated Cross Site Scripting XSS in Favicon Rotator = 1.2.11 versions...

7.1CVSS0.00175EPSS

Exploits0References1

NVD•added 6 days ago•3 views

CVE-2026-39514

Unauthenticated Cross Site Scripting XSS in Paid Member Subscriptions = 2.17.3 versions...

7.1CVSS0.00175EPSS

Exploits0References1

Vulnrichment•added 6 days ago•6 views

CVE-2026-52702 WordPress SEO Redirection plugin <= 9.17 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in SEO Redirection = 9.17 versions...

7.1CVSS5.1AI score0.00149EPSS

Exploits0References1

Positive Technologies•added 6 days ago•8 views

PT-2026-49354

Unauthenticated Cross Site Scripting XSS in Redirection for Contact Form 7 = 3.2.8 versions...

7.1CVSS5.1AI score0.00281EPSS

Exploits0References2

Vulnrichment•added 2026/06/13 5:32 a.m.•6 views

CVE-2026-9109 GPTranslate <= 2.31 - Unauthenticated Stored Cross-Site Scripting via REST API Translation Storage

The GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API Translation Storage in all versions up to, and including, 2.31 due to insufficient input sanitization and output escaping...

7.2CVSS5.5AI score0.0033EPSS

Exploits0References12

Patchstack•added 2026/05/29 1:33 p.m.•15 views

WordPress LiteSpeed Cache plugin <= 7.7 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin LiteSpeed Cache versions = 7.7...

7.2CVSS5.8AI score0.00252EPSS

Exploits0References1Affected Software1

NVD•added 2026/05/15 7:17 p.m.•6 views

CVE-2026-45622

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an unauthenticated reflected cross-site scripting XSS issue in the public product return form in Vvveb CMS. The customerorderid POST parameter is inserted into the...

5.3CVSS0.00258EPSS

Exploits0References1

EUVD•added 2026/05/02 5:29 a.m.•20 views

EUVD-2026-26744

The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping of Calculation Product field product names when rendered inside Repeater fields. The validat...

7.2CVSS6AI score0.00232EPSS

Exploits0References2

Patchstack•added 2026/05/01 9:32 a.m.•3 views

WordPress EazyDocs – AI Powered Knowledge Base, Wiki, Documentation & FAQ Builder plugin <= 2.5.7 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin EazyDocs versions = 2.5.7...

6.1CVSS5.8AI score0.00276EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/05/01 9:31 a.m.•4 views

WordPress Kikote – Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerce plugin <= 1.10.6 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Location Picker at Checkout for WooCommerce versions = 1.10.6...

6.1CVSS5.8AI score0.00276EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/04/06 2:35 p.m.•22 views

CVE-2026-26027 GLPI has an Unauthenticated Stored XSS via inventory

GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated user can store an XSS payload through the inventory endpoint. This vulnerability is fixed in 11.0.6...

7.5CVSS0.00191EPSS

Exploits0References1

Patchstack•added 2026/02/18 8:16 a.m.•4 views

WordPress ARForms plugin <= 1.5.8 - Unauthenticated Stored Cross-Site Scripting via arf_http_referrer_url vulnerability

Unauthenticated Stored Cross-Site Scripting via arfhttpreferrerurl vulnerability discovered by drop in WordPress Plugin ARForms Form Builder versions = 1.5.8...

7.2CVSS5.5AI score0.00374EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/02/18 12:0 a.m.•5 views

PT-2026-20513

Name of the Vulnerable Software and Affected Versions MajorDoMo versions affected versions not specified Description MajorDoMo contains a stored cross-site scripting XSS issue through the /objects/?op=set API endpoint. This endpoint is intentionally unauthenticated for integration with IoT device...

7.2CVSS5.1AI score0.00196EPSS

Exploits1References6

CVE•added 2026/02/11 8:26 a.m.•16 views

CVE-2025-15440

The affected product is the WordPress plugin iONE360 configurator . It is vulnerable to a Stored Cross‑Site Scripting (XSS) in the Contact Form parameters in all versions up to and including 2.0.57 , caused by insufficient input sanitization and output escaping. This allows unauthenticated attack...

7.2CVSS5.7AI score0.00377EPSS

Exploits0References9

CVE•added 2025/11/19 7:46 a.m.•17 views

CVE-2025-13206

CVE-2025-13206 affects the WordPress GiveWP – Donation Plugin and Fundraising Platform. The vulnerability is a stored cross-site scripting flaw in the name parameter present in all versions up to and including 4.13.0, caused by insufficient input sanitization and output escaping. It allows unauth...

7.2CVSS5AI score0.00217EPSS

Exploits0References5Affected Software1

Cvelist•added 2025/11/06 12:0 a.m.•8 views

CVE-2025-63588

An unauthenticated reflected cross-site scripting vulnerability in the query handling of CMSimpleXH allows remote attackers to inject and execute arbitrary JavaScript in a victim's browser via a crafted request e.g., a maliciously crafted POST login. Successful exploitation may lead to theft of...

0.00286EPSS

Exploits1References2

RedhatCVE•added 2025/05/23 5:17 a.m.•3 views

CVE-2023-30747

Unauth. Reflected Cross-Site Scripting XSS vulnerability in WPGem WooCommerce Easy Duplicate Product plugin = 0.3.0.0 versions...

7.1CVSS5.8AI score0.00379EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 5:14 a.m.•5 views

CVE-2023-41861

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Restrict plugin = 2.2.4 versions...

7.1CVSS5.9AI score0.00351EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 3:19 a.m.•2 views

CVE-2023-23849

Versions of Coverity Connect prior to 2022.12.0 are vulnerable to an unauthenticated Cross-Site Scripting vulnerability. Any web service hosted on the same sub domain can set a cookie for the whole subdomain which can be used to bypass other mitigations in place for malicious purposes...

8.1CVSS6.4AI score0.01298EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by