CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

Patchstack•added 2026/04/13 9:23 a.m.•2 views

WordPress UsersWP plugin <= 1.2.60 - Authenticated (Subscriber+) Stored Cross-Site Scripting via User Badge Link Substitution vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via User Badge Link Substitution vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin UsersWP versions = 1.2.60...

6.4CVSS5.8AI score0.00073EPSS

Exploits0References1Affected Software1

EUVD•added 2026/04/09 6:30 a.m.•1 views

EUVD-2026-20846

The UsersWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.2.60. This is due to insufficient input sanitization of user-supplied URL fields and improper output escaping when rendering user profile data in badge widgets. This makes it possible f...

6.4CVSS6.1AI score0.00073EPSS

Exploits0References11

Cvelist•added 2026/04/09 3:25 a.m.•25 views

CVE-2026-5742 UsersWP <= 1.2.60 - Authenticated (Subscriber+) Stored Cross-Site Scripting via User Badge Link Substitution

6.4CVSS0.00073EPSS

Exploits0References10

Positive Technologies•added 2026/04/09 12:0 a.m.•0 views

PT-2026-31579

Name of the Vulnerable Software and Affected Versions UsersWP plugin for WordPress versions up to and including 1.2.60 Description The UsersWP plugin for WordPress is susceptible to Stored Cross-Site Scripting. Insufficient input sanitization of user-supplied URL fields and improper output escapi...

6.4CVSS5.9AI score0.00073EPSS

Exploits0References13

EUVD•added 2025/11/22 9:31 a.m.•1 views

EUVD-2025-198532

The Booking Calendar Contact Form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.60. This is due to missing authorization checks and payment verification in the dexbccfcheckIPNverification function. This makes it possible for unauthenticated...

5.3CVSS5.5AI score0.00161EPSS

Exploits0References5

Vulnrichment•added 2025/11/22 8:30 a.m.•1 views

CVE-2025-13318 Booking Calendar Contact Form <= 1.2.60 - Missing Authorization to Unauthenticated Arbitrary Booking Confirmation via 'dex_bccf_ipn' Parameter

5.3CVSS5.6AI score0.00161EPSS

Exploits0References4

Positive Technologies•added 2025/11/22 12:0 a.m.•1 views

PT-2025-47834

The Booking Calendar Contact Form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.60. This is due to missing authorization checks and payment verification in the dex bccf check IPN verification function. This makes it possible for...

5.3CVSS5.9AI score0.00161EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by