CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

226 matches found

Abandoned Cart Lite for WooCommerce < 5.2.0 - Cross-Site Scripting

The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress are vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 5.1.3 and 7.12.0 respectively, due to insufficient input sanitization and output escaping. i...

7.2CVSS6.3AI score0.01353EPSS

Exploits1References4

NVD•added 2026/06/16 6:16 a.m.•11 views

CVE-2026-9187

The Abandoned Contact Form 7 plugin for WordPress is vulnerable to unauthorized arbitrary post deletion in versions up to, and including, 2.2. This is due to a missing capability check and missing nonce validation in the actionremoveabandoned function, which is registered to both the...

5.3CVSS0.00228EPSS

Exploits0References4

EUVD•added 2026/06/16 4:30 a.m.•11 views

EUVD-2026-37032

5.3CVSS5.4AI score0.00228EPSS

Exploits0References4

Cvelist•added 2026/06/16 4:30 a.m.•29 views

CVE-2026-9187 Abandoned Contact Form 7 <= 2.2 - Missing Authorization to Unauthenticated Arbitrary Post Deletion via 'recover_id' Parameter

5.3CVSS0.00228EPSS

Exploits0References4

Positive Technologies•added 2026/06/16 12:0 a.m.•9 views

PT-2026-49620

The Abandoned Contact Form 7 plugin for WordPress is vulnerable to unauthorized arbitrary post deletion in versions up to, and including, 2.2. This is due to a missing capability check and missing nonce validation in the action remove abandoned function, which is registered to both the wp ajax...

5.3CVSS5.5AI score0.00228EPSS

Exploits0References5

Patchstack•added 2026/06/15 4:26 p.m.•5 views

WordPress Abandoned Contact Form 7 plugin <= 2.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by g0wthr in WordPress Plugin Abandoned Contact Form 7 versions = 2.5...

5.3CVSS5.2AI score0.00228EPSS

Exploits0References1Affected Software1

The Hacker News•added 2026/06/12 7:33 p.m.•27 views

Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit

Attackers took over more than 400 packages in the Arch User Repository AUR this week and rewrote their build scripts to install a credential stealer on any machine that built them. The malware is a Rust binary built to harvest developer secrets. When it lands with root, it can also load an eBPF...

5.6AI score

Exploits0

Positive Technologies•added 2026/05/01 12:0 a.m.•13 views

PT-2026-36320

Unauthenticated Cross Site Scripting XSS in Contact Form to Any API = 3.0.3 versions...

7.1CVSS5.1AI score0.00175EPSS

Exploits0References3

CNNVD•added 2026/04/22 12:0 a.m.•8 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the netfs mechanism’s issue during retries when reading abandoned files. This issue may lead to...

8.8CVSS7.1AI score0.00342EPSS

Exploits0References1

Wired Threat Level•added 2026/03/31 1:38 p.m.•5 views

The Broken System That Keeps Shipping Crews Stranded in the Strait of Hormuz

Vessels are increasingly being abandoned during the war on Iran, revealing a hidden failure in the global systems that keep goods—and people—moving...

5.9AI score

Exploits0

CNVD•added 2026/03/31 12:0 a.m.•3 views

WordPress Plugin Abandoned Cart Recovery for WooCommerce Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin Abandoned Cart Recovery for WooCommerce has a cross-site scripting vulnerabili...

7.1CVSS6AI score0.00175EPSS

Exploits0

RedhatCVE•added 2026/03/26 5:2 p.m.•3 views

CVE-2026-32526

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VillaTheme Abandoned Cart Recovery for WooCommerce woo-abandoned-cart-recovery allows Stored XSS.This issue affects Abandoned Cart Recovery for WooCommerce: from n/a through = 1.1.10...

7.1CVSS5.8AI score0.00175EPSS

Exploits0References1

EUVD•added 2026/03/25 6:31 p.m.•5 views

EUVD-2026-15891

7.1CVSS5.8AI score0.00175EPSS

Exploits0References2

NVD•added 2026/03/25 5:17 p.m.•4 views

CVE-2026-32526

7.1CVSS0.00175EPSS

Exploits0References1

Cvelist•added 2026/03/25 4:15 p.m.•21 views

CVE-2026-32526 WordPress Abandoned Cart Recovery for WooCommerce plugin <= 1.1.10 - Cross Site Scripting (XSS) vulnerability

7.1CVSS0.00175EPSS

Exploits0References1

ATTACKERKB•added 2026/03/25 4:15 p.m.•2 views

CVE-2026-32526

5.8AI score0.00175EPSS

Exploits0References2

Vulnrichment•added 2026/03/25 4:15 p.m.•3 views

CVE-2026-32526 WordPress Abandoned Cart Recovery for WooCommerce plugin <= 1.1.10 - Cross Site Scripting (XSS) vulnerability

7.1CVSS5.8AI score0.00175EPSS

Exploits0References1

CVE•added 2026/03/25 4:15 p.m.•7 views

CVE-2026-32526

CVE-2026-32526 affects the WordPress plugin VillaTheme Abandoned Cart Recovery for WooCommerce (woo-abandoned-cart-recovery), version range: = 1.1.11) or apply vendor-provided fixes where available. Documentation in connected sources consistently identifies this as a Stored XSS affecting the plug...

7.1CVSS5.8AI score0.00175EPSS

Exploits0References1

Positive Technologies•added 2026/03/25 12:0 a.m.•3 views

PT-2026-28040

Name of the Vulnerable Software and Affected Versions VillaTheme Abandoned Cart Recovery for WooCommerce versions through 1.1.10 Description The software contains an Improper Neutralization of Input During Web Page Generation issue, specifically a Cross-site Scripting condition. This allows for...

7.1CVSS5.9AI score0.00175EPSS

Exploits0References5

CNNVD•added 2026/03/25 12:0 a.m.•6 views

WordPress plugin Abandoned Cart Recovery for WooCommerce 安全漏洞

7.1CVSS5.8AI score0.00175EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by