CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

98 matches found

EUVD•added 2026/04/08 9:32 p.m.•4 views

EUVD-2024-33399

The Beds24 Online Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's beds24-link shortcode in all versions up to, and including, 2.0.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS7.4AI score0.00563EPSS

Exploits0References5

Github Security Blog•added 2026/03/31 11:10 p.m.•5 views

Admidio has Missing CSRF Protections on Custom List Deletion in mylist_function.php

Reported by: Juan Felipe Oz @JF0x0r LinkedIn Summary The delete mode handler in mylistfunction.php permanently deletes list configurations without validating a CSRF token. An attacker who can lure an authenticated user to a malicious page can silently destroy that user's list configurations —...

4.6CVSS6AI score0.00123EPSS

Exploits1References4Affected Software1

ATTACKERKB•added 2026/03/26 3:37 a.m.•1 views

CVE-2026-4278

The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sdcmenu' shortcode in all versions up to, and including, 2.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes, specifically the 'text' an...

6.4CVSS6AI score0.00239EPSS

Exploits0References11

RedhatCVE•added 2026/01/09 9:26 a.m.•8 views

CVE-2023-4941

The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobebulkoperationsswap function. This makes it possible for authenticated attackers subscriber or higher to manipulate products...

4.3CVSS6.4AI score0.00479EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:17 a.m.•3 views

CVE-2025-1008

The Recently Purchased Products For Woo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘view’ parameter in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.9AI score0.00282EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:15 a.m.•4 views

CVE-2024-2801

The Shopkeeper Extender plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'imageslide' shortcode in all versions up to, and including, 3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS6.1AI score0.00434EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:14 a.m.•7 views

CVE-2024-2946

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's QR Code Widget in all versions up to, and including, 2.8.4 due to insufficient input sanitization...

6.4CVSS6AI score0.0034EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:13 a.m.•6 views

CVE-2024-2664

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown Widget in all versions up to, and including, 4.10.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00451EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2017-10166

Malware in sbrugna...

3.5CVSS3.9AI score0.00604EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-10325

Malicious code in bioql PyPI...

6.5CVSS7.3AI score0.00291EPSS

Exploits0References3