CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2 days ago•8 views

CVE-2026-12098

The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'embed' Episode Meta Field in all versions up to, and including, 11.16.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

6.4CVSS0.00202EPSS

EUVD•added 2 days ago•5 views

EUVD-2026-37867

6.4CVSS5.6AI score0.00255EPSS

CVE•added 2 days ago•10 views

CVE-2026-8039

The CVE-2026-8039 entry concerns the WordPress plugin Fancy Testimonials (versions ≤ 1.0). It describes a Stored Cross-Site Scripting (XSS) vulnerability via the author attribute of the testimonial shortcode, caused by insufficient input sanitization/output escaping. Impacted condition: authentic...

6.4CVSS5.5AI score0.00255EPSS

Cvelist•added 2 days ago•19 views

CVE-2026-8039 Fancy Testimonials <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting

6.4CVSS0.00255EPSS

EUVD•added 2 days ago•5 views

EUVD-2026-37862

6.4CVSS5.4AI score0.00202EPSS

Cvelist•added 2 days ago•20 views

CVE-2026-12098 PowerPress Podcasting plugin by Blubrry <= 11.16.8 - Authenticated (Author+) Stored Cross-Site Scripting via 'embed' Episode Meta Field

6.4CVSS0.00202EPSS

CVE•added 2 days ago•11 views

CVE-2026-12098

CVE-2026-12098 affects the WordPress PowerPress Podcasting plugin by Blubrry up to version 11.16.8. The vulnerability is a Stored Cross-Site Scripting via the embed Episode Meta Field, caused by insufficient input sanitization and output escaping. The embed value is stored with update_post_meta()...

6.4CVSS5.4AI score0.00202EPSS

NVD•added 2 days ago•8 views

CVE-2026-9860

The Offload, AI & Optimize with Cloudflare Images plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.10.2 via the 'account-id' parameter parameter. This is due to insufficient privilege enforcement on the cfimagesdosetup AJAX handler, which require...

8.8CVSS0.00577EPSS

Cvelist•added 2 days ago•26 views

CVE-2026-11784 Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization <= 4.2.6 - Cross-Site Request Forgery via 'optml_replace_file' AJAX Action

The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.6. This is due to missing or incorrect nonce validation on the replacefile function. This makes it...

4.3CVSS0.00129EPSS

Exploits1References6

EUVD•added 2 days ago•7 views

EUVD-2026-37840

8.8CVSS6AI score0.00577EPSS

Cvelist•added 2 days ago•23 views

CVE-2026-9860 Offload, AI & Optimize with Cloudflare Images <= 1.10.2 - Authenticated (Author+) Remote Code Execution via 'api-key' / 'account-id' Parameters in cf_images_do_setup AJAX Action

8.8CVSS0.00577EPSS

CVE•added 2 days ago•21 views

CVE-2026-9860

The CVE-2026-9860 entry concerns the WordPress plugin “Offload, AI & Optimize with Cloudflare Images” (versions

8.8CVSS6AI score0.00577EPSS

EUVD•added 2 days ago•6 views

EUVD-2026-37837

The Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.42.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This mak...

4.3CVSS5.3AI score0.00245EPSS

Cvelist•added 2 days ago•21 views

CVE-2026-9199 Equalize Digital Accessibility Checker <= 1.42.1 - Missing Authorization to Authenticated (Author+) Arbitrary Accessibility Issue Modification via 'largeBatch' Parameter

4.3CVSS0.00245EPSS

CVE•added 2 days ago•15 views

CVE-2026-9199

The CVE-2026-9199 entry concerns the WordPress plugin Equalize Digital Accessibility Checker (WCAG/ADA/EAA/Section 508) up to version 1.42.1. The root cause is missing authorization verification, allowing authenticated users with author-level access and above to modify accessibility issue records...

4.3CVSS5.4AI score0.00245EPSS