CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

19 matches found

Cvelist•added 2026/04/22 7:45 a.m.•24 views

CVE-2026-4074 Quran Live Multilanguage <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Quran Live Multilanguage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cheikh' and 'lang' shortcode attributes in all versions up to, and including, 1.0.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Th...

6.4CVSS0.00378EPSS

Exploits0References13

ATTACKERKB•added 2026/04/14 3:37 a.m.•0 views

CVE-2026-1607

The Surbma | Booking.com Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's surbma-bookingcom shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...

6.4CVSS5.9AI score0.00152EPSS

Exploits0References3

Positive Technologies•added 2026/03/24 12:0 a.m.•11 views

PT-2026-27301

Name of the Vulnerable Software and Affected Versions LearnDash LMS plugin for WordPress versions prior to 5.0.4 Description The software is susceptible to a blind time-based SQL injection through the filtersorderby order parameter within the 'learndash propanel template' AJAX action. This is a...

6.5CVSS5.8AI score0.00272EPSS

Exploits0References9

Patchstack•added 2026/01/28 1:33 a.m.•8 views

WordPress Target Video Easy Publish plugin <= 3.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via placeholder_img Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via placeholderimg Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Target Video Easy Publish versions = 3.8.8...

6.4CVSS5.9AI score0.00245EPSS

Exploits0References1Affected Software1

NVD•added 2025/11/08 10:15 a.m.•4 views

CVE-2025-12837

The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Call To Action widget in versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping on user-supplied values. This makes it possible for authenticated...

6.4CVSS0.00195EPSS

Exploits0References4

CVE•added 2025/08/23 4:25 a.m.•25 views

CVE-2025-9131

CVE-2025-9131 (Ogulo – 360° Tour, WordPress) Vulnerability type: Stored Cross-Site Scripting via the slug parameter in all versions up to and including 1.0.11. Exploitation requires authenticated access at Contributor level or higher; attacker can inject scripts that run when pages are viewed by ...

6.4CVSS5.7AI score0.00231EPSS

Exploits0References4

Cvelist•added 2025/08/16 8:27 a.m.•10 views

CVE-2025-8719 Translate This - Google Translate Web Element Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via base_lang Parameter

The Translate This gTranslate Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘baselang’ parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00222EPSS

Exploits0References3

RedhatCVE•added 2025/08/14 3:22 a.m.•10 views

CVE-2025-8685

The Wp chart generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpchart shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS6AI score0.00232EPSS

Exploits0References1

Patchstack•added 2024/12/16 11:34 a.m.•2 views

WordPress Portfolio – Filterable Masonry Portfolio Gallery for Professionals plugin <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin Portfolio – Filterable Masonry Portfolio Gallery for Professionals versions = 1.2.2...

6.4CVSS5.7AI score0.00303EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/08/29 1:2 a.m.•2 views

WordPress The Post Grid plugin <= 7.7.11 - Authenticated (Contributor+) Information Disclosure vulnerability

Authenticated Contributor+ Information Disclosure vulnerability discovered by stealthcopter in WordPress Plugin The Post Grid versions = 7.7.11...

4.3CVSS6.6AI score0.00495EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2023/11/16 12:0 a.m.•2 views

PT-2023-30385 · WordPress · Marco Milesi Anac Xml Bandi Di Gara Plugin

Name of the Vulnerable Software and Affected Versions: Marco Milesi ANAC XML Bandi di Gara plugin versions = 7.5 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into the website, which...

6.5CVSS5.6AI score0.00386EPSS

Exploits0References3

OSV•added 2023/10/18 9:15 a.m.•3 views

CVE-2023-45059

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Gumroad plugin = 3.1.0 versions...

5.4CVSS7.3AI score0.0031EPSS

Exploits0References1

Positive Technologies•added 2023/10/10 12:0 a.m.•6 views

PT-2023-32122 · WordPress · Geo My Wordpress

Name of the Vulnerable Software and Affected Versions: GEO my WordPress plugin versions up to, and including, 4.0 Description: The issue is related to Stored Cross-Site Scripting via shortcodes due to insufficient input sanitization and output escaping on user-supplied attributes. This allows...

6.4CVSS5.6AI score0.00412EPSS

Exploits0References6

OSV•added 2023/08/10 1:15 p.m.•3 views

CVE-2023-37983

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Noël Jackson Art Direction plugin = 0.2.4 versions...

5.4CVSS6.7AI score0.00316EPSS

Exploits0References1

Positive Technologies•added 2023/08/10 12:0 a.m.•5 views

PT-2023-19213 · Unknown · Muneeb Layer Slider

Name of the Vulnerable Software and Affected Versions: Muneeb Layer Slider plugin versions = 1.1.9.7 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. This vulnerability allows an attacker to inject malicious scripts into the website, potentially leading to...

6.5CVSS5.9AI score0.00317EPSS

Exploits0References5

OSV•added 2023/05/10 8:15 a.m.•4 views

CVE-2023-23701

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Andrew @ Geeenville Web Design Easy Sign Up plugin = 3.4.1 versions...

5.4CVSS6.7AI score0.00361EPSS

Exploits0References1

OSV•added 2023/04/25 8:15 p.m.•1 views

CVE-2023-23889

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Fullworks Quick Paypal Payments plugin = 5.7.25 versions...

5.4CVSS6.7AI score0.00361EPSS

Exploits0References1

OSV•added 2023/03/30 12:15 p.m.•4 views

CVE-2023-25040

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Vova Anokhin WordPress Shortcodes Plugin — Shortcodes Ultimate plugin = 5.12.6 versions...

5.4CVSS6.7AI score0.00414EPSS

Exploits0References1

OSV•added 2023/03/23 12:15 p.m.•2 views

CVE-2022-45843

Auth. contributor+ Stored Cross-Site Scripting vulnerability in Nextend Smart Slider 3 plugin = 3.5.1.9 versions...

5.4CVSS5.8AI score0.00383EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by