CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15429 matches found

WordPress Core <6.5.2 - Cross-Site Scripting

WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. id: CVE-2024-4439 info: name: WordPress Core 6.5.2 - Cross-Site Scripting author: nqdung2002 severity: hi...

7.2CVSS7AI score0.70822EPSS

Exploits4References2

NVD•added 3 days ago•9 views

CVE-2026-9233

The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 11.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00272EPSS

Exploits0References12

NVD•added 3 days ago•7 views

CVE-2026-13295

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via panelsdata Parameter in all versions up to, and including, 2.34.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00241EPSS

Exploits0References10

NVD•added 3 days ago•8 views

CVE-2026-11597

The Surbma | Infusionsoft Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'infusionsoft-form' shortcode in versions up to, and including, 2.0.1. This is due to insufficient input sanitization and output escaping on user-supplied 'account' and 'id' shortcode...

6.4CVSS0.00193EPSS

Exploits0References5

EUVD•added 3 days ago•8 views

EUVD-2026-39956

6.4CVSS5.9AI score0.00193EPSS

Exploits0References5

CVE•added 3 days ago•13 views

CVE-2026-13295

The CVE-2026-13295 entry concerns the Page Builder by SiteOrigin WordPress plugin. A stored XSS vulnerability affects all versions up to 2.34.3, caused by insufficient input sanitization and output escaping of the panels_data parameter. Authenticated users with Contributor-level access and above ...

6.4CVSS6AI score0.00241EPSS

Exploits0References10

EUVD•added 3 days ago•8 views

EUVD-2026-39952

4.3CVSS5.9AI score0.00272EPSS

Exploits0References12

Cvelist•added 3 days ago•31 views

CVE-2026-9233 Quiz and Survey Master (QSM) <= 11.1.4 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification via qsm_insert_quiz_template AJAX Action

4.3CVSS0.00272EPSS

Exploits0References12

NVD•added 3 days ago•7 views

CVE-2026-13335

The CodePeople Post Map for Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'cpmpoint' Post Meta in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.0021EPSS

Exploits0References8

EUVD•added 3 days ago•6 views

EUVD-2026-39929

6.4CVSS5.9AI score0.0021EPSS

Exploits0References8

CVE•added 3 days ago•13 views

CVE-2026-13335

The CodePeople Post Map for Google Maps WordPress plugin is vulnerable to Stored XSS via the 'cpm_point' Post Meta in all versions up to 1.2.6 due to insufficient input sanitization and output escaping. Authenticated attackers with Contributor-level access or higher can inject arbitrary scripts t...

6.4CVSS5.9AI score0.0021EPSS

Exploits0References8

Cvelist•added 3 days ago•37 views

CVE-2026-13335 CodePeople Post Map for Google Maps <= 1.2.6 - Authenticated (Contributor +) Stored Cross-Site Scripting via 'cpm_point' Post Meta

6.4CVSS0.0021EPSS

Exploits0References8

NVD•added 4 days ago•7 views

CVE-2026-57651

Contributor Cross Site Scripting XSS in Ghost Kit = 3.6.0 versions...

6.5CVSS0.0013EPSS

Exploits0References1

NVD•added 4 days ago•6 views