CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

59 matches found

EUVD•added 2026/03/18 3:32 a.m.•2 views

EUVD-2026-12742

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpgmzacustomjs’ parameter in all versions up to, and including, 10.0.05 due to insufficient input sanitization and output escaping and missing capability check in the...

6.4CVSS5.9AI score0.00043EPSS

Exploits0References3

NVD•added 2026/03/18 2:16 a.m.•3 views

CVE-2026-4268

6.4CVSS0.00043EPSS

Exploits0References2

Positive Technologies•added 2026/03/18 12:0 a.m.•2 views

PT-2026-26022

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpgmza custom js’ parameter in all versions up to, and including, 10.0.05 due to insufficient input sanitization and output escaping and missing capability check in the 'admin post...

6.4CVSS6AI score0.00043EPSS

Exploits0References6

CNNVD•added 2026/02/21 12:0 a.m.•3 views

OneUptime 代码注入漏洞

OneUptime is a comprehensive open-source solution developed by OneUptime. It is used to monitor and manage your online services. Versions of OneUptime 9.5.13 and earlier contain a code injection vulnerability. This vulnerability stems from the use of the unsafe node:vm module in the custom...

9.9CVSS6AI score0.00028EPSS

Exploits2References2

RedhatCVE•added 2026/01/22 5:34 p.m.•2 views

CVE-2021-47860

GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows unauthenticated attackers to inject arbitrary client-side code into administrator browsers. Attackers can craft a malicious website that triggers a cross-site scripting payload to execute remote cod...

8.5CVSS6AI score0.00136EPSS

Exploits1References1

NVD•added 2026/01/21 6:16 p.m.•1 views

CVE-2021-47860

8.5CVSS0.00136EPSS

Exploits1References6

CVE•added 2026/01/21 5:29 p.m.•2 views

CVE-2021-47860

CVE-2021-47860 concerns GetSimple CMS Custom JS 0.1. The vulnerability is a cross-site request forgery that can enable unauthenticated attackers to inject arbitrary client-side code into administrator browsers, potentially triggering a reflected XSS payload to execute remote code on the hosting s...

8.5CVSS6AI score0.00136EPSS

Exploits1References6Affected Software1

EUVD•added 2025/12/23 11:13 a.m.•2 views

EUVD-2025-204795

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hapagecustomjs' parameter in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS4.7AI score0.00037EPSS

Exploits0References5

CVE•added 2025/12/23 11:13 a.m.•9 views

CVE-2025-14635

CVE-2025-14635 concerns the Happy Addons for Elementor WordPress plugin. The connected Wordfence report explicitly ties this to an authenticated stored cross-site scripting (XSS) vulnerability via the ha_page_custom_js parameter, affecting version range up to and including 3.20.3. Root cause: ins...

6.4CVSS4.8AI score0.00037EPSS

Exploits0References4

Vulnrichment•added 2025/12/23 11:13 a.m.•2 views

CVE-2025-14635 Happy Addons for Elementor <= 3.20.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS

6.4CVSS4.8AI score0.00037EPSS

Exploits0References4

Cvelist•added 2025/12/23 11:13 a.m.•18 views

CVE-2025-14635 Happy Addons for Elementor <= 3.20.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS

6.4CVSS0.00037EPSS

Exploits0References4

Positive Technologies•added 2025/12/23 12:0 a.m.•1 views

PT-2025-52736

Name of the Vulnerable Software and Affected Versions Happy Addons for Elementor versions up to and including 3.20.3 Description The Happy Addons for Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting through the ha page custom js parameter. Insufficient input sanitizati...

6.4CVSS5.1AI score0.00037EPSS

Exploits0References7

RedhatCVE•added 2025/11/22 8:35 a.m.•4 views

CVE-2025-11003

The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'uipsaveuitemplate' function in all versions up to, and including, 3.5.08. This makes it possible for...

6.4CVSS5.1AI score0.00034EPSS

Exploits0References1

NVD•added 2025/11/21 8:15 a.m.•1 views

CVE-2025-11003

6.4CVSS0.00034EPSS

Exploits0References3

EUVD•added 2025/11/21 7:31 a.m.•1 views

EUVD-2025-198421

6.4CVSS4.6AI score0.00034EPSS

Exploits0References4

RedhatCVE•added 2025/10/16 7:56 a.m.•2 views

CVE-2025-11160

The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom JS module in all versions up to, and including, 8.6.1. This is due to insufficient input sanitization and output escaping of user-supplied JavaScript code in the Custom JS module. This makes...

6.4CVSS5.1AI score0.00024EPSS

Exploits0References1

OSV•added 2025/10/15 7:15 a.m.•0 views

CVE-2025-11160

5.4CVSS6AI score

Exploits0References2

Vulnrichment•added 2025/10/15 6:43 a.m.•2 views

CVE-2025-11160 WPBakery Page Builder <= 8.6.1 - Stored Cross-Site Scripting via Custom JS Module

6.4CVSS4.8AI score0.00024EPSS

Exploits0References2

CVE•added 2025/10/15 6:43 a.m.•9 views

CVE-2025-11160

The CVE CVE-2025-11160 applies to the WPBakery Page Builder (WordPress) and is a stored XSS via the Custom JS module in all versions up to 8.6.1. The vulnerability arises from insufficient input sanitization and output escaping of user-supplied JavaScript, enabling authenticated users with contri...

6.4CVSS4.8AI score0.00024EPSS

Exploits0References2Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-6222

Malware in sbrugna...

6.1CVSS6.3AI score0.00604EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by