CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

28 matches found

EUVD•added 2026/05/05 6:31 a.m.•4 views

EUVD-2026-27181

The WP Carousel Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted fancybox data-caption attributes in all versions up to, and including, 2.7.10. This is due to the fancybox-config.js script reading the carousel container's id attribute directly from the DOM to...

6.4CVSS6AI score0.00034EPSS

Exploits0References5

NVD•added 2026/05/05 4:16 a.m.•3 views

CVE-2026-4665

6.4CVSS0.00034EPSS

Exploits0References4

Cvelist•added 2026/05/05 3:37 a.m.•31 views

CVE-2026-4665 WP Carousel Free <= 2.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'data-caption' Attribute

6.4CVSS0.00034EPSS

Exploits0References4

ATTACKERKB•added 2026/05/05 3:37 a.m.•1 views

CVE-2026-4665

6.4CVSS6AI score0.00034EPSS

Exploits0References5

CVE•added 2026/05/05 3:37 a.m.•5 views

CVE-2026-4665

The CVE-2026-4665 entry concerns the WP Carousel Free plugin for WordPress (versions up to 2.7.10). Concrete details from connected documents describe a Stored Cross-Site Scripting flaw in the handling of fancybox data-caption attributes. The root cause is the fancybox-config.js logic reading the...

6.4CVSS6AI score0.00034EPSS

Exploits0References4

Vulnrichment•added 2026/05/05 3:37 a.m.•2 views

CVE-2026-4665 WP Carousel Free <= 2.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'data-caption' Attribute

6.4CVSS6AI score0.00034EPSS

Exploits0References4

Positive Technologies•added 2026/05/05 12:0 a.m.•4 views

PT-2026-36965

6.4CVSS6AI score0.00034EPSS

Exploits0References5

RedhatCVE•added 2026/01/07 9:16 a.m.•2 views

CVE-2025-4776

The Phlox theme for WordPress is vulnerable to Stored Cross-Site Scripting via the data-caption HTML attribute in all versions up to, and including, 2.17.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

6.4CVSS4.9AI score0.00028EPSS

Exploits0References1

Vulnrichment•added 2026/01/06 6:36 a.m.•1 views

CVE-2025-4776 Phlox <= 2.17.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-caption` HTML Attribute

6.4CVSS4.7AI score0.00028EPSS

Exploits0References2

CVE•added 2026/01/06 6:36 a.m.•6 views

CVE-2025-4776

The Phlox theme for WordPress (Phlox) is affected by CVE-2025-4776: a Stored XSS via the data-caption attribute in Phlox versions up to and including 2.17.7. Exploitation requires authentication with Contributor-level access or higher and can allow injection of arbitrary scripts that run when use...

6.4CVSS4.7AI score0.00028EPSS

Exploits0References2

Cvelist•added 2026/01/06 6:36 a.m.•24 views

CVE-2025-4776 Phlox <= 2.17.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-caption` HTML Attribute

6.4CVSS0.00028EPSS

Exploits0References2

Positive Technologies•added 2026/01/06 12:0 a.m.•2 views

PT-2026-1417

Name of the Vulnerable Software and Affected Versions Phlox theme for WordPress versions through 2.17.7 Description The Phlox theme for WordPress is susceptible to Stored Cross-Site Scripting through the data-caption HTML attribute. Insufficient input sanitization and output escaping allow...

6.4CVSS5.2AI score0.00028EPSS

Exploits0References6

Patchstack•added 2026/01/05 10:10 p.m.•3 views

WordPress Phlox plugin <= 2.17.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-caption` HTML Attribute vulnerability

Software : Phlox Type : Theme Vulnerable versions : = 2.17.7 Fixed in : 2.17.11 OWASP Top 10 : A3: Injection Classification : Cross Site Scripting XSS CVE ID : CVE-2025-4776 Patchstack priority : Low CVSS severity : 6.5 Required privilege : Contributor Developer : Claim ownership PSID :...

6.4CVSS6.1AI score0.00028EPSS

Exploits0Affected Software1

Patchstack•added 2026/01/05 10:10 p.m.•3 views

WordPress Phlox plugin <= 2.17.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-caption` HTML Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via data-caption HTML Attribute vulnerability discovered by Webbernaut in WordPress Theme Phlox versions = 2.17.7...

6.4CVSS5.7AI score0.00028EPSS

Exploits0References1Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-27056

Malicious code in bioql PyPI...

6.4CVSS6.4AI score0.00053EPSS

Exploits0References3

RedhatCVE•added 2025/09/08 2:9 a.m.•3 views

CVE-2025-6067

The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-caption and data-linktext parameters in all versions up to, and including, 6.6.7 due to insufficient input sanitization and output escaping. This make...

6.4CVSS5.1AI score0.00053EPSS

Exploits0References1

NVD•added 2025/09/06 2:15 a.m.•1 views

CVE-2025-6067

6.4CVSS0.00053EPSS

Exploits0References3

CVE•added 2025/09/06 1:47 a.m.•14 views

CVE-2025-6067

Summary: CVE-2025-6067 affects the WordPress plugin “Easy Social Feed – Social Photos Gallery – Post Feed – Like Box” (versions up to 6.6.7). It exposes a stored DOM-based cross-site scripting vulnerability via the data-caption and data-linktext parameters, exploitable by authenticated users with...

6.4CVSS4.7AI score0.00053EPSS

Exploits0References3

Vulnrichment•added 2025/09/06 1:47 a.m.•1 views

CVE-2025-6067 Easy Social Feed – Social Photos Gallery – Post Feed – Like Box <= 6.6.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

6.4CVSS4.7AI score0.00053EPSS

Exploits0References3

Cvelist•added 2025/09/06 1:47 a.m.•5 views

CVE-2025-6067 Easy Social Feed – Social Photos Gallery – Post Feed – Like Box <= 6.6.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

6.4CVSS0.00053EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by