CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/01/14 5:28 a.m.•1 views

EUVD-2026-2546

The AJS Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'notelistclass' and 'popupdisplayeffectin' parameters in all versions up to, and including, 1.0 due to missing authorization and nonce verification on settings save, as well as insufficient input...

7.2CVSS4.8AI score0.00061EPSS

EUVD•added 2026/01/14 5:28 a.m.•2 views

EUVD-2026-2534

The Flat Shipping Rate by City for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'cities' parameter in all versions up to, and including, 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS6.1AI score0.00041EPSS

EUVD•added 2026/01/14 5:28 a.m.•2 views

EUVD-2026-2545

The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'namedirectoryname' and 'namedirectorydescription' parameters in all versions up to, and including, 1.30.3 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS4.8AI score0.00069EPSS

EUVD•added 2026/01/14 5:28 a.m.•1 views

EUVD-2026-2560

The Testimonials Creator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject...

4.4CVSS4.8AI score0.00011EPSS

EUVD•added 2026/01/14 5:28 a.m.•3 views

EUVD-2026-2540

The Internal Link Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS4.6AI score0.0004EPSS

EUVD•added 2026/01/14 5:28 a.m.•3 views

EUVD-2026-2557

The WPBlogSyn plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the plugin's remote sync settings via a forged request granted...

4.3CVSS5.1AI score0.00027EPSS

EUVD•added 2026/01/14 3:30 a.m.•1 views

EUVD-2026-2566

EUVD-2026-2566...

5.7CVSS6.4AI score0.00004EPSS

Exploits0References2

EUVD•added 2026/01/14 2:38 a.m.•1 views

EUVD-2026-2577

Permission verification bypass vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

6.2CVSS6.4AI score0.0001EPSS

Exploits0References7

EUVD•added 2026/01/14 2:5 a.m.•3 views

EUVD-2026-2562

Double free vulnerability in the multi-mode input module. Impact: Successful exploitation of this vulnerability may affect the input function...

7.8CVSS6.4AI score0.0001EPSS

EUVD•added 2026/01/14 2:2 a.m.•1 views

EUVD-2026-2570

Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability...

5.1CVSS6.3AI score0.00003EPSS

EUVD•added 2026/01/14 2:1 a.m.•1 views

EUVD-2026-2574

Multi-thread race condition vulnerability in the video framework module. Impact: Successful exploitation of this vulnerability may affect availability...

8.4CVSS6.3AI score0.00003EPSS

EUVD•added 2026/01/14 12:31 a.m.•2 views

EUVD-2026-2590

EUVD-2026-2590...

8.8CVSS6.4AI score0.00064EPSS

EUVD•added 2026/01/14 12:31 a.m.•1 views

EUVD-2026-2593

EUVD-2026-2593...

8.8CVSS6.4AI score0.00242EPSS