CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

EUVD•added 2026/03/21 6:30 a.m.•0 views

EUVD-2026-14177

The WordPress PayPal Donation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'donate' shortcode in all versions up to, and including, 1.01. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes such as 'amount', 'email'...

6.4CVSS6AI score0.00048EPSS

Exploits0References6

Cvelist•added 2026/03/21 3:26 a.m.•29 views

CVE-2026-4072 WordPress PayPal Donation <= 1.01 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'amount' Shortcode Attribute

6.4CVSS0.00048EPSS

Exploits0References5

ATTACKERKB•added 2026/03/21 3:26 a.m.•1 views

CVE-2026-4072

6.4CVSS6AI score0.00048EPSS

Exploits0References6

Positive Technologies•added 2026/03/21 12:0 a.m.•3 views

PT-2026-26872

6.4CVSS6AI score0.00048EPSS

Exploits0References6

Patchstack•added 2025/01/28 10:41 a.m.•2 views

WordPress Philantro plugin <= 5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via donate Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via donate Shortcode vulnerability discovered by SOPROBRO in WordPress Plugin Philantro versions = 5.3...

6.4CVSS5.8AI score0.00185EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2025/01/28 12:0 a.m.•1 views

PT-2025-2207 · WordPress · The Philantro – Donations/Donor Management

Name of the Vulnerable Software and Affected Versions: The Philantro – Donations and Donor Management plugin for WordPress versions up to, and including, 5.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's shortcodes, such as donate, due to insufficient input...

6.4CVSS8.1AI score0.00185EPSS

Exploits0References8

OSV•added 2024/10/26 12:15 p.m.•1 views

CVE-2024-10117

The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcfdonate shortcode in all versions up to, and including, 2.1.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.4CVSS6AI score0.00162EPSS

Exploits0References5

Positive Technologies•added 2024/10/26 12:0 a.m.•1 views

PT-2024-16039 · WordPress · Wp Crowdfunding

Name of the Vulnerable Software and Affected Versions: WP Crowdfunding plugin for WordPress versions up to, and including, 2.1.11 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the wpcf donate shortcode. This allows...

6.4CVSS6.9AI score0.00162EPSS

Exploits0References10

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by