CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 3 hours ago•7 views

CVE-2026-11488

The CVE-2026-11488 entry concerns code-projects Simple Flight Ticket Booking System 1.0. It identifies a SQL injection in the POST Parameter Handler, specifically in checkUser.php via the Username argument. Impact is limited to confidentiality and integrity with a low severity in CVSS metrics, an...

7.5CVSS6.9AI score

Cvelist•added 3 hours ago•4 views

CVE-2026-11488 code-projects Simple Flight Ticket Booking System POST Parameter checkUser.php sql injection

7.5CVSS

EUVD•added 3 hours ago•4 views

EUVD-2026-35019

7.5CVSS6.9AI score

ATTACKERKB•added 3 hours ago•2 views

CVE-2026-11488

7.5CVSS6.9AI score

Exploits0References6Affected Software1

CVE-2021-47984

WordPress Plugin WP24 Domain Check 1.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the fieldnameDomain parameter. Attackers can inject JavaScript payloads through the plugin settings form at...

CVE-2021-47983

WordPress Plugin Stripe Payments 2.0.39 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the AcceptStripePayments-settingscurrencycode parameter. Attackers can submit POST requests to /wp-admin/options.php with script...

NVD•added 5 hours ago•6 views

CVE-2022-50953

WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path parameter. Attackers can send GET requests to download-csv.php with a crafted path parameter containing...

6.9CVSS

CVE-2023-54351

WordPress Sonaar Music Plugin 4.7 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the comment functionality. Attackers can submit JavaScript payloads in the comment parameter to wp-comments-post.php which are stored an...

7.2CVSS

CVE-2021-47982

WordPress Plugin WP-Paginate 2.1.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the preset parameter. Attackers can submit POST requests to the plugin settings page with script payloads in the preset parameter...

CVE•added 6 hours ago•10 views

CVE-2023-54351

CVE-2023-54351 : WordPress Sonaar Music Plugin 4.7 has a stored XSS vulnerability in the comment functionality. Unauthenticated attackers can submit JavaScript payloads via the comment parameter to wp-comments-post.php, which are stored and later executed in the browsers of users viewing the affe...

7.2CVSS5.2AI score

ATTACKERKB•added 6 hours ago•2 views

CVE-2023-54351

7.2CVSS5.2AI score

Exploits0References2Affected Software1

EUVD•added 6 hours ago•3 views

EUVD-2023-60582

7.2CVSS5.2AI score

Cvelist•added 6 hours ago•7 views

CVE-2023-54351 WordPress Sonaar Music Plugin 4.7 Stored XSS via Comments

7.2CVSS

ATTACKERKB•added 6 hours ago•4 views

CVE-2022-50953

6.9CVSS5.6AI score

Exploits0References3Affected Software1

EUVD•added 6 hours ago•4 views

EUVD-2022-56000

6.9CVSS5.6AI score

CVE•added 6 hours ago•8 views

CVE-2022-50953

The CVE concerns the WordPress plugin admin-word-count-column version 2.2 . A vulnerability allows unauthenticated local file read via crafted requests to download-csv.php, exploiting a null byte injection in the path parameter to bypass restrictions and read arbitrary files (e.g., system configu...

6.9CVSS5.6AI score

Cvelist•added 6 hours ago•8 views

CVE-2022-50953 WordPress Plugin admin-word-count-column 2.2 Local File Read

6.9CVSS

Cvelist•added 6 hours ago•7 views

CVE-2021-47983 WordPress Plugin Stripe Payments 2.0.39 Stored XSS via currency_code