CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/05/27 7:45 a.m.•25 views

CVE-2026-3001 Gutenverse <= 3.4.6 - Reflected Cross-Site Scripting via 's' Parameter

6.1CVSS0.00089EPSS

Vulnrichment•added 2026/05/27 7:45 a.m.•8 views

CVE-2026-3001 Gutenverse <= 3.4.6 - Reflected Cross-Site Scripting via 's' Parameter

CVE•added 2026/05/27 7:45 a.m.•12 views

CVE-2026-3001

The CWE: CVE-2026-3001 affects the Gutenverse WordPress plugin, up to version 3.4.6. The vulnerability is a Reflected Cross-Site Scripting (XSS) in the search title block: render_content() echoes get_query_var('s') directly into HTML without escaping, enabling an attacker to craft a URL that inje...

ATTACKERKB•added 2026/05/27 7:45 a.m.•7 views

CVE-2026-3001

EUVD•added 2026/05/27 7:45 a.m.•6 views

Exploits0References4

EUVD-2026-32114

Positive Technologies•added 2026/05/27 12:0 a.m.•7 views

PT-2026-43544

The Gutenverse plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 3.4.6 due to insufficient input sanitization and output escaping. Specifically, the render content method in class-search-result-title.php outputs the...

CNNVD•added 2026/05/27 12:0 a.m.•5 views

Exploits0References4

WordPress plugin Gutenverse 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.1CVSS5.7AI score0.00089EPSS

RedhatCVE•added 2026/05/06 8:21 p.m.•4 views

CVE-2026-2868

The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'separatorIconSVG' parameter in versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6AI score0.00037EPSS

Exploits0References1

RedhatCVE•added 2026/05/06 8:21 p.m.•2 views

CVE-2026-2948

The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.5.3 via the importimages function. This makes it possible for authenticated attackers, with contributor-level access and above, t...

NVD•added 2026/05/05 4:16 a.m.•2 views

Exploits0References1

CVE-2026-2948

6.4CVSS0.00032EPSS

Cvelist•added 2026/05/05 3:37 a.m.•30 views

CVE-2026-2948 Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem <= 3.5.3 - Authenticated (Contributor+) Server-Side Request Forgery via 'imageUrl'

6.4CVSS0.00032EPSS

Vulnrichment•added 2026/05/05 3:37 a.m.•3 views

CVE-2026-2948 Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem <= 3.5.3 - Authenticated (Contributor+) Server-Side Request Forgery via 'imageUrl'

ATTACKERKB•added 2026/05/05 3:37 a.m.•0 views

CVE-2026-2948

CVE•added 2026/05/05 3:37 a.m.•8 views

CVE-2026-2948

The vulnerability CVE-2026-2948 affects the Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress (versions ≤ 3.5.3). It permits Server-Side Request Forgery via the import_images() function, exploitable by authenticated users with contributor-level access or higher. T...

EUVD•added 2026/05/05 3:31 a.m.•4 views

EUVD-2026-27171

6.4CVSS6AI score0.00037EPSS

NVD•added 2026/05/05 3:15 a.m.•3 views

CVE-2026-2868

6.4CVSS0.00037EPSS

Vulnrichment•added 2026/05/05 2:26 a.m.•5 views

CVE-2026-2868 Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem <= 3.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'separatorIconSVG'

6.4CVSS6AI score0.00037EPSS