CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

231 matches found

CVE-2026-12430 Blocksy Companion <= 2.1.45 - Authenticated (Editor+) Stored Cross-Site Scripting via 'product_description' Parameter

The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and...

4.4CVSS0.00208EPSS

Exploits0References8

CVE•added 5 days ago•12 views

CVE-2026-12430

The CVE-2026-12430 entry concerns the Blocksy Companion WordPress plugin (

4.4CVSS5.9AI score0.00208EPSS

Exploits0References8

Cvelist•added 6 days ago•26 views

CVE-2026-11358 Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More <= 3.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'menu-item-icon' Parameter

The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping. This makes it...

4.4CVSS0.00203EPSS

Exploits0References6

CVE•added 6 days ago•22 views

CVE-2026-11358

The CVE concerns the Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More plugin for WordPress (versions up to 3.0.6). The vulnerability is a Stored Cross-Site Scripting flaw arising from insufficient input sanitization and output escaping in admin settings. It a...

4.4CVSS5.5AI score0.00203EPSS

Exploits0References6

RedhatCVE•added 2026/06/05 7:42 p.m.•5 views

CVE-2025-5085

The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blogrolelink’ parameter in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.5CVSS5.6AI score0.00201EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:37 p.m.•7 views

CVE-2026-3574

The Experto Dashboard for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings fields including 'Navigation Font Size', 'Navigation Font Weight', 'Heading Font Size', 'Heading Font Weight', 'Text Font Size', and 'Text Font Weight' in all versions...

4.4CVSS5.6AI score0.00207EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:37 p.m.•7 views

CVE-2026-3348

The MinhNhut Link Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings Description, Title, and other fields in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

4.4CVSS5.6AI score0.00237EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:37 p.m.•9 views

CVE-2026-3362

The Short Comment Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Minimum Count' settings field in all versions up to and including 2.2. This is due to insufficient input sanitization no sanitize callback on registersetting and missing output escaping no escattr ...

4.4CVSS5.7AI score0.00373EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:34 p.m.•8 views

CVE-2026-1379

The HTTP Headers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.19.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...

4.4CVSS5.6AI score0.0029EPSS

Exploits0References1

Cvelist•added 2026/06/02 7:48 a.m.•40 views

CVE-2025-5085 wp-nano-ad <= 1.31 - Authenticated (Administrator+) Stored Cross-Site Scripting via blogrole_link Parameter

5.5CVSS0.00201EPSS

Exploits0References4

Positive Technologies•added 2026/06/02 12:0 a.m.•10 views

PT-2026-45698

The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blogrole link’ parameter in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.5CVSS6AI score0.00201EPSS

Exploits0References6

EUVD•added 2026/05/27 9:27 a.m.•12 views

EUVD-2026-32176

The myLinksDump plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'linktitle' parameter in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access...

4.8CVSS6AI score0.0023EPSS

Exploits0References5

CVE•added 2026/05/27 9:27 a.m.•20 views

CVE-2026-3348

Summary: CVE-2026-3348 affects the MinhNhut Link Gateway WordPress plugin up to version 3.6.1. The issue is a Stored Cross-Site Scripting flaw caused by insufficient input sanitization and output escaping in plugin settings (Description, Title, and other fields). Exploitation requires authenticat...

4.4CVSS6AI score0.00237EPSS

Exploits0References3

Cvelist•added 2026/05/27 9:27 a.m.•29 views

CVE-2026-2288 myLinksDump <= 1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'link_title' Parameter

4.8CVSS0.0023EPSS

Exploits0References5

Positive Technologies•added 2026/05/27 12:0 a.m.•10 views

PT-2026-43635

Name of the Vulnerable Software and Affected Versions MinhNhut Link Gateway versions prior to 3.6.2 Description The MinhNhut Link Gateway plugin for WordPress contains a Stored Cross-Site Scripting issue caused by insufficient input sanitization and output escaping within the plugin settings,...

4.4CVSS5.9AI score0.00237EPSS

Exploits0References6

Vulnrichment•added 2026/05/13 4:26 a.m.•6 views

CVE-2025-9989 Broadstreet <= 1.53.1 - Authenticated (Admin+) Stored Cross-Site Scripting

The Broadstreet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.53.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.4CVSS6AI score0.0019EPSS

Exploits0References2

ATTACKERKB•added 2026/05/13 4:26 a.m.•7 views

CVE-2025-9989

4.4CVSS6AI score0.0019EPSS

Exploits0References3

CVE•added 2026/05/13 4:26 a.m.•13 views

CVE-2025-9989

CVE-2025-9989 – Broadstreet WordPress plugin : The vulnerability affects Broadstreet plugin versions

4.4CVSS6AI score0.0019EPSS

Exploits0References2

EUVD•added 2026/05/12 12:32 p.m.•27 views

EUVD-2026-29444

The Continually plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS6AI score0.00195EPSS

Exploits0References6

ATTACKERKB•added 2026/05/12 9:29 a.m.•4 views

CVE-2026-6800

The FastBots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS6AI score0.00195EPSS

Exploits0References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by