CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

80 matches found

WordPress InPost Gallery <2.1.4.1 - Local File Inclusion

WordPress InPost Gallery plugin before 2.1.4.1 is susceptible to local file inclusion. The plugin insecurely uses PHP's extract function when rendering HTML views, which can allow attackers to force inclusion of malicious files and URLs. This, in turn, can enable them to execute code remotely on...

9.8CVSS7.4AI score0.09519EPSS

Exploits2References5

NVD•added 2026/06/16 10:16 a.m.•8 views

CVE-2026-39574

Unauthenticated SQL Injection in InPost Gallery = 2.1.4.6 versions...

9.3CVSS0.00234EPSS

Exploits0References1

EUVD•added 2026/06/16 9:0 a.m.•7 views

EUVD-2026-37046

Unauthenticated SQL Injection in InPost Gallery = 2.1.4.6 versions...

9.3CVSS5.8AI score0.00234EPSS

Exploits0References1

Cvelist•added 2026/06/16 9:0 a.m.•26 views

CVE-2026-39574 WordPress InPost Gallery plugin <= 2.1.4.6 - SQL Injection vulnerability

Unauthenticated SQL Injection in InPost Gallery = 2.1.4.6 versions...

9.3CVSS0.00234EPSS

Exploits0References1

CVE•added 2026/06/16 9:0 a.m.•12 views

CVE-2026-39574

CVE-2026-39574 : Unauthenticated SQL injection in the WordPress InPost Gallery plugin, affected versions ≤ 2.1.4.6. Root cause and exact exploit details are not provided in the documents; CVSS v3.1 base score 9.3 (CRITICAL, NETWORK, no privileges required, user interaction: none). No remediation ...

9.3CVSS5.7AI score0.00234EPSS

Exploits0References1

Patchstack•added 2026/04/20 9:57 a.m.•5 views

WordPress InPost Gallery plugin <= 2.1.4.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by hivesec in WordPress Plugin InPost Gallery versions = 2.1.4.6...

5.8AI score0.00234EPSS

Exploits0Affected Software1

RedhatCVE•added 2026/02/15 7:10 a.m.•14 views

CVE-2026-0736

The Chatbot for WordPress by Collect.chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'inpostheadscriptsynthheaderscript' post meta field in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping. This makes it possible fo...

6.4CVSS5.7AI score0.00255EPSS

Exploits0References1

Positive Technologies•added 2026/02/14 12:0 a.m.•5 views

PT-2026-8066

The Chatbot for WordPress by Collect.chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ' inpost head scriptsynth header script' post meta field in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping. This makes it possib...

6.4CVSS5.7AI score0.00255EPSS

Exploits0References6

RedhatCVE•added 2026/01/13 10:53 p.m.•3 views

CVE-2025-11453

The Header and Footer Scripts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the inpostheadscript parameter in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS6.1AI score0.00235EPSS

Exploits0References1

NVD•added 2026/01/09 12:15 p.m.•6 views

CVE-2025-11453

6.4CVSS0.00235EPSS

Exploits0References4

Vulnrichment•added 2026/01/09 11:15 a.m.•11 views

CVE-2025-11453 Header and Footer Scripts <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS6AI score0.00235EPSS

Exploits0References4

Positive Technologies•added 2026/01/09 12:0 a.m.•5 views

PT-2026-1694

Name of the Vulnerable Software and Affected Versions Header and Footer Scripts plugin for WordPress versions up to and including 2.2.2 Description The Header and Footer Scripts plugin for WordPress is susceptible to Stored Cross-Site Scripting through the inpost head script parameter. Insufficie...

6.4CVSS5.1AI score0.00235EPSS

Exploits0References7

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-11121