CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

35 matches found

Cvelist•added 2026/04/15 6:46 a.m.•27 views

CVE-2026-6293 Inquiry form to posts or pages <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'inq_header' Parameter

The Inquiry Form to Posts or Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Stored Cross-Site Scripting in version 1.0. This is due to missing nonce validation on the plugin settings update handler, combined with insufficient input sanitization on all...

4.3CVSS0.0001EPSS

Exploits0References9

CNNVD•added 2026/04/15 12:0 a.m.•2 views

WordPress plugin Inquiry Form to Posts or Pages 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Version...

4.3CVSS5.6AI score0.0001EPSS

Exploits0References2

Patchstack•added 2026/04/15 12:0 a.m.•1 views

WordPress Inquiry form to posts or pages plugin <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'inq_header' Parameter vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting via 'inqheader' Parameter vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Inquiry form to posts or pages versions = 1.0...

4.3CVSS5.8AI score0.0001EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/04/13 7:24 p.m.•0 views

CVE-2026-5169

The Inquiry Form to Posts or Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Form Header' field in versions up to and including 1.0. This is due to insufficient input sanitization when saving via updateoption and lack of output escaping when displaying the stored...

4.4CVSS5.9AI score0.00014EPSS

Exploits0References1

EUVD•added 2026/04/08 9:31 a.m.•2 views

EUVD-2026-20119

4.4CVSS6.1AI score0.00014EPSS

Exploits0References8

Vulnrichment•added 2026/04/08 6:43 a.m.•0 views

CVE-2026-5169 Inquiry form to posts or pages <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Form Header Field

4.4CVSS5.9AI score0.00014EPSS

Exploits0References7

CVE•added 2026/04/08 6:43 a.m.•4 views

CVE-2026-5169

CVE-2026-5169 concerns the WordPress plugin “Inquiry Form to Posts or Pages” (versions

4.4CVSS6.1AI score0.00014EPSS

Exploits0References7

Cvelist•added 2026/04/08 6:43 a.m.•17 views

CVE-2026-5169 Inquiry form to posts or pages <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Form Header Field

4.4CVSS0.00014EPSS

Exploits0References7

CNNVD•added 2026/04/08 12:0 a.m.•2 views

WordPress plugin Inquiry Form to Posts or Pages 跨站脚本漏洞

4.4CVSS5.6AI score0.00014EPSS

Exploits0References8

Patchstack•added 2026/04/07 11:22 p.m.•1 views

WordPress Inquiry form to posts or pages plugin <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Form Header Field vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Form Header Field vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Inquiry form to posts or pages versions = 1.0...

4.4CVSS5.9AI score0.00014EPSS

Exploits0References1Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-31272

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00446EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 2:26 a.m.•3 views

CVE-2023-27510

JB Inquiry form contains an exposure of private personal information to an unauthorized actor vulnerability, which may allow a remote unauthenticated attacker to obtain information entered from forms created using the affected product. The affected products and versions are as follows: JB Inquiry...

7.5CVSS6.8AI score0.00446EPSS

Exploits0References1

NVD•added 2023/05/10 6:15 a.m.•9 views

CVE-2023-27510

7.5CVSS7.4AI score0.00446EPSS

Exploits0References2

OSV•added 2023/05/10 6:15 a.m.•1 views

CVE-2023-27510

7.5CVSS5.8AI score0.00446EPSS

Exploits0References2

Prion•added 2023/05/10 6:15 a.m.•9 views

Design/Logic Flaw

5CVSS7.3AI score0.00446EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2023/05/10 12:0 a.m.•7 views

CVE-2023-27510

7.4AI score0.00446EPSS

Exploits0References2

Cvelist•added 2023/05/10 12:0 a.m.•19 views

CVE-2023-27510

7.6AI score0.00446EPSS

Exploits0References2

CVE•added 2023/05/10 12:0 a.m.•43 views

CVE-2023-27510

CVE-2023-27510 affects JB Inquiry form (Jubei Inc.). The vulnerability is an exposure of private personal information to an unauthorized actor, allowing a remote unauthenticated attacker to obtain information entered in forms. Affected versions are JB Inquiry form 0.6.1, 0.6.0, 0.5.2, 0.5.1, 0.5....

7.5CVSS7.3AI score0.00446EPSS

Exploits0References2Affected Software1

Japan Vulnerability Notes•added 2023/04/14 6:48 a.m.•4 views

JB Inquiry form vulnerable to exposure of private personal information to an unauthorized actor

Overview JB Inquiry form provided by Jubei Inc. contains an exposure of private personal information to an unauthorized actor vulnerability CWE-359. Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

7.5CVSS6.6AI score0.00446EPSS

Exploits0References5

NVD•added 2020/09/18 5:15 p.m.•9 views

CVE-2020-15188

SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution RCE. The allows remote attackers to execute any arbitrary code when the inquiry form feature is enabled by the service. The vulnerability is caused by unserializing the form without any restrictions. This was fixed...

10CVSS0.04693EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by