CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/05/27 5:31 a.m.•9 views

CVE-2026-8845 Islamic Database <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

6.4CVSS6AI score0.00187EPSS

EUVD•added 2026/05/27 5:31 a.m.•7 views

EUVD-2026-32081

6.4CVSS6AI score0.00187EPSS

ATTACKERKB•added 2026/05/27 5:31 a.m.•6 views

CVE-2026-8845

6AI score0.00187EPSS

Exploits0References4

Cvelist•added 2026/05/27 5:31 a.m.•30 views

CVE-2026-8845 Islamic Database <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

6.4CVSS0.00187EPSS

CNNVD•added 2026/05/27 12:0 a.m.•9 views

WordPress plugin Islamic Database 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.8AI score0.00187EPSS

Positive Technologies•added 2026/05/27 12:0 a.m.•10 views

PT-2026-43511

6.4CVSS6AI score0.00187EPSS

Exploits0References5

Patchstack•added 2026/05/26 5:22 p.m.•9 views

WordPress Islamic Database plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by MAJidox in WordPress Plugin Islamic Database versions = 1.0...

6.4CVSS5.8AI score0.00187EPSS

Exploits0References1Affected Software1

Wired Threat Level•added 2026/03/31 9:25 p.m.•3 views

Iran Threatens to Start Attacking Major US Tech Firms on April 1

Tech giants like Apple, Google, and Microsoft are among those on a target list released by Iran’s Islamic Revolutionary Guard Corps...

5.9AI score

RedhatCVE•added 2025/11/22 8:35 a.m.•9 views

CVE-2025-11768

The Islamic Phrases plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'phrases' shortcode attribute in all versions up to, and including, 2.12.2015. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5AI score0.00162EPSS

Exploits0References1

Patchstack•added 2025/11/21 10:22 p.m.•5 views

WordPress Islamic Phrases plugin <= 2.12.2015 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Islamic Phrases versions = 2.12.2015...

6.4CVSS5.7AI score0.00162EPSS

Exploits0References1Affected Software1

NVD•added 2025/11/21 8:15 a.m.•2 views

CVE-2025-11768

6.4CVSS0.00162EPSS

Vulnrichment•added 2025/11/21 7:31 a.m.•2 views

CVE-2025-11768 Islamic Phrases <= 2.12.2015 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS4.7AI score0.00162EPSS

CVE•added 2025/11/21 7:31 a.m.•19 views

CVE-2025-11768

CVE-2025-11768 affects the WordPress Islamic Phrases plugin. It is an authenticated Stored Cross-Site Scripting vulnerability via the phrases shortcode attribute in all versions up to and including 2.12.2015. Exploitation requires contributor-level access or higher, and injected scripts run in pa...

6.4CVSS4.7AI score0.00162EPSS

Cvelist•added 2025/11/21 7:31 a.m.•7 views

CVE-2025-11768 Islamic Phrases <= 2.12.2015 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS0.00162EPSS

CNNVD•added 2025/11/21 12:0 a.m.•2 views

WordPress plugin Islamic Phrases 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blogging sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A cross-site...

6.4CVSS5.9AI score0.00162EPSS

The Hacker News•added 2025/11/20 7:35 a.m.•10 views

Iran-Linked Hackers Mapped Ship AIS Data Days Before Real-World Missile Strike Attempt

Threat actors with ties to Iran engaged in cyber warfare as part of efforts to facilitate and enhance physical, real-world attacks, a trend that Amazon has called cyber-enabled kinetic targeting. The development is a sign that the lines between state-sponsored cyber attacks and kinetic warfare ar...

6.6AI score

The Hacker News•added 2025/11/05 11:20 a.m.•4 views

Mysterious 'SmudgedSerpent' Hackers Target U.S. Policy Experts Amid Iran–Israel Tensions

A never-before-seen threat activity cluster codenamed UNKSmudgedSerpent has been attributed as behind a set of cyber attacks targeting academics and foreign policy experts between June and August 2025, coinciding with heightened geopolitical tensions between Iran and Israel. "UNKSmudgedSerpent...

6.8AI score

Information Security Automation•added 2025/08/18 6:28 p.m.•7 views

Statistics on 2024 trending vulnerabilities were featured in the OIC-CERT annual report

Statistics on2024 trending vulnerabilitieswere featured in the OIC-CERT annual report. The Organisation of Islamic Cooperation OIC is the largest and most influential official intergovernmental Muslim international organization. It currently unites 57 countries with a population of about 2 billio...

7.1AI score