CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

730 matches found

Positive Technologies•added 2026/03/21 12:0 a.m.•1 views

PT-2026-26829

The rexCrawler plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' and 'regex' parameters in the search-pattern tester page in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS5.9AI score0.00126EPSS

Exploits0References6

RedhatCVE•added 2026/02/20 7:22 a.m.•4 views

CVE-2026-2282

The Slidorion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS5.7AI score0.00032EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:25 a.m.•8 views

CVE-2023-4021

The Modern Events Calendar lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Google API key and Calendar ID in versions up to, but not including, 7.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.8CVSS5.7AI score0.00171EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:12 a.m.•4 views

CVE-2022-0232

The User Registration, Login & Landing Pages WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the loadertext parameter found in the /includes/templates/landing-page.php file which allows attackers with administrative user access to inject arbitrary we...

4.8CVSS5.9AI score0.00432EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:12 a.m.•5 views

CVE-2022-0210

The Random Banner WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the category parameter found in the /include/models/model.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and...

4.8CVSS5.9AI score0.0059EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:14 a.m.•4 views

CVE-2024-2968

The WP-Eggdrop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.8CVSS5.8AI score0.00158EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:12 a.m.•3 views

CVE-2024-2846

The Visual Footer Credit Remover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'selector' parameter in all versions up to, and including, 2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.8AI score0.00442EPSS

Exploits0References1