CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

223 matches found

CVE•added 4 days ago•11 views

CVE-2026-12430

The CVE-2026-12430 entry concerns the Blocksy Companion WordPress plugin (

4.4CVSS5.9AI score

Exploits0References8

CVE•added 5 days ago•22 views

CVE-2026-11358

The CVE concerns the Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More plugin for WordPress (versions up to 3.0.6). The vulnerability is a Stored Cross-Site Scripting flaw arising from insufficient input sanitization and output escaping in admin settings. It a...

4.4CVSS5.5AI score0.00203EPSS

Exploits0References6

NVD•added 2026/06/09 6:16 a.m.•10 views

CVE-2026-8981

The Custom Block Builder WordPress plugin before 4.3.0 does not consistently check the unfilteredhtml capability across all paths that write to its block template code fields, allowing administrators on multisite installations or single-site installs with DISALLOWUNFILTEREDHTML defined to inject...

3.5CVSS0.00142EPSS

Exploits0References1

Vulnrichment•added 2026/06/09 6:0 a.m.•7 views

CVE-2026-8981 Lazy Blocks < 4.3.0 - Admin+ Stored XSS via Custom Block Frontend HTML

5.7AI score0.00142EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:42 p.m.•5 views

CVE-2025-5085

The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blogrolelink’ parameter in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.5CVSS5.6AI score0.00207EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:37 p.m.•7 views

CVE-2026-3551

The Custom New User Notification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's admin settings in all versions up to, and including, 1.2.0. This is due to insufficient input sanitization and output escaping on multiple settings fields including 'User Mail...

4.4CVSS5.7AI score0.00361EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:31 p.m.•8 views

CVE-2026-6800

The FastBots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS5.6AI score0.00195EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:29 p.m.•5 views

CVE-2026-2288

The myLinksDump plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'linktitle' parameter in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access...

4.8CVSS5.6AI score0.0023EPSS

Exploits0References1

ATTACKERKB•added 2026/06/02 7:48 a.m.•6 views

CVE-2025-5085

5.5CVSS6AI score0.00207EPSS

Exploits0References5

EUVD•added 2026/06/02 7:48 a.m.•10 views

EUVD-2025-210029

5.5CVSS6AI score0.00207EPSS

Exploits0References4

Positive Technologies•added 2026/06/02 12:0 a.m.•9 views

PT-2026-45698

The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blogrole link’ parameter in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.5CVSS6AI score0.00207EPSS

Exploits0References6

EUVD•added 2026/05/27 9:27 a.m.•9 views

EUVD-2026-32174

The MinhNhut Link Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings Description, Title, and other fields in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

4.4CVSS6AI score0.00237EPSS

Exploits0References3

CVE•added 2026/05/27 9:27 a.m.•19 views

CVE-2026-3348

Summary: CVE-2026-3348 affects the MinhNhut Link Gateway WordPress plugin up to version 3.6.1. The issue is a Stored Cross-Site Scripting flaw caused by insufficient input sanitization and output escaping in plugin settings (Description, Title, and other fields). Exploitation requires authenticat...

4.4CVSS6AI score0.00237EPSS

Exploits0References3

ATTACKERKB•added 2026/05/27 9:27 a.m.•11 views

CVE-2026-3348

4.4CVSS6AI score0.00237EPSS

Exploits0References4

Positive Technologies•added 2026/05/27 12:0 a.m.•9 views

PT-2026-43633

The rexCrawler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.8CVSS6AI score0.0023EPSS

Exploits0References6

ATTACKERKB•added 2026/05/13 4:26 a.m.•7 views

CVE-2025-9989

The Broadstreet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.53.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.4CVSS6AI score0.0019EPSS

Exploits0References3

ATTACKERKB•added 2026/05/12 9:29 a.m.•3 views

CVE-2026-6813

The Continually plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS6AI score0.00195EPSS

Exploits0References6

ATTACKERKB•added 2026/05/12 9:29 a.m.•4 views

CVE-2026-6800

4.4CVSS6AI score0.00195EPSS

Exploits0References6

Positive Technologies•added 2026/05/12 12:0 a.m.•11 views

PT-2026-40002

4.4CVSS6AI score0.00195EPSS

Exploits0References6

NVD•added 2026/05/02 6:16 a.m.•4 views

CVE-2026-6447

The Call for Price for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.00252EPSS

Exploits0References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by