CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

913 matches found

Positive Technologies•added 2026/04/20 12:0 a.m.•3 views

PT-2026-33717

The Email Encoder WordPress plugin before 2.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered html capability is disallowed for example in multisite setup...

5.7AI score0.00213EPSS

Exploits0References2

Vulnrichment•added 2026/03/12 6:0 a.m.•5 views

CVE-2026-2687 Reading progressbar < 1.3.1 - Admin+ Stored XSS

The Reading progressbar WordPress plugin before 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.8AI score0.00138EPSS

Exploits0References1

CVE•added 2026/03/12 6:0 a.m.•9 views

CVE-2026-2687

CVE-2026-2687 affects the WordPress plugin Reading progressbar prior to 1.3.1. The vulnerability arises because the plugin does not sanitize and escape certain settings, which could allow stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in multisi...

4.3CVSS5.8AI score0.00138EPSS

Exploits0References1

RedhatCVE•added 2026/01/13 10:54 p.m.•4 views

CVE-2025-14579

The Quiz Maker WordPress plugin before 6.7.0.89 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.3AI score0.00185EPSS

Exploits0References1

NVD•added 2026/01/12 6:16 a.m.•4 views

CVE-2025-14579

4.8CVSS0.00185EPSS

Exploits0References1

Cvelist•added 2026/01/12 6:0 a.m.•24 views

CVE-2025-14579 Quiz Maker < 6.7.0.89 - Admin+ Stored XSS

0.00185EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:32 p.m.•4 views

CVE-2023-4253

The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.3AI score0.00416EPSS

Exploits2References1

RedhatCVE•added 2026/01/09 12:31 p.m.•3 views

CVE-2023-4388

The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.3AI score0.00402EPSS

Exploits2References1

RedhatCVE•added 2026/01/07 9:55 a.m.•13 views

CVE-2025-1623

The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS5.6AI score0.00247EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:54 a.m.•24 views

CVE-2025-1062

The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.95.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example i...

3.5CVSS5.9AI score0.00229EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:54 a.m.•20 views

CVE-2025-1523

The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS5.7AI score0.00219EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:19 a.m.•10 views

CVE-2024-2310

The WP Google Review Slider WordPress plugin before 13.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.00308EPSS

Exploits2References1

RedhatCVE•added 2026/01/07 9:19 a.m.•4 views

CVE-2024-2220

The Button contact VR WordPress plugin through 4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS5.2AI score0.0033EPSS

Exploits2References1

RedhatCVE•added 2026/01/07 9:19 a.m.•7 views

CVE-2024-2907

The AGCA WordPress plugin before 7.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

6.8CVSS5.6AI score0.00548EPSS

Exploits2References1