CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

909 matches found

Positive Technologies•added 2026/04/20 12:0 a.m.•0 views

PT-2026-33717

The Email Encoder WordPress plugin before 2.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered html capability is disallowed for example in multisite setup...

5.7AI score0.00031EPSS

Exploits0References2

Vulnrichment•added 2026/03/12 6:0 a.m.•1 views

CVE-2026-2687 Reading progressbar < 1.3.1 - Admin+ Stored XSS

The Reading progressbar WordPress plugin before 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.8AI score0.00042EPSS

Exploits0References1

CVE•added 2026/03/12 6:0 a.m.•4 views

CVE-2026-2687

The CVE concerns the Reading progressbar WordPress plugin (pre-1.3.1) where settings are not properly sanitized/escaped, enabling Stored XSS by privileged users (e.g., admins) even when unfiltered_html is disallowed, such as in multisite installations. Affected version: plugin prior to 1.3.1. The...

4.3CVSS5.8AI score0.00042EPSS

Exploits0References1

RedhatCVE•added 2026/01/13 10:54 p.m.•1 views

CVE-2025-14579

The Quiz Maker WordPress plugin before 6.7.0.89 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.3AI score0.00014EPSS

Exploits0References1

NVD•added 2026/01/12 6:16 a.m.•0 views

CVE-2025-14579

4.8CVSS0.00014EPSS

Exploits0References1

Cvelist•added 2026/01/12 6:0 a.m.•21 views

CVE-2025-14579 Quiz Maker < 6.7.0.89 - Admin+ Stored XSS

0.00014EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:32 p.m.•1 views

CVE-2023-4253

The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.3AI score0.00122EPSS

Exploits2References1

RedhatCVE•added 2026/01/09 12:31 p.m.•1 views

CVE-2023-4388

The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.3AI score0.00089EPSS

Exploits2References1

RedhatCVE•added 2026/01/07 9:55 a.m.•10 views

CVE-2025-1623

The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS5.6AI score0.00085EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:54 a.m.•7 views

CVE-2025-1062

The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.95.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example i...

3.5CVSS5.9AI score0.00075EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:54 a.m.•4 views

CVE-2025-1523

The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS5.7AI score0.00116EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:19 a.m.•6 views

CVE-2024-2310

The WP Google Review Slider WordPress plugin before 13.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.00139EPSS

Exploits2References1

RedhatCVE•added 2026/01/07 9:19 a.m.•1 views

CVE-2024-2220

The Button contact VR WordPress plugin through 4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS5.2AI score0.00276EPSS

Exploits2References1

RedhatCVE•added 2026/01/07 9:19 a.m.•4 views

CVE-2024-2907

The AGCA WordPress plugin before 7.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

6.8CVSS5.6AI score0.00401EPSS

Exploits2References1