CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/04/22 7:45 a.m.•8 views

CVE-2026-1845

CVE-2026-1845 concerns the WordPress plugin Real Estate Pro (

5.5CVSS5.8AI score0.0001EPSS

Cvelist•added 2026/04/22 7:45 a.m.•29 views

CVE-2026-1845 Real Estate Pro <= 1.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting via Settings

The Real Estate Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...

5.5CVSS0.0001EPSS

ATTACKERKB•added 2026/04/22 7:45 a.m.•2 views

CVE-2026-1845

5.5CVSS5.8AI score0.0001EPSS

Vulnrichment•added 2026/04/22 7:45 a.m.•3 views

CVE-2026-1845 Real Estate Pro <= 1.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting via Settings

5.5CVSS5.8AI score0.0001EPSS

Cvelist•added 2026/04/22 7:45 a.m.•22 views

CVE-2026-1379 HTTP Headers <= 1.19.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Custom Headers' Plugin Setting

The HTTP Headers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.19.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...

4.4CVSS0.00009EPSS

ATTACKERKB•added 2026/04/22 7:45 a.m.•2 views

CVE-2026-1379

4.4CVSS5.8AI score0.00009EPSS

Exploits0References4

Vulnrichment•added 2026/04/22 7:45 a.m.•1 views

CVE-2026-1379 HTTP Headers <= 1.19.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Custom Headers' Plugin Setting

4.4CVSS5.8AI score0.00009EPSS

CVE•added 2026/04/22 7:45 a.m.•3 views

CVE-2026-1379

The CVE-2026-1379 entry concerns the WordPress HTTP Headers plugin. It describes a Stored Cross-Site Scripting vulnerability in admin settings for all versions up to and including 1.19.2, caused by insufficient input sanitization and output escaping. Exploitation requires an authenticated attacke...

4.4CVSS5.8AI score0.00009EPSS

Positive Technologies•added 2026/04/22 12:0 a.m.•1 views

PT-2026-34273

Name of the Vulnerable Software and Affected Versions Private WP suite versions prior to 0.4.2 Description The Private WP suite plugin for WordPress contains a Stored Cross-Site Scripting issue within the 'Exceptions' setting. This occurs because of insufficient input sanitization and output...

4.4CVSS5.9AI score0.00011EPSS

Exploits0References6

Positive Technologies•added 2026/04/22 12:0 a.m.•2 views

PT-2026-34271

The Institute Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Enquiry Form Title' setting in all versions up to, and including, 5.5. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.8AI score0.00011EPSS

Exploits0References5

Positive Technologies•added 2026/04/22 12:0 a.m.•1 views

PT-2026-34277

Name of the Vulnerable Software and Affected Versions Short Comment Filter versions prior to 2.3 Description The Short Comment Filter plugin for WordPress contains a Stored Cross-Site Scripting issue. The problem exists because the 'Minimum Count' settings field lacks proper input sanitization an...

4.4CVSS5.9AI score0.00026EPSS

Exploits0References12

Positive Technologies•added 2026/04/22 12:0 a.m.•1 views

PT-2026-34269

Name of the Vulnerable Software and Affected Versions Real Estate Pro versions prior to 1.1.0 Description The Real Estate Pro plugin for WordPress contains a Stored Cross-Site Scripting issue within the admin settings. This occurs because of insufficient input sanitization and output escaping,...

5.5CVSS5.9AI score0.0001EPSS

Exploits0References5

Positive Technologies•added 2026/04/22 12:0 a.m.•2 views

PT-2026-34268

Name of the Vulnerable Software and Affected Versions HTTP Headers plugin for WordPress versions prior to 1.19.3 Description Insufficient input sanitization and output escaping in admin settings allow authenticated attackers with administrator-level permissions and above to perform Stored...

4.4CVSS6AI score0.00009EPSS

Exploits0References6

NVD•added 2026/04/21 7:16 a.m.•0 views

CVE-2026-6712

The Website LLMs.txt plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...

4.4CVSS0.00031EPSS

EUVD•added 2026/04/21 6:43 a.m.•3 views

EUVD-2026-24072

Cvelist•added 2026/04/21 6:43 a.m.•25 views

CVE-2026-6712 Website LLMs.txt <= 8.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4CVSS0.00031EPSS

ATTACKERKB•added 2026/04/21 6:43 a.m.•1 views

CVE-2026-6712

CVE•added 2026/04/21 6:43 a.m.•9 views

CVE-2026-6712

CVE-2026-6712 describes a Stored Cross-Site Scripting vulnerability in the Website LLMs.txt WordPress plugin. The flaw affects versions up to 8.2.6 and arises from insufficient input sanitization and output escaping in admin settings, enabling authenticated attackers with administrator-level (or ...

Vulnrichment•added 2026/04/21 6:43 a.m.•1 views

CVE-2026-6712 Website LLMs.txt <= 8.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting