CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/02/19 9:26 a.m.•2 views

CVE-2026-2716 Client Testimonial Slider <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Testimonial Heading' Setting

The Client Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Testimonial Heading' setting in all versions up to, and including, 2.0. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS5.7AI score0.00039EPSS

ATTACKERKB•added 2026/02/19 9:26 a.m.•3 views

CVE-2026-2716

4.4CVSS5.7AI score0.00039EPSS

Exploits0References4

RedhatCVE•added 2026/02/19 7:28 a.m.•4 views

CVE-2026-1943

The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Shop...

4.4CVSS5.7AI score0.0001EPSS

Exploits0References1

RedhatCVE•added 2026/02/19 7:28 a.m.•2 views

CVE-2025-12037

The WP 404 Auto Redirect to Similar Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.7AI score0.0001EPSS

Exploits0References1

RedhatCVE•added 2026/02/19 7:28 a.m.•4 views

CVE-2026-2281

The Private Comment plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Label text' setting in all versions up to, and including, 0.0.4. This is due to insufficient input sanitization and output escaping on the plugin's label text option. This makes it possible for...

4.4CVSS5.7AI score0.00013EPSS

Exploits0References1

NVD•added 2026/02/19 7:17 a.m.•3 views

CVE-2026-2282

The Slidorion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS0.00032EPSS

NVD•added 2026/02/19 7:17 a.m.•3 views

CVE-2026-1044

The Tennis Court Bookings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS0.00011EPSS

Vulnrichment•added 2026/02/19 4:36 a.m.•3 views

CVE-2026-1055 TalkJS <= 0.1.15 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'welcomeMessage' Parameter

The TalkJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.1.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS5.6AI score0.00038EPSS

CVE•added 2026/02/19 4:36 a.m.•8 views

CVE-2026-1055

CVE-2026-1055 relates to the TalkJS WordPress plugin and is a stored XSS vulnerability in admin settings (notably the welcomeMessage parameter) present in versions up to 0.1.15. Exploitation requires administrator-level access and affects multi-site installs or sites with unfiltered_html disabled...

4.4CVSS5.7AI score0.00038EPSS

Cvelist•added 2026/02/19 4:36 a.m.•25 views

CVE-2026-1055 TalkJS <= 0.1.15 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'welcomeMessage' Parameter

4.4CVSS0.00038EPSS

CVE•added 2026/02/19 4:36 a.m.•13 views

CVE-2026-1044

CVE-2026-1044 concerns the WordPress plugin Tennis Court Bookings (

Vulnrichment•added 2026/02/19 4:36 a.m.•2 views

CVE-2026-2282 Slidorion <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Slidorion Settings

4.4CVSS5.7AI score0.00032EPSS

Positive Technologies•added 2026/02/19 12:0 a.m.•5 views

PT-2026-20633

Positive Technologies•added 2026/02/19 12:0 a.m.•3 views

PT-2026-20639

Name of the Vulnerable Software and Affected Versions Slidorion versions up to and including 1.0.2 Description The Slidorion plugin for WordPress is susceptible to Stored Cross-Site Scripting through admin settings. Insufficient input sanitization and output escaping allow authenticated attackers...

4.4CVSS5.3AI score0.00032EPSS

Exploits0References5

NVD•added 2026/02/18 10:16 a.m.•3 views

CVE-2025-13727

The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 2.7.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

4.4CVSS0.00011EPSS

ATTACKERKB•added 2026/02/18 9:25 a.m.•3 views

CVE-2025-13727

CVE•added 2026/02/18 9:25 a.m.•12 views

Exploits0References7

CVE-2025-13727

CVE-2025-13727 affects Video Share VOD – Turnkey Video Site Builder Script (WordPress) up to version 2.7.11. It is a Stored XSS via plugin settings exploitable by authenticated editors or higher, with impact on multi-site installs and when unfiltered_html is disabled. Wordfence and related source...

Cvelist•added 2026/02/18 9:25 a.m.•30 views

CVE-2025-13727 Video Share VOD <= 2.7.11 - Authenticated (Editor+) Stored Cross-Site Scripting via Custom Field Meta Values

4.4CVSS0.00011EPSS