CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/01/28 6:15 a.m.•3 views

CVE-2026-1083

The Appointment Hour Booking – Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form field configuration parameters in all versions up to, and including, 1.5.60 due to insufficient input sanitization and output escaping on the 'Min length/characters' and 'Max...

4.4CVSS0.00014EPSS

CVE•added 2026/01/28 5:30 a.m.•14 views

CVE-2026-1083

CVE-2026-1083: The Appointment Hour Booking – Booking Calendar WordPress plugin is vulnerable to Stored Cross-Site Scripting in all versions up to 1.5.60 due to insufficient input sanitization and output escaping on the Min length/characters and Max length/characters field configuration values. E...

EUVD•added 2026/01/28 5:30 a.m.•3 views

EUVD-2026-4866

Cvelist•added 2026/01/28 5:30 a.m.•32 views

CVE-2026-1083 Appointment Hour Booking – Booking Calendar <= 1.5.60 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Min/Max Length' Field Configuration

4.4CVSS0.00014EPSS

ATTACKERKB•added 2026/01/28 5:30 a.m.•4 views

CVE-2026-1083

Positive Technologies•added 2026/01/28 12:0 a.m.•4 views

PT-2026-5082

4.4CVSS5.9AI score0.00011EPSS

Exploits0References6

Positive Technologies•added 2026/01/28 12:0 a.m.•5 views

PT-2026-5081

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.9AI score0.00013EPSS

Exploits0References7

Positive Technologies•added 2026/01/28 12:0 a.m.•6 views

PT-2026-5098

The WP Google Ad Manager Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS5.9AI score0.00039EPSS

Positive Technologies•added 2026/01/28 12:0 a.m.•4 views

PT-2026-5060

RedhatCVE•added 2026/01/25 9:16 a.m.•17 views

CVE-2026-1084

The Cookie consent for developers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple settings fields in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.7AI score0.00015EPSS

Exploits0References1

RedhatCVE•added 2026/01/25 9:16 a.m.•8 views

CVE-2026-1300

The Responsive Header plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple plugin settings parameters in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.7AI score0.00055EPSS

Exploits0References1

RedhatCVE•added 2026/01/25 9:16 a.m.•10 views

CVE-2026-1302

The Meta-box GalleryMeta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions a...

4.4CVSS5.7AI score0.00046EPSS

Exploits1References1

NVD•added 2026/01/24 9:15 a.m.•5 views

CVE-2026-1302

4.4CVSS0.00046EPSS

Exploits1References6

CVE•added 2026/01/24 9:8 a.m.•13 views

CVE-2026-1300

CVE-2026-1300 refers to the WordPress plugin Responsive Header (versions

4.4CVSS5.7AI score0.00055EPSS