CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

3476 matches found

CVE•added 2026/03/26 6:0 a.m.•11 views

CVE-2026-1430

The WP Lightbox 2 WordPress plugin is affected in versions prior to 3.0.7. Root cause: insufficient sanitisation/escaping of certain settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., multisite). Impact: stored XSS could compromise ...

4.8CVSS5.8AI score0.00189EPSS

Exploits0References1

Positive Technologies•added 2026/03/26 12:0 a.m.•7 views

PT-2026-28214

Name of the Vulnerable Software and Affected Versions WP Lightbox 2 WordPress plugin versions prior to 3.0.7 Description The WP Lightbox 2 WordPress plugin does not properly sanitise and escape certain settings. This could allow users with high privileges, such as administrators, to carry out...

4.8CVSS5.9AI score0.00189EPSS

Exploits0References4

EUVD•added 2026/03/21 6:30 a.m.•4 views

EUVD-2026-14156

The Wikilookup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Popup Width' setting in all versions up to, and including, 1.1.5. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.9AI score0.00189EPSS

Exploits0References4

EUVD•added 2026/03/21 6:30 a.m.•3 views

EUVD-2026-14164

The Comment SPAM Wiper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'API Key' setting in all versions up to, and including, 1.2.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.9AI score0.00189EPSS

Exploits0References4

EUVD•added 2026/03/21 6:30 a.m.•2 views

EUVD-2026-14160

The Review Map by RevuKangaroo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

4.4CVSS5.9AI score0.00256EPSS

Exploits0References14

EUVD•added 2026/03/21 6:30 a.m.•3 views

EUVD-2026-14154

The Ricerca – advanced search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's settings in all versions up to, and including, 1.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

4.4CVSS5.9AI score0.00154EPSS

Exploits0References3

EUVD•added 2026/03/21 6:30 a.m.•2 views

EUVD-2026-13986

The Survey plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above,...

4.4CVSS5.9AI score0.00245EPSS

Exploits0References6

EUVD•added 2026/03/21 6:30 a.m.•3 views

EUVD-2026-14155

The Mandatory Field plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...

4.4CVSS5.9AI score0.00195EPSS

Exploits0References6

NVD•added 2026/03/21 4:17 a.m.•5 views

CVE-2026-4161

The Review Map by RevuKangaroo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

4.4CVSS0.00256EPSS

Exploits0References13

NVD•added 2026/03/21 4:17 a.m.•4 views

CVE-2026-3354

The Wikilookup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Popup Width' setting in all versions up to, and including, 1.1.5. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.00189EPSS

Exploits0References3

NVD•added 2026/03/21 4:17 a.m.•4 views

CVE-2026-3353

The Comment SPAM Wiper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'API Key' setting in all versions up to, and including, 1.2.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.00189EPSS

Exploits0References3

NVD•added 2026/03/21 4:17 a.m.•5 views

CVE-2026-2837

The Ricerca – advanced search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's settings in all versions up to, and including, 1.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

4.4CVSS0.00154EPSS

Exploits0References2

NVD•added 2026/03/21 4:16 a.m.•3 views

CVE-2026-2121

The Weaver Show Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'addclass' parameter in all versions up to, and including, 1.8.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

4.4CVSS0.00203EPSS

Exploits0References6

NVD•added 2026/03/21 4:16 a.m.•3 views

CVE-2026-1278

The Mandatory Field plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...

4.4CVSS0.00195EPSS

Exploits0References5

NVD•added 2026/03/21 4:16 a.m.•3 views

CVE-2026-1247

The Survey plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above,...

4.4CVSS0.00245EPSS

Exploits0References5

Vulnrichment•added 2026/03/21 3:27 a.m.•2 views

CVE-2026-1278 Mandatory Field <= 1.6.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Fields

The Mandatory Field plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...

4.4CVSS5.9AI score0.00195EPSS

Exploits0References5

Cvelist•added 2026/03/21 3:27 a.m.•30 views

CVE-2026-1278 Mandatory Field <= 1.6.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Fields

The Mandatory Field plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...

4.4CVSS0.00195EPSS

Exploits0References5

ATTACKERKB•added 2026/03/21 3:27 a.m.•1 views

CVE-2026-1278

The Mandatory Field plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...

4.4CVSS5.9AI score0.00195EPSS

Exploits0References6

CVE•added 2026/03/21 3:27 a.m.•8 views

CVE-2026-1278

The CVE-2026-1278 entry concerns the Mandatory Field plugin for WordPress. A stored cross-site scripting vulnerability exists in admin settings for all versions up to and including 1.6.8, caused by insufficient input sanitization and output escaping. Authenticated attackers with administrator-lev...

4.4CVSS5.9AI score0.00195EPSS

Exploits0References5

Vulnrichment•added 2026/03/21 3:27 a.m.•5 views

CVE-2026-2121 Weaver Show Posts <= 1.8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Additional Classes to Wrap Posts' Widget Setting

The Weaver Show Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'addclass' parameter in all versions up to, and including, 1.8.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

4.4CVSS6AI score0.00203EPSS

Exploits0References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by