CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/03/07 12:0 a.m.•9 views

PT-2026-23818

The MailArchiver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.8CVSS5.9AI score0.00195EPSS

Exploits0References9

Positive Technologies•added 2026/03/07 12:0 a.m.•8 views

PT-2026-23819

The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.26.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...

4.8CVSS5.9AI score0.00187EPSS

RedhatCVE•added 2026/03/05 1:57 a.m.•6 views

CVE-2026-2289

The Taskbuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

RedhatCVE•added 2026/03/05 1:57 a.m.•6 views

Exploits0References1

CVE-2026-2292

The Morkva UA Shipping plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

EUVD•added 2026/03/04 3:31 a.m.•6 views

Exploits0References1

EUVD-2026-9353

EUVD•added 2026/03/04 3:31 a.m.•5 views

Exploits0References7

EUVD-2026-9354

NVD•added 2026/03/04 2:15 a.m.•7 views

CVE-2026-2289

4.4CVSS0.00254EPSS

Exploits0References6

NVD•added 2026/03/04 2:15 a.m.•7 views

CVE-2026-2292

4.4CVSS0.00249EPSS

Cvelist•added 2026/03/04 1:21 a.m.•30 views

CVE-2026-2292 Morkva UA Shipping <= 1.7.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Weight, kg' Field

4.4CVSS0.00249EPSS

Vulnrichment•added 2026/03/04 1:21 a.m.•3 views

CVE-2026-2292 Morkva UA Shipping <= 1.7.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Weight, kg' Field

ATTACKERKB•added 2026/03/04 1:21 a.m.•1 views

CVE-2026-2292

Vulnrichment•added 2026/03/04 1:21 a.m.•4 views

CVE-2026-2289 Taskbuilder <= 5.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Block Emails' Field

CVE•added 2026/03/04 1:21 a.m.•11 views

Exploits0References6

CVE-2026-2289

CVE-2026-2289 (Taskbuilder WordPress plugin) is a stored cross-site scripting vulnerability in Taskbuilder versions up to 5.0.3. The issue arises from insufficient input sanitization and output escaping in admin settings, allowing an authenticated attacker with administrator-level permissions to ...

Positive Technologies•added 2026/03/04 12:0 a.m.•6 views

Exploits0References6

PT-2026-22860

Name of the Vulnerable Software and Affected Versions Taskbuilder plugin for WordPress versions up to and including 5.0.3 Description The Taskbuilder plugin for WordPress is susceptible to Stored Cross-Site Scripting through admin settings. This is due to inadequate input sanitization and output...

Positive Technologies•added 2026/03/04 12:0 a.m.•8 views

Exploits0References12

PT-2026-22861

RedhatCVE•added 2026/03/02 1:50 a.m.•6 views

CVE-2026-28561

wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows administrators to inject persistent JavaScript via forum description fields echoed without output escaping across multiple theme template files. On multisite installations or with a compromised admin account,...

5.5CVSS5.8AI score0.00227EPSS

Exploits0References1

EUVD•added 2026/03/01 12:30 a.m.•6 views

EUVD-2026-9110

5.5CVSS5.8AI score0.00227EPSS