CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/02/18 7:25 a.m.•28 views

CVE-2026-1943 YayMail <= 4.3.2 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via Template Elements

4.4CVSS0.00264EPSS

NVD•added 2026/02/18 7:16 a.m.•6 views

CVE-2026-2281

The Private Comment plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Label text' setting in all versions up to, and including, 0.0.4. This is due to insufficient input sanitization and output escaping on the plugin's label text option. This makes it possible for...

4.4CVSS0.00244EPSS

CVE•added 2026/02/18 6:42 a.m.•11 views

CVE-2026-2281

CVE-2026-2281 affects the WordPress plugin Private Comment . It is a Stored Cross-Site Scripting (XSS) via the “Label text” setting, in all versions up to 0.0.4. Attack requires authenticated Administrator+ access and applies on multisite installations or where unfiltered_html is disabled. The vu...

Cvelist•added 2026/02/18 6:42 a.m.•29 views

CVE-2026-2281 Private Comment <= 0.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Label Text Setting

4.4CVSS0.00244EPSS

Vulnrichment•added 2026/02/18 6:42 a.m.•3 views

CVE-2026-2281 Private Comment <= 0.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Label Text Setting

ATTACKERKB•added 2026/02/18 6:42 a.m.•4 views

CVE-2026-2281

NVD•added 2026/02/18 5:16 a.m.•6 views

CVE-2025-12037

The WP 404 Auto Redirect to Similar Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.00192EPSS

CVE•added 2026/02/18 4:35 a.m.•8 views

CVE-2025-12037

CVE-2025-12037 affects the WP 404 Auto Redirect to Similar Post plugin for WordPress. The issue is Stored Cross-Site Scripting via admin settings in all versions up to 1.0.5, exploitable by authenticated attackers with administrator permissions. Impact is injection of scripts that run for users v...

Cvelist•added 2026/02/18 4:35 a.m.•24 views

CVE-2025-12037 WP 404 Auto Redirect <= 1.0.5 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4CVSS0.00192EPSS

Vulnrichment•added 2026/02/18 4:35 a.m.•4 views

CVE-2025-12037 WP 404 Auto Redirect <= 1.0.5 - Authenticated (Admin+) Stored Cross-Site Scripting

ATTACKERKB•added 2026/02/18 4:35 a.m.•4 views

CVE-2025-12037

Positive Technologies•added 2026/02/18 12:0 a.m.•5 views

Exploits0References3

PT-2026-20376

The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 2.7.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

4.4CVSS5.7AI score0.00274EPSS

Exploits0References7

Positive Technologies•added 2026/02/18 12:0 a.m.•5 views

PT-2026-20304

Positive Technologies•added 2026/02/18 12:0 a.m.•3 views

PT-2026-20295

4.4CVSS5.7AI score0.00264EPSS

Exploits0References6

Positive Technologies•added 2026/02/18 12:0 a.m.•7 views

PT-2026-20217

Name of the Vulnerable Software and Affected Versions WP 404 Auto Redirect to Similar Post plugin for WordPress versions prior to 1.0.6 Description The WP 404 Auto Redirect to Similar Post plugin for WordPress is susceptible to Stored Cross-Site Scripting through admin settings. Insufficient inpu...

RedhatCVE•added 2026/02/15 7:10 a.m.•14 views

CVE-2025-15483

The Link Hopper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hopname’ parameter in all versions up to, and including, 2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, ...

4.4CVSS5.7AI score0.00206EPSS

Exploits0References1

RedhatCVE•added 2026/02/15 7:10 a.m.•8 views

CVE-2026-2027

The AMP Enhancer – Compatibility Layer for Official AMP Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AMP Custom CSS setting in all versions up to, and including, 1.0.49 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

4.4CVSS5.7AI score0.00202EPSS

Exploits0References1

RedhatCVE•added 2026/02/15 7:10 a.m.•10 views

CVE-2026-0693

The Allow HTML in Category Descriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via category descriptions in all versions up to, and including, 1.2.4. This is due to the plugin unconditionally removing the wpksesdata output filter for termdescription, linkdescription,...

4.4CVSS5.7AI score0.00237EPSS

Exploits0References1

NVD•added 2026/02/14 7:16 a.m.•8 views

CVE-2025-15483

4.4CVSS0.00206EPSS