CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/01/29 3:18 p.m.•10 views

CVE-2026-1399

The WP Google Ad Manager Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

RedhatCVE•added 2026/01/29 9:24 a.m.•8 views

CVE-2026-1381

The Order Minimum/Maximum Amount Limits for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 4.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.9AI score0.00251EPSS

RedhatCVE•added 2026/01/29 9:24 a.m.•13 views

CVE-2026-1053

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

RedhatCVE•added 2026/01/29 9:24 a.m.•9 views

CVE-2026-1083

The Appointment Hour Booking – Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form field configuration parameters in all versions up to, and including, 1.5.60 due to insufficient input sanitization and output escaping on the 'Min length/characters' and 'Max...

4.4CVSS5.9AI score0.00262EPSS

NVD•added 2026/01/28 12:15 p.m.•6 views

CVE-2026-1399

4.4CVSS0.0019EPSS

CVE•added 2026/01/28 11:23 a.m.•15 views

CVE-2026-1399

CVE-2026-1399 : WP Google Ad Manager Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to 1.1.0. The root cause is insufficient input sanitization and output escaping, enabling authenticated attackers with administrator-level permissions to in...

Cvelist•added 2026/01/28 11:23 a.m.•29 views

CVE-2026-1399 WP Google Ad Manager Plugin <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Admin Settings

4.4CVSS0.0019EPSS

EUVD•added 2026/01/28 11:23 a.m.•4 views

EUVD-2026-4893

Vulnrichment•added 2026/01/28 11:23 a.m.•5 views

CVE-2026-1399 WP Google Ad Manager Plugin <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Admin Settings

ATTACKERKB•added 2026/01/28 11:23 a.m.•5 views

CVE-2026-1399

NVD•added 2026/01/28 9:15 a.m.•5 views

Exploits0References4

CVE-2026-1381

4.4CVSS0.00251EPSS

NVD•added 2026/01/28 9:15 a.m.•9 views

CVE-2026-1053

4.4CVSS0.00261EPSS

Cvelist•added 2026/01/28 8:26 a.m.•33 views

CVE-2026-1053 Ivory Search <= 5.5.13 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'menu_gcse' and 'nothing_found_text' Parameters

4.4CVSS0.00261EPSS

Vulnrichment•added 2026/01/28 8:26 a.m.•4 views

CVE-2026-1053 Ivory Search <= 5.5.13 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'menu_gcse' and 'nothing_found_text' Parameters

ATTACKERKB•added 2026/01/28 8:26 a.m.•4 views

CVE-2026-1053

CVE•added 2026/01/28 8:26 a.m.•16 views

Exploits0References7

CVE-2026-1053

CVE-2026-1053: Ivory Search – WordPress Search Plugin (WordPress) is vulnerable to stored XSS up to version 5.5.13 due to insufficient input sanitization and output escaping. Exploitation requires authenticated attacker with administrator-level privileges (or higher). Impact is injection of arbit...

CVE•added 2026/01/28 8:26 a.m.•12 views

CVE-2026-1381

CVE-2026-1381 affects the WordPress plugin “Order Minimum/Maximum Amount Limits for WooCommerce” up to and including version 4.6.8. The issue is a stored XSS in plugin settings that authenticated attackers with Shop Manager-level permissions and above can exploit to inject scripts on pages, with ...

4.4CVSS5.9AI score0.00251EPSS

Cvelist•added 2026/01/28 8:26 a.m.•30 views

CVE-2026-1381 Order Minimum/Maximum Amount Limits for WooCommerce <= 4.6.8 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via Hide Add to Cart Content Fields

4.4CVSS0.00251EPSS

Vulnrichment•added 2026/01/28 8:26 a.m.•3 views

CVE-2026-1381 Order Minimum/Maximum Amount Limits for WooCommerce <= 4.6.8 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via Hide Add to Cart Content Fields

4.4CVSS5.9AI score0.00251EPSS