CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/01/28 6:15 a.m.•8 views

CVE-2026-1083

The Appointment Hour Booking – Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form field configuration parameters in all versions up to, and including, 1.5.60 due to insufficient input sanitization and output escaping on the 'Min length/characters' and 'Max...

4.4CVSS0.00262EPSS

EUVD•added 2026/01/28 5:30 a.m.•3 views

EUVD-2026-4866

Cvelist•added 2026/01/28 5:30 a.m.•33 views

CVE-2026-1083 Appointment Hour Booking – Booking Calendar <= 1.5.60 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Min/Max Length' Field Configuration

4.4CVSS0.00262EPSS

CVE•added 2026/01/28 5:30 a.m.•15 views

CVE-2026-1083

CVE-2026-1083: The Appointment Hour Booking – Booking Calendar WordPress plugin is vulnerable to Stored Cross-Site Scripting in all versions up to 1.5.60 due to insufficient input sanitization and output escaping on the Min length/characters and Max length/characters field configuration values. E...

ATTACKERKB•added 2026/01/28 5:30 a.m.•5 views

CVE-2026-1083

Positive Technologies•added 2026/01/28 12:0 a.m.•7 views

PT-2026-5060

Positive Technologies•added 2026/01/28 12:0 a.m.•6 views

PT-2026-5081

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.9AI score0.00261EPSS

Exploits0References7

Positive Technologies•added 2026/01/28 12:0 a.m.•8 views

PT-2026-5098

The WP Google Ad Manager Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS5.9AI score0.0019EPSS

Positive Technologies•added 2026/01/28 12:0 a.m.•6 views

PT-2026-5082

4.4CVSS5.9AI score0.00251EPSS

Exploits0References6

RedhatCVE•added 2026/01/25 9:16 a.m.•17 views

CVE-2026-1084

The Cookie consent for developers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple settings fields in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.7AI score0.00279EPSS

Exploits0References1

RedhatCVE•added 2026/01/25 9:16 a.m.•9 views

CVE-2026-1300

The Responsive Header plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple plugin settings parameters in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.7AI score0.00199EPSS

Exploits0References1

RedhatCVE•added 2026/01/25 9:16 a.m.•10 views

CVE-2026-1302

The Meta-box GalleryMeta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions a...

4.4CVSS5.7AI score0.00207EPSS

Exploits1References1

NVD•added 2026/01/24 9:15 a.m.•9 views

CVE-2026-1302

4.4CVSS0.00207EPSS

Exploits1References6

Cvelist•added 2026/01/24 9:8 a.m.•30 views

CVE-2026-1300 Responsive Header Plugin <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Parameters

4.4CVSS0.00199EPSS