CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

EUVD•added 2026/04/22 9:31 p.m.•1 views

EUVD-2026-22870

The OPEN-BRAIN plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5.0. This is due to missing nonce verification on the settings form in the funcpagemain function. This makes it possible for unauthenticated attackers to inject malicious web...

6.1CVSS5.6AI score0.00032EPSS

Exploits0References10

NVD•added 2026/04/16 7:16 a.m.•1 views

CVE-2026-3995

The OPEN-BRAIN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'API Key' settings field in all versions up to, and including, 0.5.0. This is due to insufficient input sanitization and output escaping. The plugin uses sanitizetextfield which strips HTML tags but does not...

4.4CVSS0.00026EPSS

Exploits0References9

CVE•added 2026/04/16 6:44 a.m.•4 views

CVE-2026-3995

CVE-2026-3995 concerns the OPEN-BRAIN WordPress plugin (versions up to 0.5.0). The vulnerability arises in the API Key settings field, where insufficient input sanitization and output escaping allow an authenticated Administrator to inject stored cross-site scripting payloads. Specifically, sanit...

4.4CVSS5.9AI score0.00026EPSS

Exploits0References9

ATTACKERKB•added 2026/04/16 6:44 a.m.•1 views

CVE-2026-3995

4.4CVSS5.9AI score0.00026EPSS

Exploits0References10

Vulnrichment•added 2026/04/16 6:44 a.m.•1 views

CVE-2026-3995 OPEN-BRAIN <= 0.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'API Key' Setting

4.4CVSS5.9AI score0.00026EPSS

Exploits0References9

Cvelist•added 2026/04/16 6:44 a.m.•22 views

CVE-2026-3995 OPEN-BRAIN <= 0.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'API Key' Setting

4.4CVSS0.00026EPSS

Exploits0References9

NVD•added 2026/04/15 9:16 a.m.•1 views

CVE-2026-4091

6.1CVSS0.00032EPSS

Exploits0References9

Vulnrichment•added 2026/04/15 8:28 a.m.•0 views

CVE-2026-4091 OPEN-BRAIN <= 0.5.0 - Cross-Site Request Forgery

6.1CVSS5.6AI score0.00032EPSS

Exploits0References9

ATTACKERKB•added 2026/04/15 8:28 a.m.•0 views

CVE-2026-4091

6.1CVSS5.6AI score0.00032EPSS

Exploits0References10

CVE•added 2026/04/15 8:28 a.m.•1 views

CVE-2026-4091

The CVE concerns the WordPress OPEN-BRAIN plugin

6.1CVSS5.6AI score0.00032EPSS

Exploits0References9

Patchstack•added 2026/04/15 4:3 a.m.•2 views

WordPress OPEN-BRAIN plugin <= 0.5.0 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin OPEN-BRAIN versions = 0.5.0...

6.1CVSS5.8AI score0.00032EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/04/15 12:0 a.m.•0 views

PT-2026-33027

The OPEN-BRAIN plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5.0. This is due to missing nonce verification on the settings form in the func page main function. This makes it possible for unauthenticated attackers to inject malicious web...

6.1CVSS5.6AI score0.00032EPSS

Exploits0References11

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by