CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/05/14 6:44 a.m.•5 views

CVE-2026-6225 Taskbuilder – Project Management & Task Management Tool With Kanban Board <= 5.0.6 - Authenticated (Subscriber+) Time-Based Blind SQL Injection via 'project_search' Parameter

The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'projectsearch' parameter in all versions up to, and including, 5.0.6 due to insufficient escaping on the user supplied parameter and lack of...

6.5CVSS5.9AI score0.00224EPSS

CVE•added 2026/05/14 6:44 a.m.•17 views

CVE-2026-6225

The CVE concerns the WordPress plugin Taskbuilder – Project Management & Task Management Tool With Kanban Board . It is vulnerable to a time-based blind SQL Injection via the 'project_search' parameter in all versions up to and including 5.0.6 , caused by insufficient escaping and inadequate prep...

6.5CVSS5.9AI score0.00224EPSS

NVD•added 2026/05/14 6:16 a.m.•8 views

CVE-2026-6417

The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failedorders' parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS0.00168EPSS

NVD•added 2026/05/14 6:16 a.m.•10 views

CVE-2025-15345

The MapGeo – Interactive Geo Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'map' parameter in the display-map shortcode in all versions up to, and including, 1.6.27 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS0.00204EPSS

ATTACKERKB•added 2026/05/14 5:30 a.m.•5 views

CVE-2025-15345

Vulnrichment•added 2026/05/14 5:30 a.m.•6 views

Exploits0References4

CVE-2025-15345 MapGeo - Interactive Geo Maps <= 1.6.27 - Reflected Cross-Site Scripting via 'map' Parameter

CVE•added 2026/05/14 5:30 a.m.•14 views

CVE-2025-15345

The CVE-2025-15345 entry concerns the WordPress plugin MapGeo – Interactive Geo Maps . It is vulnerable to a Reflected XSS in the display-map shortcode via the 'map' parameter in all versions up to and including 1.6.27 due to insufficient input sanitization and output escaping. Exploitation requi...

EUVD•added 2026/05/14 5:30 a.m.•6 views

EUVD-2025-209837

Vulnrichment•added 2026/05/14 5:30 a.m.•6 views

CVE-2026-5396 Fluent Forms <= 6.1.21 - Authenticated (Subscriber+) Authorization Bypass via 'form_id' Parameter

The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 6.1.21. This is due to the SubmissionPolicy class authorizing submission-level actions read, modify, delete, add notes based on a user-supplied formid quer...

8.2CVSS5.8AI score0.00218EPSS

Cvelist•added 2026/05/14 5:30 a.m.•55 views

CVE-2026-5396 Fluent Forms <= 6.1.21 - Authenticated (Subscriber+) Authorization Bypass via 'form_id' Parameter

8.2CVSS0.00218EPSS

Cvelist•added 2026/05/14 5:30 a.m.•35 views

CVE-2026-6417 GLS Shipping for WooCommerce <= 1.4.0 - Reflected Cross-Site Scripting via 'failed_orders'

6.1CVSS0.00168EPSS

ATTACKERKB•added 2026/05/14 5:30 a.m.•7 views

CVE-2026-6417

6.1CVSS6AI score0.00168EPSS

CVE•added 2026/05/14 5:30 a.m.•15 views

CVE-2026-5396

The CVE-2026-5396 case concerns the Fluent Forms WordPress plugin (all versions up to 6.1.21). The underlying issue is in the SubmissionPolicy logic, which authenticates submission-level actions based on a user-supplied form_id parameter. This allows authenticated attackers who have Fluent Forms ...

8.2CVSS5.8AI score0.00218EPSS

Vulnrichment•added 2026/05/14 5:30 a.m.•6 views

CVE-2026-6417 GLS Shipping for WooCommerce <= 1.4.0 - Reflected Cross-Site Scripting via 'failed_orders'

6.1CVSS6AI score0.00168EPSS