CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/05/10 12:43 p.m.•8 views

CVE-2021-47941

8.8CVSS6.1AI score0.00282EPSS

Vulnrichment•added 2026/05/10 12:43 p.m.•9 views

CVE-2021-47938 ImpressCMS 1.4.2 Remote Code Execution via Autotasks

ImpressCMS 1.4.2 contains a remote code execution vulnerability in the autotasks administrative interface that allows authenticated attackers to execute arbitrary PHP code by injecting malicious code into the satcode parameter. Attackers can authenticate, submit a POST request to...

8.8CVSS6.6AI score0.00569EPSS

Cvelist•added 2026/05/10 12:43 p.m.•32 views

CVE-2021-47938 ImpressCMS 1.4.2 Remote Code Execution via Autotasks

8.8CVSS0.00569EPSS

CVE•added 2026/05/10 12:43 p.m.•11 views

CVE-2021-47938

ImpressCMS 1.4.2 suffers a remote code execution (RCE) in the autotasks admin interface. An authenticated attacker can send a crafted sat_code payload via POST to /modules/system/admin.php?fct=autotasks&op=mod, resulting in creation of an executable file that accepts arbitrary commands through GE...

8.8CVSS6.6AI score0.00569EPSS

Vulnrichment•added 2026/05/10 12:43 p.m.•13 views

CVE-2021-47931 Exponent CMS 2.6 Multiple Vulnerabilities Stored XSS Authentication

Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing endpoint. Attackers can inject iframe payloads with embedded SVG onload events to execute arbitrary...

6.4CVSS5.9AI score0.00213EPSS

Cvelist•added 2026/05/10 12:43 p.m.•31 views

CVE-2021-47927 WordPress Plugin WP Symposium Pro 2021.10 Stored XSS via wps_admin_forum_add_name

WordPress Plugin WP Symposium Pro 2021.10 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting insufficient sanitization of the forum name parameter. Attackers can submit POST requests to the admin setup page with...

6.4CVSS0.00193EPSS

ATTACKERKB•added 2026/05/10 12:43 p.m.•5 views

CVE-2021-47927

6.4CVSS5.6AI score0.00193EPSS

Exploits0References4Affected Software1

Vulnrichment•added 2026/05/10 12:43 p.m.•10 views

CVE-2021-47927 WordPress Plugin WP Symposium Pro 2021.10 Stored XSS via wps_admin_forum_add_name

6.4CVSS5.6AI score0.00193EPSS

CVE•added 2026/05/10 12:43 p.m.•13 views

CVE-2021-47927

CVE-2021-47927 affects the WordPress plugin WP Symposium Pro (version 2021.10). It describes a stored cross-site scripting (XSS) vulnerability in the wps_admin_forum_add_name parameter used during admin setup: authenticated attackers can submit a JavaScript payload via POST, which is stored and e...

6.4CVSS5.6AI score0.00193EPSS

Vulnrichment•added 2026/05/10 12:43 p.m.•14 views

CVE-2021-47907 Rocket LMS 1.1 Persistent Cross-Site Scripting via Support Tickets

Rocket LMS 1.1 contains a persistent cross-site scripting vulnerability in the support ticket module that allows authenticated users to inject malicious script code through the title parameter. Attackers can submit support tickets with embedded HTML/JavaScript payloads that execute in the browser...

6.4CVSS5.7AI score0.00235EPSS

Cvelist•added 2026/05/10 12:13 p.m.•34 views

CVE-2022-50970 WordPress Plugin AAWP 3.16 Reflected XSS via tab Parameter

WordPress Plugin AAWP 3.16 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the tab parameter. Attackers can craft URLs with XSS payloads in the tab parameter of the aawp-settings admin page to execute arbitrar...

5.4CVSS0.00172EPSS

ATTACKERKB•added 2026/05/10 12:13 p.m.•9 views

CVE-2022-50970

5.4CVSS5.9AI score0.00172EPSS

CVE•added 2026/05/10 12:13 p.m.•14 views

CVE-2022-50970

CVE-2022-50970 affects WordPress Plugin AAWP 3.16. It describes a reflected XSS vulnerability in the aawp-settings admin page, where an attacker can craft a URL with a payload in the tab parameter to execute arbitrary JavaScript in the context of authenticated users. The vulnerability is triggere...

5.4CVSS5.9AI score0.00172EPSS

Vulnrichment•added 2026/05/10 12:13 p.m.•9 views

CVE-2022-50970 WordPress Plugin AAWP 3.16 Reflected XSS via tab Parameter

5.4CVSS5.9AI score0.00172EPSS

Cvelist•added 2026/05/10 12:12 p.m.•60 views

CVE-2022-50962 uBidAuction 2.0.1 myOrders Reflected XSS

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the orders/myOrders module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET reques...

6.1CVSS0.00252EPSS

ATTACKERKB•added 2026/05/10 12:12 p.m.•5 views

CVE-2022-50960

WordPress International SMS for Contact Form 7 Integration version 1.2 contains a reflected cross-site scripting vulnerability in the page parameter of the admin settings interface. Attackers can inject malicious scripts through the page parameter in class-sms-log-display.php to execute arbitrary...

6.1CVSS5.9AI score0.00187EPSS

CVE•added 2026/05/10 12:12 p.m.•16 views

CVE-2022-50960

The vulnerability is in WordPress International Sms For Contact Form 7 Integration v1.2, which contains a reflected XSS in the page parameter of the admin settings interface. The issue is triggered via class-sms-log-display.php, allowing an attacker to inject malicious JavaScript that runs in adm...

6.1CVSS5.9AI score0.00187EPSS

Vulnrichment•added 2026/05/10 12:12 p.m.•11 views

CVE-2022-50960 WordPress International Sms Contact Form 7 Integration 1.2 XSS

6.1CVSS5.9AI score0.00187EPSS

ATTACKERKB•added 2026/05/10 12:12 p.m.•7 views

CVE-2022-50959

WordPress Contact Form Builder 1.6.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting the formid parameter. Attackers can craft malicious URLs to codegenerator.php with script payloads in the formid parameter t...

6.1CVSS5.9AI score0.00208EPSS