CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15847 matches found

CVE•added 2026/01/23 2:28 p.m.•9 views

CVE-2026-24576

CVE-2026-24576 is a stored XSS vulnerability in the WordPress UX Flat plugin (ux-flat) affecting versions up to and including 5.4.0. The issue is described as improper neutralization of input during web page generation, enabling stored cross-site scripting. The primary connected sources confirm t...

6.5CVSS5.4AI score0.00198EPSS

Exploits0References1

Cvelist•added 2026/01/23 2:28 p.m.•31 views

CVE-2026-24544 WordPress HD Quiz plugin <= 2.0.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Harmonic Design HD Quiz hd-quiz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HD Quiz: from n/a through = 2.0.9...

4.3CVSS0.00197EPSS

Exploits0References1

CVE•added 2026/01/23 2:28 p.m.•17 views

CVE-2026-24548

Summary: CVE-2026-24548 is a Server-Side Request Forgery (SSRF) vulnerability in the WordPress plugin “Radio Player” (radio-player) affecting versions up to and including 2.0.91. The issue is publicly documented by multiple sources (Wordfence vulnerability report and CVE/NVD entries). Impact is l...

5.4CVSS5.9AI score0.00163EPSS

Exploits0References1

Patchstack•added 2026/01/23 7:57 a.m.•5 views

WordPress WP DSGVO Tools (GDPR) plugin <= 3.1.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'lw_content_block' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'lwcontentblock' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP DSGVO Tools GDPR versions = 3.1.36...

6.4CVSS5.4AI score0.0025EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/01/23 5:29 a.m.•33 views

CVE-2025-14745 RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 5.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via wp-rss-aggregator Shortcode

The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-rss-aggregator' shortcode in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping on...

6.4CVSS0.00232EPSS

Exploits0References3

Positive Technologies•added 2026/01/23 12:0 a.m.•5 views

PT-2026-4371

Name of the Vulnerable Software and Affected Versions Kama Thumbnail versions through 3.5.1 Description A Cross-Site Request Forgery CSRF issue exists in Kama Thumbnail. This allows an attacker to potentially perform actions on behalf of an authenticated user without their knowledge...

5.3AI score0.00133EPSS

Exploits0References3

CNNVD•added 2026/01/23 12:0 a.m.•3 views

WordPress plugin Tablesome has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00235EPSS

Exploits0References1

CNNVD•added 2026/01/23 12:0 a.m.•4 views

WordPress plugin WP DSGVO Tools (GDPR) cross-site scripting vulnerability

6.4CVSS5.7AI score0.0025EPSS

Exploits0References4

CNNVD•added 2026/01/23 12:0 a.m.•4 views

WordPress plugin Monetag Official Plugin has a security vulnerability

5.4CVSS5.8AI score0.00209EPSS

Exploits0References1

CNNVD•added 2026/01/23 12:0 a.m.•4 views

WordPress plugin LifePress has a security vulnerability

4.3CVSS5.8AI score0.00185EPSS

Exploits0References1

CNNVD•added 2026/01/23 12:0 a.m.•4 views

WordPress plugin Textmetrics has a security vulnerability

4.3CVSS5.9AI score0.00211EPSS

Exploits0References1

CNNVD•added 2026/01/23 12:0 a.m.•3 views

WordPress plugin Media Library File Size security vulnerability

4.3CVSS5.8AI score0.00185EPSS

Exploits0References1

CNNVD•added 2026/01/23 12:0 a.m.•4 views

WordPress plugin Hyyan WooCommerce Polylang Integration has a security vulnerability

6.5CVSS5.8AI score0.00248EPSS

Exploits0References1

CNNVD•added 2026/01/23 12:0 a.m.•3 views

WordPress plugin Easy Modal has a security vulnerability

6.5CVSS5.8AI score0.00127EPSS

Exploits0References1

CNNVD•added 2026/01/23 12:0 a.m.•6 views

WordPress plugin All-in-One Video Gallery has a security vulnerability

6.5CVSS5.8AI score0.00369EPSS

Exploits0References6

CNNVD•added 2026/01/23 12:0 a.m.•4 views

WordPress plugin Ryviu has a security vulnerability

5.3CVSS5.8AI score0.00272EPSS

Exploits0References1

Positive Technologies•added 2026/01/23 12:0 a.m.•3 views

PT-2026-4354

The WP DSGVO Tools GDPR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lw content block' shortcode in all versions up to, and including, 3.1.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.0025EPSS

Exploits0References4

GithubExploit•added 2026/01/22 7:58 p.m.•145 views

Exploit for CVE-2026-0594

CVE-2026-0594-ListSiteContributors-Plugin-Exploit 🛡️ Descr...

6.1CVSS5.6AI score0.00693EPSS

Exploits1

GithubExploit•added 2026/01/22 6:57 p.m.•148 views

Exploit for CVE-2024-51791

CVE-2024-51791 / 0-Click RCE Exploit - Author: Joshua Provost...

10CVSS6.1AI score0.00614EPSS

Exploits1

RedhatCVE•added 2026/01/22 5:34 p.m.•4 views

CVE-2021-47830

GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery CSRF vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This may allow unauthorized changes but does not...

6.5CVSS5.7AI score0.00349EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by