CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

222952 matches found

ATTACKERKB•added 2026/05/27 9:49 a.m.•6 views

CVE-2026-42727

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows Blind SQL Injection.This issue affects Active Products Tables for WooCommerce: from n/a through = 1.0...

9.3CVSS5.8AI score0.00039EPSS

Exploits0References2

Vulnrichment•added 2026/05/27 9:49 a.m.•10 views

CVE-2026-42729 WordPress PropertyHive plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Property Hive PropertyHive propertyhive allows DOM-Based XSS.This issue affects PropertyHive: from n/a through = 2.2.2...

7.1CVSS5.8AI score0.00036EPSS

Exploits0References1

Cvelist•added 2026/05/27 9:49 a.m.•28 views

CVE-2026-42729 WordPress PropertyHive plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability

7.1CVSS0.00036EPSS

Exploits0References1

Cvelist•added 2026/05/27 9:49 a.m.•26 views

CVE-2026-42727 WordPress Active Products Tables for WooCommerce plugin <= 1.0.8 - SQL Injection vulnerability

9.3CVSS0.00039EPSS

Exploits0References1

Cvelist•added 2026/05/27 9:49 a.m.•27 views

CVE-2026-42726 WordPress AWP Classifieds plugin <= 4.4.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AWP Classifieds: from n/a through = 4.4.5...

6.5CVSS0.0005EPSS

Exploits0References1

CVE•added 2026/05/27 9:49 a.m.•11 views

CVE-2026-42727

CVE-2026-42727 affects the WordPress plugin Profit-Products-Tables-for-WooCommerce (Active Products Tables for WooCommerce) ≤ 1.0.8. The root cause is improper neutralization of special elements used in SQL commands, enabling Blind SQL Injection. The impact is described as Blind SQL Injection; no...

9.3CVSS5.8AI score0.00039EPSS

Exploits0References1

CVE•added 2026/05/27 9:49 a.m.•11 views

CVE-2026-42729

CVE-2026-42729 documents a DOM-based Cross-Site Scripting (XSS) vulnerability in the WordPress PropertyHive plugin, specifically in versions <= 2.2.2. The root cause is described as improper neutralization of input during web page generation. Affected product: PropertyHive (WordPress plugin); ...

7.1CVSS5.8AI score0.00036EPSS

Exploits0References1

CVE•added 2026/05/27 9:49 a.m.•14 views

CVE-2026-42734

The CVE-2026-42734 entry describes a Reflected Cross-Site Scripting (XSS) in the WordPress Geo Mashup plugin by Dylan Kuhn, affected up to Geo Mashup <= 1.13.19. Root cause: improper neutralization of input during web page generation. Affected software: Geo Mashup plugin for WordPress (versions

7.1CVSS5.8AI score0.00036EPSS

Exploits0References1

Cvelist•added 2026/05/27 9:27 a.m.•28 views

CVE-2026-2288 myLinksDump <= 1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'link_title' Parameter

The myLinksDump plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'linktitle' parameter in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access...

4.8CVSS0.00032EPSS

Exploits0References5

ATTACKERKB•added 2026/05/27 9:27 a.m.•10 views

CVE-2026-3348

The MinhNhut Link Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings Description, Title, and other fields in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

4.4CVSS6AI score0.00035EPSS

Exploits0References4

Vulnrichment•added 2026/05/27 9:27 a.m.•9 views

CVE-2026-3348 MinhNhut Link Gateway <= 3.6.1 - Authenticated (Admin+) Stored Cross-Site Scripting via Plugin Settings

4.4CVSS6AI score0.00035EPSS

Exploits0References3

Vulnrichment•added 2026/05/27 9:27 a.m.•6 views

CVE-2026-2288 myLinksDump <= 1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'link_title' Parameter

4.8CVSS6AI score0.00032EPSS

Exploits0References5

Cvelist•added 2026/05/27 9:27 a.m.•27 views

CVE-2026-3348 MinhNhut Link Gateway <= 3.6.1 - Authenticated (Admin+) Stored Cross-Site Scripting via Plugin Settings

4.4CVSS0.00035EPSS

Exploits0References3

CVE•added 2026/05/27 9:27 a.m.•14 views

CVE-2026-3348

Summary: CVE-2026-3348 affects the MinhNhut Link Gateway WordPress plugin up to version 3.6.1. The issue is a Stored Cross-Site Scripting flaw caused by insufficient input sanitization and output escaping in plugin settings (Description, Title, and other fields). Exploitation requires authenticat...

4.4CVSS6AI score0.00035EPSS

Exploits0References3

Vulnrichment•added 2026/05/27 9:27 a.m.•9 views

CVE-2026-3349 MinhNhut Link Gateway <= 3.6.1 - Reflected Cross-Site Scripting via 'url' Parameter

The MinhNhut Link Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter on the redirect page in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

6.1CVSS6AI score0.00066EPSS

Exploits0References3