CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

187 matches found

CVE-2026-8382

The Advanced Custom Fields ACF® plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.8.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrit...

5.3CVSS5.8AI score0.00059EPSS

Exploits0References1

NVD•added 4 days ago•7 views

CVE-2026-8382

5.3CVSS0.00059EPSS

Exploits0References3

Cvelist•added 4 days ago•27 views

CVE-2026-8382 Advanced Custom Fields (ACF®) <= 6.8.1 - Unauthenticated Arbitrary Post Modification via Front-End Form '_post_title' and '_post_content' Parameters

5.3CVSS0.00059EPSS

Exploits0References3

ATTACKERKB•added 4 days ago•6 views

CVE-2026-8382

5.3CVSS5.8AI score0.00059EPSS

Exploits0References4

Vulnrichment•added 4 days ago•4 views

CVE-2026-8382 Advanced Custom Fields (ACF®) <= 6.8.1 - Unauthenticated Arbitrary Post Modification via Front-End Form '_post_title' and '_post_content' Parameters

5.3CVSS5.8AI score0.00059EPSS

Exploits0References3

CVE•added 4 days ago•10 views

CVE-2026-8382

The CVE-2026-8382 entry describes an authorization bypass in the WordPress plug‑in Advanced Custom Fields (ACF) for all versions up to 6.8.1. The vulnerability arises because the plugin does not properly verify that a user is authorized to perform an action, enabling unauthenticated attackers to ...

5.3CVSS5.8AI score0.00059EPSS

Exploits0References3

CVE•added 2026/05/27 5:31 a.m.•9 views

CVE-2026-8701

The CVE-2026-8701 entry describes a Stored XSS in the WordPress plugin GNTT Post Title Ticker (versions

6.4CVSS6AI score0.00032EPSS

Exploits0References3

CNNVD•added 2026/05/27 12:0 a.m.•4 views

WordPress plugin GNTT Post Title Ticker 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.8AI score0.00032EPSS

Exploits0References3

Patchstack•added 2026/05/26 5:21 p.m.•4 views

WordPress GNTT Post Title Ticker plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by MAJidox in WordPress Plugin GNTT Post Title Ticker versions = 1.0...

6.4CVSS5.8AI score0.00032EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/05/22 3:39 a.m.•26 views

CVE-2026-9104 Draft List <= 2.6.3 - Authenticated (Author+) Stored Cross-Site Scripting via Draft Post Title

The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to...

6.4CVSS0.00084EPSS

Exploits0References7

EUVD•added 2026/05/10 3:31 p.m.•2 views

EUVD-2022-55972

WordPress Plugin Testimonial Slider and Showcase 2.2.6 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the posttitle parameter. Attackers with editor privileges can inject JavaScript payloads through the...

6.4CVSS5.7AI score0.00034EPSS

Exploits0References5

CVE•added 2026/05/10 12:12 p.m.•5 views

CVE-2022-50947

The CVE-2022-50947 entry concerns WordPress Plugin Testimonial Slider and Showcase version 2.2.6. A stored XSS vulnerability exists in the post_title field due to insufficient sanitization, exploitable by authenticated editors with low privileges. Attackers with editor rights can inject JavaScrip...

6.4CVSS5.7AI score0.00034EPSS

Exploits0References4

Vulnrichment•added 2026/05/10 12:12 p.m.•2 views

CVE-2022-50947 WordPress Plugin Testimonial Slider and Showcase 2.2.6 Stored XSS

6.4CVSS5.7AI score0.00034EPSS

Exploits0References4

Cvelist•added 2026/05/10 12:12 p.m.•25 views

CVE-2022-50947 WordPress Plugin Testimonial Slider and Showcase 2.2.6 Stored XSS

6.4CVSS0.00034EPSS

Exploits0References4

ATTACKERKB•added 2026/05/10 12:12 p.m.•2 views

CVE-2022-50947

6.4CVSS5.7AI score0.00034EPSS

Exploits0References4Affected Software1

Cvelist•added 2026/05/10 12:12 p.m.•25 views

CVE-2022-50946 WordPress Plugin Netroics Blog Posts Grid 1.0 Stored XSS

WordPress Plugin Netroics Blog Posts Grid 1.0 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the posttitle parameter. Attackers with editor privileges can inject script payloads through the testimonial titl...

6.4CVSS0.00032EPSS

Exploits0References3

Vulnrichment•added 2026/05/10 12:12 p.m.•4 views

CVE-2022-50946 WordPress Plugin Netroics Blog Posts Grid 1.0 Stored XSS

6.4CVSS5.7AI score0.00032EPSS

Exploits0References3

CVE•added 2026/05/10 12:12 p.m.•5 views

CVE-2022-50946

The CVE-2022-50946 entry concerns the WordPress plugin Netroics Blog Posts Grid 1.0, where a stored cross-site scripting (XSS) flaw exists in the handling of the post_title field and the testimonial title field. The root cause is failure to sanitize the post_title parameter, enabling an attacker ...

6.4CVSS5.7AI score0.00032EPSS

Exploits0References3

CNNVD•added 2026/05/10 12:0 a.m.•2 views

WordPress plugin Netroics Blog Posts Grid 跨站脚本漏洞

6.4CVSS5.6AI score0.00032EPSS

Exploits0References1

CVE•added 2026/05/02 9:26 a.m.•2 views

CVE-2026-5077

The CVE-2026-5077 entry affects the WordPress Total theme. Vulnerable component: rendering of the_title() inside HTML attribute context in the Home Page blog section template. Root cause: insufficient output escaping in post titles, allowing Stored XSS. Impact: authenticated attackers with contri...

5.4CVSS6AI score0.00034EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by