CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1328 matches found

Site Reviews < 7.2.5 - Unauthenticated Stored XSS

Site Reviews WordPress plugin before 7.2.5 contains a stored cross-site scripting caused by improper sanitization and escaping of review fields, letting unauthenticated users execute malicious scripts, exploit requires no authentication. id: CVE-2025-1232 info: name: Site Reviews 7.2.5 -...

8.8CVSS7.2AI score0.01856EPSS

Exploits1References3

NVD•added 4 days ago•4 views

CVE-2026-57318

Subscriber Sensitive Data Exposure in Site Reviews = 8.0.11 versions...

6.5CVSS0.00355EPSS

Exploits0References1

NVD•added 4 days ago•6 views

CVE-2026-56043

Unauthenticated Cross Site Scripting XSS in Customer Reviews for WooCommerce = 5.110.1 versions...

7.1CVSS0.0018EPSS

Exploits0References1

CVE•added 4 days ago•7 views

CVE-2026-57318

Affected software : WordPress Site Reviews plugin (

6.5CVSS5.8AI score0.00355EPSS

Exploits0References1

EUVD•added 4 days ago•4 views

EUVD-2026-39731

Subscriber Sensitive Data Exposure in Site Reviews = 8.0.11 versions...

6.5CVSS5.8AI score0.00355EPSS

Exploits0References1

Cvelist•added 4 days ago•30 views

CVE-2026-57318 WordPress Site Reviews plugin <= 8.0.11 - Sensitive Data Exposure vulnerability

Subscriber Sensitive Data Exposure in Site Reviews = 8.0.11 versions...

6.5CVSS0.00355EPSS

Exploits0References1

CVE•added 4 days ago•6 views

CVE-2026-56043

CVE-2026-56043 is an unauthenticated Cross Site Scripting (XSS) vulnerability affecting the WordPress plugin Customer Reviews for WooCommerce up to version 5.110.1 . The issue is in the handling of user-provided input in customer reviews, enabling arbitrary script execution in the context of othe...

7.1CVSS5.8AI score0.0018EPSS

Exploits0References1

EUVD•added 4 days ago•4 views

EUVD-2026-39704

Unauthenticated Cross Site Scripting XSS in Customer Reviews for WooCommerce = 5.110.1 versions...

7.1CVSS5.8AI score0.0018EPSS

Exploits0References1

Cvelist•added 4 days ago•31 views

CVE-2026-56043 WordPress Customer Reviews for WooCommerce plugin <= 5.110.1 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Customer Reviews for WooCommerce = 5.110.1 versions...

7.1CVSS0.0018EPSS

Exploits0References1

Patchstack•added 6 days ago•5 views

WordPress Customer Reviews for WooCommerce plugin <= 5.110.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin Customer Reviews for WooCommerce versions = 5.110.1...

7.1CVSS5.8AI score0.0018EPSS

Exploits0Affected Software1

NVD•added 6 days ago•7 views

CVE-2026-9619

The Reviews and Rating – Docplanner plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS0.00307EPSS

Exploits0References6

EUVD•added 6 days ago•7 views

EUVD-2026-38666

4.3CVSS5.7AI score0.00307EPSS

Exploits0References6

CVE•added 6 days ago•8 views

CVE-2026-9619

CVE-2026-9619 affects the Reviews and Rating – Docplanner WordPress plugin, vulnerable in all versions up to 1.1.4 due to insufficient authorization checks for an action (sync_reviews AJAX). This allows authenticated users with subscriber-level access and above to trigger outbound scraping, write...

4.3CVSS5.7AI score0.00307EPSS

Exploits0References6

Cvelist•added 6 days ago•35 views

CVE-2026-9619 Reviews and Rating <= 1.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via sync_reviews AJAX Action

4.3CVSS0.00307EPSS

Exploits0References6

Patchstack•added last week•4 views

WordPress Reviews and Rating – Docplanner plugin <= 1.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Modification vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin Reviews and Rating – Docplanner versions = 1.1.4...

4.3CVSS5.8AI score0.00307EPSS

Exploits0References1Affected Software1

EUVD•added 2026/06/16 6:49 a.m.•9 views

EUVD-2026-37040

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs' parameter of the wpfbfindreviews AJAX action in versions up to, and including, 12.6.8. This is due to the handler reading $POST'curselrevs' raw with no sanitization or type casting, then concatenatin...

8.8CVSS5.8AI score0.00259EPSS

Exploits0References2

Circl•added 2026/06/09 3:44 p.m.•9 views

CVE-2026-44805

creationtimestamp| type| source ---|---|--- 2026-06-09 15:44:28+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2026-0181 2026-06-09 16:12:18+00:00| seen| https://www.thezdi.com/blog/2026/6/9/the-june-2026-security-update-review...

5.5CVSS5.3AI score0.00356EPSS

Exploits0References2

Circl•added 2026/06/09 3:44 p.m.•12 views

CVE-2026-45598

7CVSS5.3AI score0.00179EPSS

Exploits0References2

CVE•added 2026/06/09 3:41 a.m.•18 views

CVE-2026-8499

The CVE concerns the WordPress Helpfulcrowd Product Reviews plugin (vulnerable up to 1.2.9). Root cause: a PHP type-juggling flaw in helpfulcrowd_validate_token() uses a loose != comparison, paired with a REST route (wp-json/helpfulcrowd/v1/update-settings) that has a permissive permission_callba...

5.3CVSS5.6AI score0.00273EPSS

Exploits0References4

Patchstack•added 2026/06/08 3:4 p.m.•9 views

WordPress Helpfulcrowd Product Reviews plugin <= 1.2.9 - Inccorect Authorization vulnerability

Inccorect Authorization vulnerability discovered by Legion Hunter in WordPress Plugin Helpfulcrowd Product Reviews versions = 1.2.9...

5.3CVSS5.4AI score0.00273EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by