CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

Patchstack•added 2026/01/27 3:0 a.m.•4 views

WordPress Responsive Header Plugin plugin <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Parameters vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Settings Parameters vulnerability discovered by 0x34rth in WordPress Plugin Responsive Header versions = 1.0...

4.4CVSS5.9AI score0.00055EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/01/24 9:8 a.m.•28 views

CVE-2026-1300 Responsive Header Plugin <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Parameters

The Responsive Header plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple plugin settings parameters in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.00055EPSS

Exploits0References5

Cvelist•added 2026/01/14 6:40 a.m.•29 views

CVE-2026-0741 Electric Studio Download Counter <= 2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Parameters

The Electric Studio Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.00055EPSS

Exploits0References5

Vulnrichment•added 2026/01/14 6:40 a.m.•2 views

CVE-2026-0739 WMF Mobile Redirector <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Parameters

The WMF Mobile Redirector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level...

4.4CVSS4.7AI score0.00015EPSS

Exploits0References5

Patchstack•added 2026/01/13 11:27 p.m.•2 views

WordPress WMF Mobile Redirector plugin <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Parameters vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Settings Parameters vulnerability discovered by 0x34rth in WordPress Plugin WMF Mobile Redirector versions = 1.2...

4.4CVSS5.8AI score0.00015EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/01/13 11:6 p.m.•6 views

WordPress Electric Studio Download Counter plugin <= 2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Parameters vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Settings Parameters vulnerability discovered by 0x34rth in WordPress Plugin Electric Studio Download Counter versions = 2.4...

4.4CVSS5.8AI score0.00055EPSS

Exploits0References1Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-37840

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.00355EPSS

Exploits1References3

Positive Technologies•added 2022/12/13 12:0 a.m.•1 views

PT-2022-37585 · Mageia · Rootcerts

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue involves setting certain parameters, specifically CKA NSS SERVER DISTRUST AFTER and CKA NSS EMAIL DISTRUST AFTER, related to 3 TrustCor Root Certificates. Recommendations: At...

7AI score

Exploits0References5

Tenable Nessus•added 2022/07/21 12:0 a.m.•24 views

Wago 750-36X & 750-8XX Improper Authentication (CVE-2021-34578)

This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07. - This vulnerability allows an attacker who has access to...

9.8CVSS7.7AI score0.00336EPSS

Exploits0References2

wpexploit•added 2022/04/25 12:0 a.m.•74 views

Tracked Tweets <= 0.2.9 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in an admin page, leading to a Reflected Cross-Site Scripting issue All parameters from the settings page are affected ' /...

0.1AI score

Exploits0

Prion•added 2021/08/31 11:15 a.m.•10 views

Authentication flaw

6.8CVSS7.9AI score0.00336EPSS

Exploits0References1Affected Software12

Cvelist•added 2021/08/31 10:33 a.m.•14 views

CVE-2021-34578 WAGO: Authentication Vulnerability in Web-Based Management

9.8CVSS9.7AI score0.00336EPSS

Exploits0References1

OSV•added 2019/09/26 4:15 p.m.•1 views

CVE-2019-16524

The easy-fancybox plugin before 1.8.18 for WordPress aka Easy FancyBox is susceptible to Stored XSS in the Settings Menu inc/class-easyfancybox.php due to improper encoding of arbitrarily submitted settings parameters. This occurs because there is no inline styles output filter...

4.8CVSS5.8AI score0.0026EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by