CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

94 matches found

NVD•added 2026/05/12 10:16 a.m.•7 views

CVE-2026-6813

The Continually plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS0.0003EPSS

Exploits0References5

RedhatCVE•added 2026/03/08 1:44 a.m.•3 views

CVE-2026-2722

The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.26.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...

4.8CVSS5.9AI score0.00029EPSS

Exploits0References1

Cvelist•added 2026/03/04 1:21 a.m.•27 views

CVE-2026-2289 Taskbuilder <= 5.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Block Emails' Field

The Taskbuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS0.00011EPSS

Exploits0References6

Vulnrichment•added 2026/02/18 9:25 a.m.•4 views

CVE-2025-13727 Video Share VOD <= 2.7.11 - Authenticated (Editor+) Stored Cross-Site Scripting via Custom Field Meta Values

The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 2.7.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

4.4CVSS5.7AI score0.00011EPSS

Exploits0References6

RedhatCVE•added 2026/02/15 7:10 a.m.•11 views

CVE-2026-0735

The User Language Switch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tabcolorpickerlanguageswitch' parameter in all versions up to, and including, 1.6.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS5.7AI score0.00039EPSS

Exploits0References1

NVD•added 2026/01/17 7:16 a.m.•1 views

CVE-2026-0691

The CM E-Mail Blacklist – Simple email filtering for safer registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blackemail' parameter in all versions up to, and including, 1.6.2. This is due to insufficient input sanitization and output escaping. This makes it...

4.4CVSS0.00051EPSS

Exploits0References4

RedhatCVE•added 2026/01/09 9:25 a.m.•7 views

CVE-2023-4160

The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.90 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-leve...

4.8CVSS5.8AI score0.00154EPSS

Exploits0References1

NVD•added 2025/11/12 8:15 a.m.•5 views

CVE-2025-12018

The MembershipWorks – Membership, Events & Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.00031EPSS

Exploits0References6

NVD•added 2025/11/11 4:15 a.m.•1 views

CVE-2025-12538

The Fleet Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and abov...

4.4CVSS0.00022EPSS

Exploits0References3

CVE•added 2025/11/11 3:30 a.m.•13 views

CVE-2025-12632

CVE-2025-12632 affects the WordPress plugin RandomQuotr. Connected sources confirm a Stored Cross-Site Scripting vulnerability in versions

5.5CVSS4.7AI score0.00029EPSS

Exploits0References2

Positive Technologies•added 2025/11/04 12:0 a.m.•2 views

PT-2025-45012

Name of the Vulnerable Software and Affected Versions MeetingList plugin for WordPress versions prior to 0.11 Description The software is susceptible to Stored Cross-Site Scripting through admin settings due to inadequate input sanitization and output escaping. This allows authenticated attackers...

4.4CVSS5.4AI score0.00022EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-54039

Malicious code in bioql PyPI...

4.8CVSS6.4AI score0.00154EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2024-50555

Malicious code in bioql PyPI...

4.8CVSS8.7AI score0.00379EPSS

Exploits0References3

Vulnrichment•added 2025/07/18 5:23 a.m.•2 views

CVE-2025-6719 Terms descriptions <= 3.4.8 - Authenticated (Admin+) Stored Cross-Site Scripting

The Terms descriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS5.9AI score0.00164EPSS

Exploits0References2

Vulnrichment•added 2025/07/15 9:22 a.m.•3 views

CVE-2025-4369 Companion Auto Update <= 3.9.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via update_delay_days parameter

The Companion Auto Update plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘updatedelaydays’ parameter in all versions up to, and including, 3.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.5CVSS5.9AI score0.00291EPSS

Exploits0References4

Vulnrichment•added 2025/06/06 6:42 a.m.•10 views

CVE-2025-5699 Developer Formatter <= 2015.0.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Custom CSS

The Developer Formatter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS in all versions up to, and including, 2015.0.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.5CVSS5.9AI score0.00291EPSS

Exploits0References4

Cvelist•added 2025/04/24 3:21 a.m.•14 views

CVE-2025-3435 MangBoard WP <= 1.8.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via Board Header And Footer

The Mang Board WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the boardheader and boardfooter parameters in all versions up to, and including, 1.8.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.00161EPSS

Exploits0References2

Vulnrichment•added 2025/02/26 11:12 a.m.•5 views

CVE-2024-6810 Quiz Organizer <= 2.9.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Quiz Organizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web...

4.4CVSS4.3AI score0.00161EPSS

Exploits0References5

CVE•added 2024/11/05 9:30 a.m.•41 views

CVE-2024-9878

CVE-2024-9878 is a Stored XSS in the WordPress plugin “Photo Gallery by 10Web – Mobile-Friendly Image Gallery” up to version 1.8.30, exploitable by authenticated admins with access to admin settings. The vulnerability arises from insufficient input sanitization and output escaping, enabling injec...

4.8CVSS4.4AI score0.00415EPSS

Exploits1References3Affected Software1

Vulnrichment•added 2024/10/26 1:58 a.m.•12 views

CVE-2024-9462 Poll Maker – Versus Polls, Anonymous Polls, Image Polls <= 5.4.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via Poll Settings

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Stored Cross-Site Scripting via poll settings in all versions up to, and including, 5.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...

5.5CVSS5.8AI score0.00235EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by