CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/03/12 8:36 a.m.•3 views

BIT-APPSMITH-2026-30862 Critical Stored XSS & Privilege Escalation in Appsmith

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.96, a Critical Stored XSS vulnerability exists in the Table Widget TableWidgetV2. The root cause is a lack of HTML sanitization in the React component rendering pipeline, allowing malicious attributes to be...

RedhatCVE•added 2026/03/11 7:8 a.m.•0 views

Exploits2References2

CVE-2026-30862

CNNVD•added 2026/03/10 12:0 a.m.•2 views

Appsmith 安全漏洞

Appsmith is an open-source platform developed by Appsmith itself, used for building, deploying, and maintaining internal applications. Prior to version 1.96, there were security vulnerabilities in Appsmith. These vulnerabilities stemmed from the lack of HTML cleaning in the Table Widget rendering...

9CVSS5.7AI score0.00061EPSS

Exploits2References2

EUVD•added 2026/03/09 10:26 p.m.•2 views

EUVD-2026-10412

EUVD•added 2026/03/09 10:26 p.m.•2 views

EUVD-2026-10413

ATTACKERKB•added 2026/03/09 10:26 p.m.•2 views

CVE-2026-30862

Exploits2References2Affected Software1

OSV•added 2026/03/09 10:26 p.m.•2 views

CVE-2026-30862 Critical Stored XSS & Privilege Escalation in Appsmith

Vulnrichment•added 2026/03/09 10:26 p.m.•0 views

Exploits2References3

CVE-2026-30862 Critical Stored XSS & Privilege Escalation in Appsmith

CVE•added 2026/03/09 10:26 p.m.•7 views

CVE-2026-30862

CVE-2026-30862 describes a Stored XSS in Appsmith’s TableWidgetV2 prior to 1.96 due to insufficient HTML sanitization in the React rendering path. An attacker with a regular user account can leverage the Invite Users flow to coerce a System Administrator into calling a high-privilege API (/api/v1...

Exploits2References1Affected Software1

Positive Technologies•added 2026/03/09 12:0 a.m.•2 views

PT-2026-24145

Name of the Vulnerable Software and Affected Versions Appsmith versions prior to 1.96 Description Appsmith is a platform used to build admin panels, internal tools, and dashboards. A critical stored cross-site scripting XSS issue exists in the Table Widget TableWidgetV2 due to insufficient HTML...

Patchstack•added 2026/02/02 7:39 p.m.•2 views

Exploits2References10

WordPress Ultimate Addons for Beaver Builder - Lite plugin <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Info Table Widget vulnerability

WordPress Ultimate Addons for Beaver Builder - Lite plugin = 1.5.7 - Authenticated Contributor+ Stored Cross-Site Scripting via Info Table Widget vulnerability discovered by Francesco Carlucci in WordPress Plugin Ultimate Addons for Beaver Builder – Lite versions = 1.5.7...

6.4CVSS8.3AI score0.00156EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/01/29 9:24 a.m.•5 views

CVE-2025-14610

The TableMaster for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.6. This is due to the plugin not restricting which URLs can be fetched when importing CSV data from a URL in the Data Table widget. This makes it possible for...

7.2CVSS5.9AI score0.00015EPSS

RedhatCVE•added 2026/01/07 9:14 a.m.•2 views

CVE-2024-2142

The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Info Table widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

6.4CVSS5.8AI score0.00156EPSS

EUVD•added 2025/12/13 6:30 p.m.•1 views

EUVD-2025-203243

The Livemesh SiteOrigin Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Hero Header and Pricing Table widgets in all versions up to, and including, 3.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

6.4CVSS4.7AI score0.00037EPSS

Exploits0References5

Cvelist•added 2025/12/13 8:21 a.m.•24 views

CVE-2025-8780 Livemesh SiteOrigin Widgets <= 3.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Hero Header and Pricing Table Widgets

6.4CVSS0.00037EPSS

Exploits0References4

CVE•added 2025/12/13 8:21 a.m.•9 views

CVE-2025-8780

CVE-2025-8780 affects the WordPress plugin Livemesh SiteOrigin Widgets (versions up to and including 3.9.1). The issue is a Stored Cross-Site Scripting (XSS) in the plugin’s widgets (Hero Header and Pricing Table) caused by insufficient input sanitization and output escaping on user-supplied attr...

6.4CVSS4.7AI score0.00037EPSS

Exploits0References4

Patchstack•added 2025/12/13 3:7 a.m.•3 views

WordPress Livemesh SiteOrigin Widgets plugin <= 3.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Hero Header and Pricing Table Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Hero Header and Pricing Table Widgets vulnerability discovered by zer0gh0st in WordPress Plugin Livemesh SiteOrigin Widgets versions = 3.9.1...

6.4CVSS5.5AI score0.00037EPSS

Exploits0References1Affected Software1

CNNVD•added 2025/12/13 12:0 a.m.•1 views

WordPress plugin Livemesh SiteOrigin Widgets 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS6AI score0.00037EPSS

Exploits0References5

RedhatCVE•added 2025/11/22 9:45 a.m.•3 views

CVE-2025-12964

The Magical Products Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mpdprtitletag' and 'mpdprsubtitletag' parameters in the MPD Pricing Table widget in all versions up to, and including, 1.1.29 due to insufficient input sanitization and output escaping on...

6.4CVSS4.9AI score0.00037EPSS