CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

138 matches found

RedhatCVE•added 2026/03/26 3:8 p.m.•1 views

CVE-2026-2358

The WP ULike plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wpulikelikersbox shortcode template attribute in all versions up to, and including, 5.0.1. This is due to the use of htmlentitydecode on shortcode attributes without subsequent output sanitization, which...

6.4CVSS6AI score0.00054EPSS

Exploits0References1

NVD•added 2026/03/11 6:17 a.m.•2 views

CVE-2026-2358

6.4CVSS0.00054EPSS

Exploits0References7

EUVD•added 2026/03/11 5:27 a.m.•0 views

EUVD-2026-11090

6.4CVSS6AI score0.00054EPSS

Exploits0References7

Positive Technologies•added 2026/03/11 12:0 a.m.•0 views

PT-2026-24577

The WP ULike plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wp ulike likers box shortcode template attribute in all versions up to, and including, 5.0.1. This is due to the use of html entity decode on shortcode attributes without subsequent output sanitization, which...

6.4CVSS6AI score0.00054EPSS

Exploits0References10

CNNVD•added 2026/03/11 12:0 a.m.•2 views

WordPress plugin WP ULike 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.7AI score0.00054EPSS

Exploits0References7

Patchstack•added 2026/03/10 10:59 p.m.•2 views

WordPress WP ULike plugin <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attribute vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Plugin WP ULike versions = 5.0.1...

6.4CVSS5.8AI score0.00054EPSS

Exploits0References1Affected Software1

NVD•added 2026/02/03 4:15 a.m.•4 views

CVE-2026-0909

The WP ULike plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.8.3.1. This is due to the wpulikedeletehistoryapi AJAX action not verifying that the log entry being deleted belongs to the current user. This makes it possible for...

5.3CVSS0.00014EPSS

Exploits0References4

Positive Technologies•added 2026/02/03 12:0 a.m.•4 views

PT-2026-5769

The WP ULike plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.8.3.1. This is due to the wp ulike delete history api AJAX action not verifying that the log entry being deleted belongs to the current user. This makes it possible for...

5.3CVSS5.5AI score0.00014EPSS

Exploits0References5

Patchstack•added 2026/02/02 10:13 p.m.•2 views

WordPress WP ULike plugin <= 4.8.3.1 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Log Deletion via 'id' Parameter vulnerability

Insecure Direct Object Reference to Authenticated Subscriber+ Arbitrary Log Deletion via 'id' Parameter vulnerability discovered by Pouria Shahba p0or1ya in WordPress Plugin WP ULike versions = 4.8.3.1...

5.3CVSS5.4AI score0.00014EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/01/09 9:27 a.m.•3 views

CVE-2023-45640

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in TechnoWich WP ULike – Most Advanced WordPress Marketing Toolkit plugin = 4.6.8 versions...

6.5CVSS5.6AI score0.00181EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2018-1909

Malware in sbrugna...

7.5CVSS7.6AI score0.00212EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2018-1906

Malware in sbrugna...

4.8CVSS5.1AI score0.00206EPSS

Exploits1References2

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-2956