CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/05/27 11:16 a.m.•7 views

CVE-2026-2280

The rexCrawler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.8CVSS0.00025EPSS

Cvelist•added 2026/05/27 9:27 a.m.•27 views

CVE-2026-3348 MinhNhut Link Gateway <= 3.6.1 - Authenticated (Admin+) Stored Cross-Site Scripting via Plugin Settings

The MinhNhut Link Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings Description, Title, and other fields in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

4.4CVSS0.00035EPSS

Exploits0References3

Vulnrichment•added 2026/05/27 9:27 a.m.•6 views

CVE-2026-2288 myLinksDump <= 1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'link_title' Parameter

4.8CVSS6AI score0.00032EPSS

ATTACKERKB•added 2026/05/27 9:27 a.m.•10 views

CVE-2026-3348

4.4CVSS6AI score0.00035EPSS

Exploits0References4

ATTACKERKB•added 2026/05/27 9:27 a.m.•8 views

CVE-2026-2288

4.8CVSS6AI score0.00032EPSS

Vulnrichment•added 2026/05/27 9:27 a.m.•9 views

CVE-2026-3348 MinhNhut Link Gateway <= 3.6.1 - Authenticated (Admin+) Stored Cross-Site Scripting via Plugin Settings

4.4CVSS6AI score0.00035EPSS

Exploits0References3

EUVD•added 2026/05/27 9:27 a.m.•8 views

EUVD-2026-32173

4.8CVSS6AI score0.00025EPSS

Positive Technologies•added 2026/05/27 12:0 a.m.•7 views

PT-2026-43633

4.8CVSS6AI score0.00025EPSS

Cvelist•added 2026/05/13 4:26 a.m.•33 views

CVE-2025-9989 Broadstreet <= 1.53.1 - Authenticated (Admin+) Stored Cross-Site Scripting

The Broadstreet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.53.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.4CVSS0.00029EPSS

Exploits0References2

EUVD•added 2026/05/13 4:26 a.m.•4 views

EUVD-2025-209820

4.4CVSS6AI score0.00029EPSS

Exploits0References2

Positive Technologies•added 2026/05/13 12:0 a.m.•6 views

PT-2026-40560

4.4CVSS6AI score0.00029EPSS

Exploits0References2

EUVD•added 2026/05/12 12:32 p.m.•7 views

EUVD-2026-29443

The FastBots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

CVE•added 2026/05/12 9:29 a.m.•12 views

CVE-2026-6813

The CVE-2026-6813 entry concerns the WordPress Continually plugin (versions up to 4.3.1). It describes a Stored Cross-Site Scripting vulnerability in admin settings caused by insufficient input sanitization and output escaping, exploitable by authenticated attackers with administrator-level permi...

CVE•added 2026/05/12 9:29 a.m.•13 views

CVE-2026-6800

The CVE-2026-6800 entry concerns the WordPress FastBots plugin (versions up to 1.0.12). The vulnerability is a Stored Cross-Site Scripting flaw in admin settings caused by insufficient input sanitization and output escaping. It affects multi-site installations and installs where unfiltered_html i...

Cvelist•added 2026/05/12 9:29 a.m.•33 views

CVE-2026-6800 FastBots <= 1.0.12 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings

4.4CVSS0.0003EPSS

Vulnrichment•added 2026/05/12 9:29 a.m.•6 views

CVE-2026-6800 FastBots <= 1.0.12 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings

RedhatCVE•added 2026/05/04 8:21 p.m.•3 views

CVE-2026-6447

The Call for Price for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS6AI score0.00011EPSS

Exploits0References1

CVE•added 2026/05/02 5:29 a.m.•8 views

CVE-2026-6447

The CVE-2026-6447 entry describes a Stored Cross-Site Scripting vulnerability in the Call for Price for WooCommerce plugin for WordPress, affecting all versions up to and including 4.2.0. The root cause is insufficient input sanitization and output escaping in admin settings, allowing authenticat...

4.4CVSS6AI score0.00011EPSS

Vulnrichment•added 2026/05/02 5:29 a.m.•3 views

CVE-2026-6447 Call for Price for WooCommerce <= 4.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Call for Price' Label Settings

4.4CVSS6AI score0.00011EPSS