CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/06/06 2:28 a.m.•7 views

CVE-2026-7796

EUVD•added 2026/06/06 2:28 a.m.•8 views

Exploits0References12

EUVD-2026-34951

Vulnrichment•added 2026/06/06 2:28 a.m.•8 views

CVE-2026-7796 EmbedPress <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block 'url' Attribute

CVE•added 2026/06/06 2:28 a.m.•17 views

CVE-2026-7796

Technical details (affected plugin version, root cause, exploit specifics) are not provided in the supplied documents; monitor for updates.

RedhatCVE•added 2026/06/05 7:28 p.m.•6 views

CVE-2026-4081

The ZeM STL plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the zemstl shortcode in all versions up to and including 1.0. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes, specifically the 'url', 'color', and 'bgcolor'...

6.4CVSS5.7AI score0.00248EPSS

NVD•added 2026/05/27 4:16 a.m.•8 views

CVE-2026-9022

The Splide Carousel Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'url' Block Attribute in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

6.4CVSS0.00197EPSS

Cvelist•added 2026/05/27 2:27 a.m.•28 views

CVE-2026-9022 Splide Carousel Block <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'url' Block Attribute

6.4CVSS0.00197EPSS

EUVD•added 2026/05/27 2:27 a.m.•8 views

EUVD-2026-32042

6.4CVSS5.9AI score0.00197EPSS

CVE•added 2026/05/27 2:27 a.m.•13 views

CVE-2026-9022

The Splide Carousel Block plugin for WordPress is vulnerable to a Stored Cross-Site Scripting (XSS) via the 'url' Block Attribute in all versions up to and including 1.7.1. Root cause: insufficient input sanitization and output escaping. Exploitation requires an authenticated attacker with contri...

6.4CVSS5.9AI score0.00197EPSS

Positive Technologies•added 2026/05/21 12:0 a.m.•11 views

PT-2026-44727

Name of the Vulnerable Software and Affected Versions symfony/html-sanitizer versions prior to 6.4 Description The UrlAttributeSanitizer visitor fails to validate the schemes of several URL-valued attributes because they are missing from the getSupportedAttributes list. Specifically, the action...

5.1CVSS5.2AI score0.00082EPSS

Exploits0References14

Cvelist•added 2026/02/18 8:26 a.m.•29 views

CVE-2026-2127 SiteOrigin Widgets Bundle <= 1.70.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to unauthorized arbitrary shortcode execution in all versions up to, and including, 1.70.4. This is due to a missing capability check on the siteoriginwidgetpreviewwidgetaction function which is registered via the...

5.4CVSS0.00284EPSS

Exploits0References6

RedhatCVE•added 2025/10/23 9:13 a.m.•7 views

CVE-2025-11807

The Mixlr Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mixlr' shortcode in all versions up to, and including, 1.0.1. This is due to insufficient input sanitization and output escaping on the 'url' attribute. This makes it possible for authenticated attacker...

6.4CVSS5AI score0.00193EPSS

EUVD•added 2025/10/22 8:27 a.m.•2 views

EUVD-2025-35345

6.4CVSS4.6AI score0.00193EPSS

Exploits0References5

Vulnrichment•added 2025/10/22 8:27 a.m.•2 views

CVE-2025-11807 Mixlr Shortcode <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4CVSS4.7AI score0.00193EPSS

Exploits0References3

Cvelist•added 2025/10/22 8:27 a.m.•6 views

CVE-2025-11807 Mixlr Shortcode <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4CVSS0.00193EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-28611

Malicious code in bioql PyPI...

6.4CVSS6.3AI score0.00165EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 9:19 a.m.•2 views

CVE-2024-5757

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url attribute within the plugin's Site Title widget in all versions up to, and including, 1.6.35 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5AI score0.00401EPSS

RedhatCVE•added 2025/05/23 9:16 a.m.•3 views

CVE-2024-5571

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's EmbedPress PDF widget in all versions up to, and...

6.4CVSS5AI score0.00314EPSS