CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

280 matches found

Patchstack•added 2026/03/16 8:46 a.m.•3 views

WordPress Visionary Core plugin <= 1.4.9 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Visionary Core versions = 1.4.9...

7.1CVSS5.8AI score0.00045EPSS

Exploits0Affected Software1

RedhatCVE•added 2026/01/09 11:13 a.m.•3 views

CVE-2016-10964

The dwnldr plugin before 1.01 for WordPress has XSS via the User-Agent HTTP header...

6.1CVSS6AI score0.0019EPSS

Exploits2References1

RedhatCVE•added 2026/01/09 10:45 a.m.•2 views

CVE-2022-0830

The FormBuilder WordPress plugin through 1.08 does not have CSRF checks in place when creating/updating and deleting forms, and does not sanitise as well as escape its form field values. As a result, attackers could make logged in admin update and delete arbitrary forms via a CSRF attack, and put...

6.5CVSS6.4AI score0.00103EPSS

Exploits2References1

RedhatCVE•added 2026/01/09 10:44 a.m.•4 views

CVE-2022-0600

The Conference Scheduler WordPress plugin before 2.4.3 does not sanitize and escape the tab parameter before outputting back in an admin page, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.5AI score0.0021EPSS

Exploits2References1

RedhatCVE•added 2026/01/09 10:34 a.m.•3 views

CVE-2017-18563

The rsvp plugin before 2.3.8 for WordPress has persistent XSS via the note field on the attendee-list screen...

6.1CVSS6AI score0.0021EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:34 a.m.•4 views

CVE-2017-18554

The analytics-tracker plugin before 1.1.1 for WordPress has XSS via a search event...

6.1CVSS6AI score0.0021EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:8 a.m.•4 views

CVE-2024-2019

The WP-DB-Table-Editor plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to lack of a default capability requirement on the 'dbterender' function in all versions up to, and including, 1.8.4. This makes it possible for authenticated...

7.5CVSS6.4AI score0.00951EPSS

Exploits0References1

Patchstack•added 2025/10/18 4:4 a.m.•3 views

WordPress NextMove Lite plugin <= 2.23.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin NextMove Lite versions = 2.23.0...

6.5CVSS6.1AI score0.0003EPSS

Exploits0Affected Software1