CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

68 matches found

CVE•added 2026/05/27 7:45 a.m.•9 views

CVE-2026-8906

The CVE-2026-8906 entry affects the WordPress WP Promoter plugin (versions up to 1.3). The root cause is missing or incorrect nonce validation enabling Cross-Site Request Forgery, allowing unauthenticated attackers to update settings and inject malicious scripts via forged requests (notably relat...

6.1CVSS5.7AI score0.00014EPSS

Exploits0References5

Vulnrichment•added 2026/05/27 7:45 a.m.•7 views

CVE-2026-8906 WP Promoter <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'popup_width' Parameter

The WP Promoter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts...

6.1CVSS5.7AI score0.00014EPSS

Exploits0References5

RedhatCVE•added 2026/02/15 7:10 a.m.•4 views

CVE-2026-1905

The Sphere Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter in the 'showsphereimage' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.7AI score0.00043EPSS

Exploits0References1

NVD•added 2026/02/14 7:16 a.m.•3 views

CVE-2026-1905

6.4CVSS0.00043EPSS

Exploits0References3

ATTACKERKB•added 2026/02/14 6:42 a.m.•2 views

CVE-2026-1905

6.4CVSS5.7AI score0.00043EPSS

Exploits0References4

Vulnrichment•added 2026/02/14 6:42 a.m.•1 views

CVE-2026-1905 Sphere Manager <= 1.0.2 - Authenticated (Contributor+) Cross-Site Scripting via 'width' Shortcode Attribute

6.4CVSS5.7AI score0.00043EPSS

Exploits0References3

Positive Technologies•added 2026/02/14 12:0 a.m.•1 views

PT-2026-8080

The Sphere Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter in the 'show sphere image' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.7AI score0.00043EPSS

Exploits0References4

RedhatCVE•added 2026/02/12 1:43 p.m.•2 views

CVE-2026-1826

The OpenPOS Lite – Point of Sale for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter of the orderqrcode shortcode in all versions up to, and including, 3.0 due to insufficient input sanitization and output escaping. This makes it possible fo...

6.4CVSS5.8AI score0.00015EPSS

Exploits0References1

NVD•added 2026/02/11 9:15 a.m.•4 views

CVE-2026-1826

6.4CVSS0.00015EPSS

Exploits0References4

Cvelist•added 2026/02/11 8:26 a.m.•17 views

CVE-2026-1826 OpenPOS Lite <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

6.4CVSS0.00015EPSS

Exploits0References4

Vulnrichment•added 2026/02/11 8:26 a.m.•2 views

CVE-2026-1826 OpenPOS Lite <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

6.4CVSS5.8AI score0.00015EPSS

Exploits0References4

CVE•added 2026/02/11 8:26 a.m.•9 views

CVE-2026-1826

CVE-2026-1826 affects the WordPress plugin OpenPOS Lite – Point of Sale for WooCommerce (versions up to 3.0). The issue is a Stored Cross-Site Scripting via the short code attribute width on the order_qrcode shortcode, caused by insufficient input sanitization and output escaping. Exploitation re...

6.4CVSS5.8AI score0.00015EPSS

Exploits0References4

Positive Technologies•added 2026/02/11 12:0 a.m.•3 views

PT-2026-7502

The OpenPOS Lite – Point of Sale for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter of the order qrcode shortcode in all versions up to, and including, 3.0 due to insufficient input sanitization and output escaping. This makes it possible f...

6.4CVSS5.8AI score0.00015EPSS

Exploits0References4

RedhatCVE•added 2025/12/13 3:59 a.m.•1 views

CVE-2025-13846

The Easy Map Creator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acces...

6.4CVSS5AI score0.00031EPSS

Exploits0References1

EUVD•added 2025/12/12 6:31 a.m.•1 views

EUVD-2025-202991

6.4CVSS4.7AI score0.00031EPSS

Exploits0References4

NVD•added 2025/12/12 4:15 a.m.•3 views

CVE-2025-13846

6.4CVSS0.00031EPSS

Exploits0References3

Cvelist•added 2025/12/12 3:20 a.m.•24 views

CVE-2025-13846 Easy Map Creator <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

6.4CVSS0.00031EPSS

Exploits0References3

CVE•added 2025/12/12 3:20 a.m.•5 views

CVE-2025-13846

CVE-2025-13846 concerns the Easy Map Creator WordPress plugin. It specifies a Stored Cross-Site Scripting (XSS) vulnerability via shortcode handling (notably the width attribute) affecting all versions up to and including 3.0.2. The issue requires an attacker to have at least Contributor-level ac...

6.4CVSS4.7AI score0.00031EPSS

Exploits0References3

Vulnrichment•added 2025/12/12 3:20 a.m.•1 views

CVE-2025-13846 Easy Map Creator <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

6.4CVSS4.7AI score0.00031EPSS

Exploits0References3

Positive Technologies•added 2025/12/12 12:0 a.m.•1 views

PT-2025-50824

6.4CVSS5AI score0.00031EPSS

Exploits0References4

Rows per page