CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

74 matches found

NVD•added 2026/03/21 4:16 a.m.•1 views

CVE-2026-1278

The Mandatory Field plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...

4.4CVSS0.00034EPSS

Exploits0References5

Vulnrichment•added 2026/03/21 3:27 a.m.•1 views

CVE-2026-1278 Mandatory Field <= 1.6.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Fields

4.4CVSS5.9AI score0.00034EPSS

Exploits0References5

CVE•added 2026/03/21 3:27 a.m.•4 views

CVE-2026-2837

The CVE-2026-2837 entry describes a Stored Cross-Site Scripting vulnerability in the Ricerca – advanced search WordPress plugin up to version 1.1.12. The issue arises from insufficient input sanitization and output escaping in the plugin’s settings, allowing authenticated users with administrator...

4.4CVSS5.9AI score0.00033EPSS

Exploits0References2

Cvelist•added 2026/03/21 3:26 a.m.•25 views

CVE-2026-1247 Survey <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings

The Survey plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above,...

4.4CVSS0.00034EPSS

Exploits0References5

Positive Technologies•added 2026/03/20 12:0 a.m.•3 views

PT-2026-26585

Name of the Vulnerable Software and Affected Versions CM Custom Reports – Flexible reporting to track what matters most plugin for WordPress versions through 1.2.7 Description The plugin is susceptible to Stored Cross-Site Scripting through admin settings due to inadequate input sanitization and...

4.4CVSS5.9AI score0.0001EPSS

Exploits0References7

Positive Technologies•added 2026/03/07 12:0 a.m.•5 views

PT-2026-23819

The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.26.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...

4.8CVSS5.9AI score0.00029EPSS

Exploits0References5

RedhatCVE•added 2026/02/15 7:10 a.m.•6 views

CVE-2026-2027

The AMP Enhancer – Compatibility Layer for Official AMP Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AMP Custom CSS setting in all versions up to, and including, 1.0.49 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

4.4CVSS5.7AI score0.00042EPSS

Exploits0References1

RedhatCVE•added 2026/01/25 9:16 a.m.•10 views

CVE-2026-1302

The Meta-box GalleryMeta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions a...

4.4CVSS5.7AI score0.00046EPSS

Exploits1References1

Vulnrichment•added 2026/01/24 9:8 a.m.•3 views

CVE-2026-1300 Responsive Header Plugin <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Parameters

The Responsive Header plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple plugin settings parameters in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.9AI score0.00055EPSS

Exploits0References5

Cvelist•added 2026/01/24 7:26 a.m.•30 views

CVE-2026-1084 Cookie consent for developers <= 1.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Multiple Settings Fields

The Cookie consent for developers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple settings fields in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.00015EPSS

Exploits0References5

RedhatCVE•added 2026/01/15 6:21 a.m.•2 views

CVE-2026-0680

The Real Post Slider Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS5AI score0.00019EPSS

Exploits0References1

Vulnrichment•added 2026/01/14 5:28 a.m.•2 views

CVE-2025-15486 Kunze Law <= 2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Kunze Law plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's shortcode in all versions up to, and including, 2.1 due to the plugin fetching HTML content from a remote server and injecting it into pages without any sanitization or escaping. This makes it possible fo...

4.4CVSS4.8AI score0.00019EPSS

Exploits0References3

Cvelist•added 2026/01/07 9:21 a.m.•23 views

CVE-2025-14057 Multi-column Tag Map <= 17.0.39 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'mctm_css_conditional' Parameter

The Multi-column Tag Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 17.0.39 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS0.00005EPSS

Exploits0References4

Cvelist•added 2026/01/07 9:21 a.m.•25 views

CVE-2025-13974 Email Customizer for WooCommerce | Drag and Drop Email Templates Builder <= 2.6.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Email Template Content

The Email Customizer for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email template content in all versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.00006EPSS

Exploits0References4

RedhatCVE•added 2026/01/07 9:12 a.m.•2 views

CVE-2024-2657

The Font Farsi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS5AI score0.00288EPSS

Exploits0References1

Positive Technologies•added 2025/12/20 12:0 a.m.•4 views

PT-2025-52545

Name of the Vulnerable Software and Affected Versions Amazon affiliate lite Plugin versions prior to 1.0.1 Description The “Amazon affiliate lite Plugin” for WordPress is susceptible to Stored Cross-Site Scripting through admin settings. Insufficient input sanitization and output escaping allow...

4.4CVSS5.3AI score0.0002EPSS

Exploits0References7

Cvelist•added 2025/12/12 7:20 a.m.•29 views

CVE-2025-4970 BSK PDF Manager <= 3.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload

The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access an...

5.5CVSS0.00006EPSS

Exploits0References3

Cvelist•added 2025/12/12 3:20 a.m.•28 views

CVE-2025-14035 DebateMaster <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Color Options via 'debate' Shortcode

The DebateMaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the color options in the plugin settings in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.00032EPSS

Exploits0References6

Positive Technologies•added 2025/12/12 12:0 a.m.•5 views

PT-2025-50840

The Contact Form 7 with ChatWork plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api token' and 'roomid' settings in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS5AI score0.00026EPSS

Exploits0References5

RedhatCVE•added 2025/11/13 7:43 a.m.•2 views

CVE-2025-12018

The MembershipWorks – Membership, Events & Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS4.8AI score0.00031EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by