CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

263661 matches found

ATTACKERKB•added 2026/06/02 7:48 a.m.•7 views

CVE-2026-9599

The Tectite Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the admininit function. This makes it possible for unauthenticated attackers to modify the plugin's settings,...

4.3CVSS5.7AI score0.00128EPSS

Exploits0References5

Vulnrichment•added 2026/06/02 7:48 a.m.•9 views

CVE-2026-9599 Tectite Forms <= 1.3 - Cross-Site Request Forgery to Settings Update

4.3CVSS5.7AI score0.00128EPSS

Exploits0References4

EUVD•added 2026/06/02 7:48 a.m.•11 views

EUVD-2026-33895

The Word Replacer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'replacement' parameter in all versions up to, and including, 0.4. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS6AI score0.00246EPSS

Exploits0References9

Vulnrichment•added 2026/06/02 7:48 a.m.•9 views

CVE-2026-3620 Word Replacer <= 0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Replacement' Parameter

4.4CVSS6AI score0.00246EPSS

Exploits0References9

EUVD•added 2026/06/02 7:48 a.m.•10 views

EUVD-2026-33894

4.3CVSS5.7AI score0.00128EPSS

Exploits0References4

ATTACKERKB•added 2026/06/02 7:48 a.m.•7 views

CVE-2026-3620

4.4CVSS6AI score0.00246EPSS

Exploits0References10

CVE•added 2026/06/02 7:48 a.m.•16 views

CVE-2026-9599

The CVE-2026-9599 entry describes a CSRF vulnerability in the WordPress Tectite Forms plugin (versions up to and including 1.3) caused by missing or incorrect nonce validation in admin_init. This allows unauthenticated attackers to modify plugin settings (e.g., tectite_forms_button) through forge...

4.3CVSS5.7AI score0.00128EPSS

Exploits0References4

CVE•added 2026/06/02 7:48 a.m.•20 views

CVE-2026-3620

CVE-2026-3620 – Word Replacer (WordPress) is vulnerable to Stored Cross-Site Scripting via the replacement parameter in all versions up to 0.4. The root cause is insufficient input sanitization and output escaping, allowing authenticated attackers with Administrator-level access and above to inje...

4.4CVSS6AI score0.00246EPSS

Exploits0References9

EUVD•added 2026/06/02 7:48 a.m.•14 views

EUVD-2026-33893

The DeMomentSomTres Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'callout' shortcode in all versions up to, and including, 1.1.1. This is due to insufficient input sanitization and output escaping on the 'width' and 'align' shortcode attributes...

6.4CVSS6AI score0.00181EPSS

Exploits0References3

CVE•added 2026/06/02 7:48 a.m.•15 views

CVE-2026-8885

The CVE-2026-8885 entry concerns the WordPress plugin DeMomentSomTres Shortcodes (versions

6.4CVSS6AI score0.00181EPSS

Exploits0References3

EUVD•added 2026/06/02 7:48 a.m.•12 views

EUVD-2026-33891

The hiWeb Migration Simple plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'newdomain' parameter in all versions up to, and including, 2.0.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6AI score0.00208EPSS

Exploits0References3

Vulnrichment•added 2026/06/02 7:48 a.m.•10 views

CVE-2026-2425 hiWeb Migration Simple <= 2.0.0.1 - Reflected Cross-Site Scripting via 'new_domain' Parameter

6.1CVSS6AI score0.00208EPSS

Exploits0References3

Vulnrichment•added 2026/06/02 7:48 a.m.•8 views

CVE-2026-8885 DeMomentSomTres Shortcodes <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

6.4CVSS6AI score0.00181EPSS

Exploits0References3

ATTACKERKB•added 2026/06/02 7:48 a.m.•8 views

CVE-2026-2425

6.1CVSS6AI score0.00208EPSS

Exploits0References4

Cvelist•added 2026/06/02 7:48 a.m.•41 views

CVE-2026-2425 hiWeb Migration Simple <= 2.0.0.1 - Reflected Cross-Site Scripting via 'new_domain' Parameter

6.1CVSS0.00208EPSS

Exploits0References3

ATTACKERKB•added 2026/06/02 7:48 a.m.•9 views

CVE-2026-4080

The Easy Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'addtocart' shortcode in all versions up to and including 1.8. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Specifically, the ectpaddtocart function...

6.4CVSS6AI score0.00243EPSS

Exploits0References16

Cvelist•added 2026/06/02 7:48 a.m.•37 views

CVE-2026-4080 Easy Cart <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

6.4CVSS0.00243EPSS

Exploits0References15

Vulnrichment•added 2026/06/02 7:48 a.m.•9 views

CVE-2026-4080 Easy Cart <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

6.4CVSS6AI score0.00243EPSS

Exploits0References15

EUVD•added 2026/06/02 7:48 a.m.•12 views

EUVD-2026-33892

6.4CVSS6AI score0.00243EPSS

Exploits0References15

CVE•added 2026/06/02 7:48 a.m.•17 views

CVE-2026-4080

The CVE concerns the WordPress Easy Cart plugin (versions ≤ 1.8). The vulnerability is Stored Cross-Site Scripting via the add_to_cart shortcode attributes, due to insufficient input sanitization and output escaping in ectp_add_to_cart(). Specifically, sanitize_text_field() is applied to shortcod...

6.4CVSS6AI score0.00243EPSS

Exploits0References15

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by