CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

261187 matches found

CVE-2026-5714

The Enable Media Replace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘locationdir’ parameter in all versions up to, and including, 4.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...

6.4CVSS

Exploits0References3

ATTACKERKB•added 11 hours ago•5 views

CVE-2026-7556

The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment text in all versions up to, and including, 7.5.49.7212 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS5.7AI score

Exploits0References7

CVE•added 11 hours ago•10 views

CVE-2026-7556

The FV Flowplayer Video Player plugin for WordPress is affected by a Stored Cross-Site Scripting (XSS) vulnerability in all versions up to 7.5.49.7212. The issue arises from insufficient input sanitization and output escaping in comment text, allowing unauthenticated attackers to inject web scrip...

7.2CVSS5.7AI score

Exploits0References6

Cvelist•added 11 hours ago•8 views

CVE-2026-5714 Enable Media Replace <= 4.1.8 - Authenticated (Author+) Stored Cross-Site Scripting via 'location_dir' Parameter

6.4CVSS

Exploits0References3

Cvelist•added 11 hours ago•8 views

CVE-2026-7556 FV Flowplayer Video Player <= 7.5.49.7212 - Unauthenticated Stored Cross-Site Scripting via Comment Text

7.2CVSS

Exploits0References6

EUVD•added 11 hours ago•4 views

EUVD-2026-35292

7.2CVSS5.7AI score

Exploits0References6

EUVD•added 11 hours ago•4 views

EUVD-2026-35293

6.4CVSS5.7AI score

Exploits0References3

CVE•added 11 hours ago•9 views

CVE-2026-5714

The CVE-2026-5714 entry concerns the WordPress Enable Media Replace plugin. A stored cross-site scripting vulnerability exists via the location_dir parameter in all versions up to 4.1.8, caused by insufficient input sanitization and output escaping. This allows authenticated attackers with Author...

6.4CVSS5.7AI score

Exploits0References3

ATTACKERKB•added 11 hours ago•4 views

CVE-2026-5714

6.4CVSS5.7AI score

Exploits0References4

NVD•added 11 hours ago•10 views

CVE-2026-10862

The Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion body field in all versions up to, and including, 2.3.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Custom-level access and...

6.4CVSS

Exploits0References2

Cvelist•added 12 hours ago•13 views

CVE-2026-10862 Accordions <= 2.3.23 - Authenticated (Custom+) Stored Cross-Site Scripting via Accordion Body Field

6.4CVSS

Exploits0References2

CVE•added 12 hours ago•8 views

CVE-2026-10862

CVE-2026-10862 affects the WordPress plugin Accordions (versions up to and including 2.3.23). The root cause is insufficient input sanitization and output escaping in the Accordion body field, enabling authenticated attackers with Custom-level access or higher to perform Stored Cross-Site Scripti...

6.4CVSS5.7AI score

Exploits0References2

EUVD•added 12 hours ago•6 views

EUVD-2026-35290

6.4CVSS5.7AI score

Exploits0References2

ATTACKERKB•added 12 hours ago•3 views

CVE-2026-10862

6.4CVSS5.7AI score

Exploits0References3

Positive Technologies•added 13 hours ago•3 views

PT-2026-47685

The Recover Exit For WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to and including 1.0.3. This is due to insufficient validation and sanitization of the user-controlled tpf POST parameter before it is used in an include path in the recover exit functio...

8.1CVSS5.7AI score

Exploits0References8

Positive Technologies•added 13 hours ago•3 views

PT-2026-47724

The MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Campaign HTML Content Field in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping. This makes...

6.4CVSS5.7AI score

Exploits0References12

Positive Technologies•added 13 hours ago•4 views

PT-2026-47671

The ePaperFlip Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'publicationid' attribute of the epaperflip embed shortcode in all versions up to, and including, 1. This is due to insufficient input sanitization and output escaping on the shortcode attribute whi...

6.4CVSS5.7AI score

Exploits0References4

Positive Technologies•added 13 hours ago•4 views

PT-2026-47639

The Product Filter Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via 'argsfilterFormArray' Parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS5.7AI score

Exploits0References3

Positive Technologies•added 13 hours ago•3 views

PT-2026-47675

The WP ApplicantStack Jobs Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.7AI score

Exploits0References4

Positive Technologies•added 13 hours ago•4 views

PT-2026-47635

7.2CVSS5.7AI score

Exploits0References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by