382 matches found
WordPress Spectra - WordPress Gutenberg Blocks plugin <= 2.12.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Gallery Block vulnerability
WordPress Spectra - WordPress Gutenberg Blocks plugin = 2.12.8 - Authenticated Contributor+ Stored Cross-Site Scripting via Image Gallery Block vulnerability discovered by wesley wcraft in WordPress Plugin Spectra versions = 2.12.8...
WordPress Premium Addons PRO plugin <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multi Scroll Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Multi Scroll Widget vulnerability discovered by wesley wcraft in WordPress Plugin Premium Addons PRO versions = 2.9.12...
WordPress Elementor Addon Elements plugin <= 1.13.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Twitter Widget vulnerability discovered by wesley wcraft in WordPress Plugin Elementor Addon Elements versions = 1.13.3...
WordPress Beaver Builder Addons by WPZOOM plugin <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Image Box Widget vulnerability discovered by Francesco Carlucci in WordPress Plugin Beaver Builder Addons by WPZOOM versions = 1.3.4...
WordPress Exclusive Addons for Elementor plugin <= 2.6.9.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Post Grid vulnerability
AuthenticatedContributor+ Stored Cross-Site Scripting via Post Grid vulnerability discovered by wesley wcraft in WordPress Plugin Exclusive Addons Elementor versions = 2.6.9.2...
WordPress EmbedPress plugin <= 3.9.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Youtube Block vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Youtube Block vulnerability discovered by João Pedro Soares de Alcântara - Kinorth in WordPress Plugin EmbedPress versions = 3.9.14...
WordPress Colibri Page Builder plugin <= 1.0.276 - Authenticated (Contributor+) Stored Cross-Site Scripting via colibri_video_player Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via colibrivideoplayer Shortcode vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Colibri Page Builder versions = 1.0.276...
WordPress Happy Addons for Elementor plugin <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Stack Group, Photo Stack, & Horizontal Timeline vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Image Stack Group, Photo Stack, & Horizontal Timeline vulnerability discovered by stealthcopter in WordPress Plugin Happy Addons for Elementor versions = 3.10.4...
WordPress Essential Addons for Elementor plugin <= 5.9.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery & Interactive Circle vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Filterable Gallery & Interactive Circle vulnerability discovered by stealthcopter in WordPress Plugin Essential Addons for Elementor versions = 5.9.15...
WordPress Salient Shortcodes plugin <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by István Márton - Wordfence in WordPress Plugin Salient Shortcodes versions = 1.5.3...
WordPress Royal Elementor Addons and Templates plugin <= 1.3.975 - Authenticated (Contributor+) Stored Cross-Site Scripting via Back to Top Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Back to Top Widget vulnerability discovered by wesley wcraft in WordPress Plugin Royal Elementor Addons versions = 1.3.975...
WordPress Premium Addons for Elementor plugin <= 4.10.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fancy Text Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Fancy Text Widget vulnerability discovered by Webbernaut in WordPress Plugin Premium Addons for Elementor versions = 4.10.31...
WordPress Elementor Addon Elements plugin <= 1.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via id and eae_slider_animation Parameters vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via id and eaeslideranimation Parameters vulnerability discovered by stealthcopter in WordPress Plugin Elementor Addon Elements versions = 1.13.5...
WordPress Essential Addons for Elementor plugin <= 5.9.19 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Several Widgets vulnerability
Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via Several Widgets vulnerability discovered by Webbernaut in WordPress Plugin Essential Addons for Elementor versions = 5.9.19...
CVE-2026-1244 Forms Bridge <= 4.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute
The Forms Bridge – Infinite integrations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute in the 'financoopcampaign' shortcode in all versions up to, and including, 4.2.5. This is due to insufficient input sanitization and output escaping on the...
WordPress Simple Folio plugin <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Client name' and 'Link' Meta Fields vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'Client name' and 'Link' Meta Fields vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Simple Folio versions = 1.1.1...
CVE-2026-1099 Administrative Shortcodes <= 0.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'login' and 'logout' Shortcode Attributes
The Administrative Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'login' and 'logout' shortcode attributes in all versions up to, and including, 0.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
WordPress Canto Testimonials plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'fx' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'fx' Shortcode Attribute vulnerability discovered by theviper17y in WordPress Plugin Canto Testimonials versions = 1.0...
WordPress Schema & Structured Data for WP & AMP plugin <= 1.54 - Authenticated (Contributor+) Stored Cross-Site Scripting via User Custom Schema vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via User Custom Schema vulnerability discovered by type5afe in WordPress Plugin Schema & Structured Data for WP & AMP versions = 1.54...
WordPress RSS Aggregator plugin <= 5.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via wp-rss-aggregator Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via wp-rss-aggregator Shortcode vulnerability discovered by zaim in WordPress Plugin WP RSS Aggregator versions = 5.0.10...