Lucene search
K

382 matches found

Patchstack
Patchstack
added 2026/02/02 8:8 p.m.8 views

WordPress Spectra - WordPress Gutenberg Blocks plugin <= 2.12.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Gallery Block vulnerability

WordPress Spectra - WordPress Gutenberg Blocks plugin = 2.12.8 - Authenticated Contributor+ Stored Cross-Site Scripting via Image Gallery Block vulnerability discovered by wesley wcraft in WordPress Plugin Spectra versions = 2.12.8...

6.4CVSS5.2AI score0.00265EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/02 7:55 p.m.10 views

WordPress Premium Addons PRO plugin <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multi Scroll Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Multi Scroll Widget vulnerability discovered by wesley wcraft in WordPress Plugin Premium Addons PRO versions = 2.9.12...

6.4CVSS7.1AI score0.00423EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/02 7:41 p.m.8 views

WordPress Elementor Addon Elements plugin <= 1.13.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Twitter Widget vulnerability discovered by wesley wcraft in WordPress Plugin Elementor Addon Elements versions = 1.13.3...

5.4CVSS5.2AI score0.00322EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/02 7:28 p.m.8 views

WordPress Beaver Builder Addons by WPZOOM plugin <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Image Box Widget vulnerability discovered by Francesco Carlucci in WordPress Plugin Beaver Builder Addons by WPZOOM versions = 1.3.4...

6.4CVSS8.3AI score0.00423EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/02 2:36 p.m.7 views

WordPress Exclusive Addons for Elementor plugin <= 2.6.9.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Post Grid vulnerability

AuthenticatedContributor+ Stored Cross-Site Scripting via Post Grid vulnerability discovered by wesley wcraft in WordPress Plugin Exclusive Addons Elementor versions = 2.6.9.2...

6.4CVSS5.3AI score0.00434EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/02 12:54 p.m.8 views

WordPress EmbedPress plugin <= 3.9.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Youtube Block vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Youtube Block vulnerability discovered by João Pedro Soares de Alcântara - Kinorth in WordPress Plugin EmbedPress versions = 3.9.14...

6.4CVSS5.3AI score0.00323EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/02 12:44 p.m.6 views

WordPress Colibri Page Builder plugin <= 1.0.276 - Authenticated (Contributor+) Stored Cross-Site Scripting via colibri_video_player Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via colibrivideoplayer Shortcode vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Colibri Page Builder versions = 1.0.276...

6.4CVSS5.3AI score0.00263EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/02 9:26 a.m.7 views

WordPress Happy Addons for Elementor plugin <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Stack Group, Photo Stack, & Horizontal Timeline vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Image Stack Group, Photo Stack, & Horizontal Timeline vulnerability discovered by stealthcopter in WordPress Plugin Happy Addons for Elementor versions = 3.10.4...

6.4CVSS5.3AI score0.00548EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/02 9:21 a.m.8 views

WordPress Essential Addons for Elementor plugin <= 5.9.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery & Interactive Circle vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Filterable Gallery & Interactive Circle vulnerability discovered by stealthcopter in WordPress Plugin Essential Addons for Elementor versions = 5.9.15...

6.4CVSS5.2AI score0.00557EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/02 9:19 a.m.8 views

WordPress Salient Shortcodes plugin <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by István Márton - Wordfence in WordPress Plugin Salient Shortcodes versions = 1.5.3...

6.4CVSS5.3AI score0.00267EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/02 9:10 a.m.7 views

WordPress Royal Elementor Addons and Templates plugin <= 1.3.975 - Authenticated (Contributor+) Stored Cross-Site Scripting via Back to Top Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Back to Top Widget vulnerability discovered by wesley wcraft in WordPress Plugin Royal Elementor Addons versions = 1.3.975...

6.4CVSS5.4AI score0.00324EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/02 9:3 a.m.7 views

WordPress Premium Addons for Elementor plugin <= 4.10.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fancy Text Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Fancy Text Widget vulnerability discovered by Webbernaut in WordPress Plugin Premium Addons for Elementor versions = 4.10.31...

6.4CVSS5.3AI score0.00332EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/02 9:1 a.m.6 views

WordPress Elementor Addon Elements plugin <= 1.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via id and eae_slider_animation Parameters vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via id and eaeslideranimation Parameters vulnerability discovered by stealthcopter in WordPress Plugin Elementor Addon Elements versions = 1.13.5...

6.4CVSS5.3AI score0.0031EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/02 8:59 a.m.6 views

WordPress Essential Addons for Elementor plugin <= 5.9.19 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Several Widgets vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via Several Widgets vulnerability discovered by Webbernaut in WordPress Plugin Essential Addons for Elementor versions = 5.9.19...

6.4CVSS5.2AI score0.00343EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/28 6:43 a.m.5 views

CVE-2026-1244 Forms Bridge <= 4.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute

The Forms Bridge – Infinite integrations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute in the 'financoopcampaign' shortcode in all versions up to, and including, 4.2.5. This is due to insufficient input sanitization and output escaping on the...

6.4CVSS6AI score0.00251EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/01/28 1:35 a.m.10 views

WordPress Simple Folio plugin <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Client name' and 'Link' Meta Fields vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'Client name' and 'Link' Meta Fields vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Simple Folio versions = 1.1.1...

6.4CVSS5.9AI score0.00281EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/24 7:26 a.m.6 views

CVE-2026-1099 Administrative Shortcodes <= 0.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'login' and 'logout' Shortcode Attributes

The Administrative Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'login' and 'logout' shortcode attributes in all versions up to, and including, 0.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS6AI score0.00232EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/01/24 5:43 a.m.7 views

WordPress Canto Testimonials plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'fx' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'fx' Shortcode Attribute vulnerability discovered by theviper17y in WordPress Plugin Canto Testimonials versions = 1.0...

6.4CVSS5.4AI score0.0025EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/23 7:44 a.m.7 views

WordPress Schema & Structured Data for WP & AMP plugin <= 1.54 - Authenticated (Contributor+) Stored Cross-Site Scripting via User Custom Schema vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via User Custom Schema vulnerability discovered by type5afe in WordPress Plugin Schema & Structured Data for WP & AMP versions = 1.54...

6.4CVSS5.4AI score0.0024EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/23 7:39 a.m.7 views

WordPress RSS Aggregator plugin <= 5.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via wp-rss-aggregator Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via wp-rss-aggregator Shortcode vulnerability discovered by zaim in WordPress Plugin WP RSS Aggregator versions = 5.0.10...

6.4CVSS5.4AI score0.00232EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder