Lucene search
K

2550 matches found

NVD
NVD
added 2 days ago8 views

CVE-2025-6784

The Code Engine plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 0.3.5 via the 'code-engine' shortcode. This is due to the plugin not restricting access to the code injecting functionality of the plugin. This makes it possible for authenticated...

8.8CVSS0.00483EPSS
Exploits0References2
CVE
CVE
added 2 days ago14 views

CVE-2026-1382

The CVE-2026-1382 entry covers the WordPress plugin “fresh Podcaster” up to version 1.0.7. The vulnerability is a Stored Cross-Site Scripting (stored XSS) flaw in the freshpodcaster shortcode attributes, caused by insufficient input sanitization and output escaping on user-supplied data. Impact i...

6.4CVSS6.2AI score0.00193EPSS
Exploits0References4
EUVD
EUVD
added 2 days ago8 views

EUVD-2025-210455

The Code Engine plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 0.3.5 via the 'code-engine' shortcode. This is due to the plugin not restricting access to the code injecting functionality of the plugin. This makes it possible for authenticated...

8.8CVSS6.3AI score0.00483EPSS
Exploits0References2
NVD
NVD
added 2 days ago7 views

CVE-2026-15096

The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Map Module 'bwidthmap' Field in all versions up to, and including, 7.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

6.4CVSS0.00193EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-43142

The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premiumtooltiptext' parameter in all versions up to, and including, 4.11.84 due to insufficient input sanitization and output escaping. This makes i...

4.9CVSS6.2AI score0.00193EPSS
Exploits0References5
CVE
CVE
added 2 days ago8 views

CVE-2025-13968

The CVE concerns the WordPress plug-in Starboard Suite Reservation Calendars (WordPress). It is vulnerable to Stored Cross-Site Scripting via the [starboard-suite-lightbox] shortcode attributes in all versions up to and including 3.1.4 due to insufficient input sanitization and output escaping. T...

6.4CVSS6.2AI score0.00201EPSS
Exploits0References6
CVE
CVE
added 2 days ago9 views

CVE-2026-15096

The CVE concerns the Themify Builder WordPress plugin. A Stored Cross-Site Scripting (XSS) flaw exists in the Map Module’s b_width_map field across all versions up to 7.7.6, caused by insufficient input sanitization and output escaping. Authenticated attackers with contributor-level access or hig...

6.4CVSS6.2AI score0.00193EPSS
Exploits0References5
CVE
CVE
added 2 days ago10 views

CVE-2026-13116

CVE-2026-13116 affects the PDF Invoices & Packing Slips for WooCommerce plugin (WordPress) ≤ 5.14.0. Issue: Insecure Direct Object Reference via generate_document_shortcode caused by missing validation on a user-controlled key. Consequence: authenticated attackers with contributor+ access can min...

4.3CVSS6.1AI score0.00223EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2 days ago11 views

PT-2026-57392

Name of the Vulnerable Software and Affected Versions Themify Builder versions prior to 7.7.7 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. Authenticated attackers with contributor-level access or higher can inject arbitrary web scripts...

6.4CVSS6.2AI score0.00201EPSS
Exploits0References9
CVE
CVE
added 3 days ago15 views

CVE-2026-13247

CVE-2026-13247 affects the WordPress plugin Logo Slider – Logo Carousel, Client Logo Slider & Brand Showcase (versions up to 5.5). The vulnerability is a stored cross-site scripting via the lgx_tooltip_position parameter caused by insufficient input sanitization and output escaping. Exploitation ...

6.4CVSS6.2AI score0.00193EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 3 days ago6 views

CVE-2026-13247

The Logo Slider – Logo Carousel, Client Logo Slider & Brand Showcase for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lgxtooltipposition' parameter in all versions up to, and including, 5.5 due to insufficient input sanitization and output escaping. This...

6.4CVSS6.2AI score0.00193EPSS
Exploits0References6
CVE
CVE
added 3 days ago9 views

CVE-2026-13710

The Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress is affected by a Stored Cross-Site Scripting vulnerability in the Image Box widget’s sg_body_description parameter, affecting versions up to 3.2.6. The issue stems from insufficient input sanitization and...

6.4CVSS6.2AI score0.00206EPSS
Exploits0References8
EUVD
EUVD
added 3 days ago9 views

EUVD-2026-42861

The Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Box widget's 'sgbodydescription' parameter in versions up to, and including, 3.2.6. This is due to insufficient input...

6.4CVSS6.2AI score0.00206EPSS
Exploits0References8
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-13710 Jeg Kit for Elementor <= 3.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sg_body_description' Parameter via 'jkit_image_box' Shortcode/Widget

The Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Box widget's 'sgbodydescription' parameter in versions up to, and including, 3.2.6. This is due to insufficient input...

6.4CVSS0.00206EPSS
Exploits0References8
CVE
CVE
added 3 days ago7 views

CVE-2026-12924

Eventin WordPress plugin (WP Event Solution) ≤ 4.1.15 is vulnerable to Stored Cross‑Site Scripting via the etn_faq_content parameter due to insufficient input sanitization and output escaping. Exploitation requires contributor‑level authentication or higher, enabling injection of scripts that exe...

6.4CVSS6.2AI score0.00206EPSS
Exploits0References8
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-42843

The Eventin – Event Calendar, Event Registration, Tickets & Booking AI Powered plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'etnfaqcontent' parameter in all versions up to, and including, 4.1.15 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS6.2AI score0.00206EPSS
Exploits0References8
Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-3907 Hostel <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wphostel-book' Shortcode

The Hostel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wphostel-book' shortcode in all versions up to and including 1.1.7. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Specifically, the second shortcode...

6.4CVSS0.00206EPSS
Exploits0References8
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-12924 Eventin <= 4.1.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'etn_faq_content' Parameter

The Eventin – Event Calendar, Event Registration, Tickets & Booking AI Powered plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'etnfaqcontent' parameter in all versions up to, and including, 4.1.15 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS0.00206EPSS
Exploits0References8
NVD
NVD
added 3 days ago10 views

CVE-2026-15301

The BuddyHolis TableSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘placeholder’ parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00156EPSS
Exploits0References2
CVE
CVE
added 3 days ago6 views

CVE-2026-15301

The CVE-2026-15301 entry affects the BuddyHolis TableSearch plugin for WordPress. All versions up to and including 1.1.0 are vulnerable to Stored Cross-Site Scripting via the placeholder parameter due to insufficient input sanitization and output escaping. The vulnerability allows authenticated a...

6.4CVSS6.1AI score0.00156EPSS
Exploits0References2
Rows per page
Query Builder