Lucene search
K

1111109 matches found

ATTACKERKB
ATTACKERKB
added 1 hour ago2 views

CVE-2026-7796

The EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block 'url' attribute in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping...

6.4CVSS
Exploits0References12
CVE
CVE
added 1 hour ago3 views

CVE-2026-7796 EmbedPress <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block 'url' Attribute

The EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block 'url' attribute in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping...

6.4CVSS
Exploits0References11
Cvelist
Cvelist
added 1 hour ago2 views

CVE-2026-7796 EmbedPress <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block 'url' Attribute

The EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block 'url' attribute in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping...

6.4CVSS
Exploits0References11
CVE
CVE
added 1 hour ago3 views

CVE-2026-7795 Click to Chat <= 4.39 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'num' Shortcode Parameter

The Click to Chat – WA Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the chat shortcode 'num' parameter in all versions up to, and including, 4.38. This is due to insufficient escaping when embedding user-supplied shortcode attribute values inside JavaScript string...

6.4CVSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 1 hour ago1 views

CVE-2026-7795

The Click to Chat – WA Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the chat shortcode 'num' parameter in all versions up to, and including, 4.38. This is due to insufficient escaping when embedding user-supplied shortcode attribute values inside JavaScript string...

6.4CVSS
Exploits0References12
Cvelist
Cvelist
added 1 hour ago2 views

CVE-2026-9280 Ad Inserter <= 2.8.15 - Reflected Cross-Site Scripting via URL Parameters in iframe Mode

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL Parameters in iframe Mode in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 1 hour ago1 views

CVE-2026-8991

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dragndroptext' and 'dragndropbrowsetext' Settings in all versions up to, and including, 1.3.9.7 due to insufficient input sanitization and output escaping. This makes i...

4.4CVSS
Exploits0References9
CVE
CVE
added 1 hour ago2 views

CVE-2026-8991 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'drag_n_drop_text' and 'drag_n_drop_browse_text' Settings

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dragndroptext' and 'dragndropbrowsetext' Settings in all versions up to, and including, 1.3.9.7 due to insufficient input sanitization and output escaping. This makes i...

4.4CVSS
Exploits0References8
Cvelist
Cvelist
added 1 hour ago2 views

CVE-2026-8991 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'drag_n_drop_text' and 'drag_n_drop_browse_text' Settings

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dragndroptext' and 'dragndropbrowsetext' Settings in all versions up to, and including, 1.3.9.7 due to insufficient input sanitization and output escaping. This makes i...

4.4CVSS
Exploits0References8
NVD
NVD
added 1 hour ago4 views

CVE-2026-9281

The Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'jtlmacustomjs' Page Setting Custom JS Extension in all versions up to, and including, 3.1.0 due to insufficient input...

6.4CVSS
Exploits0References8
NVD
NVD
added 1 hour ago3 views

CVE-2026-8438

The All-In-One Security AIOS – Security and Firewall plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.4.7. This is due to insufficient input sanitization in the getrestroute function and missing output escaping in the columndefault method of the...

7.2CVSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2 hours ago2 views

CVE-2026-8901

The Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Form Submission Data in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This make...

7.2CVSS
Exploits0References11
Cvelist
Cvelist
added 2 hours ago5 views

CVE-2026-8901 Integration for Freshsales <= 1.0.15 - Unauthenticated Stored Cross-Site Scripting via Form Submission Data

The Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Form Submission Data in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This make...

7.2CVSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2 hours ago1 views

CVE-2026-8438

The All-In-One Security AIOS – Security and Firewall plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.4.7. This is due to insufficient input sanitization in the getrestroute function and missing output escaping in the columndefault method of the...

7.2CVSS
Exploits0References11
CVE
CVE
added 2 hours ago6 views

CVE-2026-8901

CVE-2026-8901 affects the WordPress plugin “Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More.” It is vulnerable to Stored Cross-Site Scripting via Form Submission Data in all versions up to 1.0.15, caused by insufficient input sanitization and output escapin...

7.2CVSS5.7AI score
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2 hours ago1 views

CVE-2026-9281

The Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'jtlmacustomjs' Page Setting Custom JS Extension in all versions up to, and including, 3.1.0 due to insufficient input...

6.4CVSS
Exploits0References9
CVE
CVE
added 2 hours ago6 views

CVE-2026-9281

The CVE-2026-9281 affects the WordPress plugin Master Addons For Elementor (Widgets/Extensions/Theme Builder/Popup Builder & Template Kits). Vulnerable component: the jtlma_custom_js (Custom JS Extension) page-setting storage, where insufficient input sanitization and output escaping allow a stor...

6.4CVSS5.7AI score
Exploits0References8
RedhatCVE
RedhatCVE
added 2 hours ago5 views

CVE-2026-38579

Multiple reflected Cross-Site Scripting XSS vulnerabilities in damasac thaipalliativelte through version 3.0 allow remote attackers to inject arbitrary web script or HTML via the idFormMain parameter line 24, the id parameter lines 25, 75, and the ptidkey parameter lines 26, 42 in...

5.6AI score
Exploits1References1
RedhatCVE
RedhatCVE
added 2 hours ago2 views

CVE-2026-42547

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assigned to them. This can be abused to falsely attribute fake alerts to customers. In combination wit...

5.4CVSS5.4AI score0.00025EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2 hours ago3 views

CVE-2026-42538

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application can therefore be misused to host phishing pages, amongst other things. This also creates another...

6.3CVSS5.4AI score0.00031EPSS
Exploits0References1
Rows per page
Query Builder