Lucene search
K

1116630 matches found

CVE
CVE
added 2 hours ago5 views

CVE-2026-12732

The LearnPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'classwrapperform' shortcode attribute in versions up to, and including, 4.4.0. This is due to insufficient input sanitization and output escaping in the FilterCourseTemplate::sections method at line 98, wher...

6.4CVSS5.9AI score
Exploits0References4
CVE
CVE
added 4 hours ago6 views

CVE-2026-11570

Summary (CVE-2026-11570): The WordPress plugin User Submitted Posts (pre-20260608) does not escape a submitted value before rendering it in an admin-configured display template, causing a stored XSS flaw. The issue can be triggered by unauthenticated users when a non-default display option is ena...

5.7AI score
Exploits0References1
CVE
CVE
added 5 hours ago3 views

CVE-2026-11380

The CVE-2026-11380 entry concerns the WordPress plugin JetWidgets For Elementor. Affected: JetWidgets For Elementor (WordPress) versions up to and including 1.0.21. Vulnerability: Stored Cross-Site Scripting due to insufficient output escaping and missing server-side validation of the Animated Bo...

6.4CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added 5 hours ago2 views

EUVD-2026-40909

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.0.21. This is due to insufficient output escaping and missing server-side validation of the Animated Box widget's animationeffect setting before it is rendered inside a...

6.4CVSS5.9AI score
Exploits0References2
CVE
CVE
added 5 hours ago7 views

CVE-2026-2387

The CVE-2026-2387 entry concerns the WordPress Event Organiser plugin (versions up to and including 3.12.9). The vulnerability is a Stored Cross-Site Scripting flaw in the eo_events shortcode: attacker-controlled no_events content is rendered in event list templates without output escaping, allow...

6.4CVSS5.9AI score
Exploits0References2
CVE
CVE
added 5 hours ago5 views

CVE-2026-7517

The CVE-2026-7517 entry concerns the Custom Payment Gateways for WooCommerce WordPress plugin. It is vulnerable to Stored Cross-Site Scripting via the alg_wc_cpg_input_fields parameter in all versions up to 2.1.0 due to insufficient input sanitization and output escaping. Exploitation is possible...

7.2CVSS5.9AI score
Exploits0References8
CVE
CVE
added 6 hours ago6 views

CVE-2026-58519

CVE-2026-58519 describes an Stored XSS in The Wikimedia Foundation MediaWiki Cargo Extension caused by improper neutralization of input during web page generation. Affected software is MediaWiki Cargo Extension prior to version 3.9.1. The connected sources confirm the vulnerability and its scope ...

6.9CVSS5.8AI score
Exploits0References2
EUVD
EUVD
added 6 hours ago3 views

EUVD-2026-40901

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS. This issue affects Mediawiki - Cargo Extension: from before 3.9.1...

6.9CVSS5.8AI score
Exploits0References2
CVE
CVE
added 6 hours ago6 views

CVE-2026-12135

The CVE-2026-12135 entry concerns the FV Flowplayer Video Player plugin for WordPress. Affected versions are all releases up to 7.5.51.7212, where a Stored Cross-Site Scripting vulnerability exists in the video_player shortcode align attribute due to insufficient input sanitization and output esc...

6.4CVSS5.9AI score
Exploits0References6
EUVD
EUVD
added 6 hours ago3 views

EUVD-2026-40899

The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'videoplayer' shortcode 'align' attribute in all versions up to, and including, 7.5.51.7212 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

6.4CVSS5.9AI score
Exploits0References6
CVE
CVE
added 6 hours ago8 views

CVE-2026-13015

The CVE-2026-13015 entry applies to the WordPress plugin “Wp Google Places Review Slider” (versions up to and including 18.1). The vulnerability is a Reflected Cross-Site Scripting (XSS) in admin/partials/googlecrawl_dfs.php via the 'place' GET parameter. The value from $_GET['place'] is URL-deco...

6.1CVSS5.9AI score
Exploits0References5
EUVD
EUVD
added 6 hours ago4 views

EUVD-2026-40896

The Wp Google Places Review Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'place' parameter in versions up to, and including, 18.1. This is due to insufficient input sanitization and output escaping in admin/partials/googlecrawldfs.php, where the $GET'place'...

6.1CVSS5.9AI score
Exploits0References5
CVE
CVE
added 6 hours ago3 views

CVE-2026-13443

The CVE-2026-13443 entry concerns the WordPress plugin Tutor LMS (eLearning and online course solution). Affected: all versions up to and including 3.9.13. Issue: Stored Cross-Site Scripting via the Lesson Attachment Title due to insufficient input sanitization and output escaping. Impact: authen...

6.4CVSS5.9AI score
Exploits0References8
CVE
CVE
added 6 hours ago5 views

CVE-2026-9107

The CVE-2026-9107 entry concerns the Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin. A Stored Cross-Site Scripting vulnerability exists via the meta[kaliforms_field_components] parameter in all versions up to 2.4.13, caused by insufficient input sanitization and output escapin...

6.4CVSS5.9AI score
Exploits0References10
EUVD
EUVD
added 6 hours ago3 views

EUVD-2026-40893

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Lesson Attachment Title in all versions up to, and including, 3.9.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.9AI score
Exploits0References8
EUVD
EUVD
added 6 hours ago3 views

EUVD-2026-40891

The Kali Forms — Contact Form & Drag-and-Drop Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'metakaliformsfieldcomponents' parameter in all versions up to, and including, 2.4.13 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS5.9AI score
Exploits0References10
CVE
CVE
added 6 hours ago4 views

CVE-2026-13731

CVE-2026-13731 affects the WPBot – AI ChatBot for WordPress plugin (versions up to and including 8.4.9). The vulnerability is a stored Cross‑Site Scripting (XSS) via the conversation parameter caused by insufficient input sanitization and output escaping. Unauthenticated attackers can inject arbi...

7.2CVSS5.9AI score
Exploits0References7
EUVD
EUVD
added 6 hours ago4 views

EUVD-2026-40889

The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'conversation' parameter in all versions up to, and including, 8.4.9 due to insufficient input sanitization and output escaping. This makes it possible f...

7.2CVSS5.9AI score
Exploits0References7
CVE
CVE
added 6 hours ago4 views

CVE-2026-13246

The CVE concerns GiveWP – Donation Plugin and Fundraising Platform for WordPress (up to version 4.16.0). A Stored XSS exists in the givewp_campaign_comments shortcode (block_id and similar attributes) due to insufficient sanitization and escaping in CampaignCommentsShortcode::parseAttributes() an...

6.4CVSS5.9AI score
Exploits0References12
EUVD
EUVD
added 9 hours ago5 views

EUVD-2026-40444

n8n contains a stored cross-site scripting vulnerability in the Chat Trigger node's Custom CSS field due to a misconfiguration of the sanitize-html library. Affected releases are those before 1.123.27, the 2.0.0 through 2.13.2 line, and 2.14.0 fixed in 1.123.27, 2.13.3, and 2.14.1. An authenticat...

5.4CVSS5.6AI score
Exploits0References3
Rows per page
Query Builder