CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

24 matches found

RedhatCVE•added 2026/05/13 2:21 p.m.•4 views

CVE-2026-6247

The scratchblocks for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'element' attribute of the 'scratchblocks' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS6AI score0.00032EPSS

Exploits0References1

NVD•added 2026/05/12 9:16 a.m.•6 views

CVE-2026-6247

6.4CVSS0.00032EPSS

Exploits0References3

Vulnrichment•added 2026/05/12 7:48 a.m.•2 views

CVE-2026-6247 scratchblocks for WP <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'element' Shortcode Attribute

6.4CVSS6AI score0.00032EPSS

Exploits0References3

ATTACKERKB•added 2026/05/12 7:48 a.m.•2 views

CVE-2026-6247

6.4CVSS6AI score0.00032EPSS

Exploits0References4

CVE•added 2026/05/12 7:48 a.m.•4 views

CVE-2026-6247

The CVE concerns the WordPress plugin scratchblocks for WP (versions up to 1.0.1). It is vulnerable to a Stored Cross-Site Scripting (XSS) flaw via the 'element' attribute of the scratchblocks shortcode. Exploitation requires authenticated access at Contributor level or higher , and an attacker c...

6.4CVSS6AI score0.00032EPSS

Exploits0References3

Cvelist•added 2026/05/12 7:48 a.m.•30 views

CVE-2026-6247 scratchblocks for WP <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'element' Shortcode Attribute

6.4CVSS0.00032EPSS

Exploits0References3

Positive Technologies•added 2026/05/12 12:0 a.m.•5 views

PT-2026-39957

6.4CVSS6AI score0.00032EPSS

Exploits0References4

CNNVD•added 2026/05/12 12:0 a.m.•3 views

WordPress plugin scratchblocks for WP 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

6.4CVSS5.9AI score0.00032EPSS

Exploits0References1

NVD•added 2026/05/07 12:16 p.m.•7 views

CVE-2026-8080

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in misp allows Stored XSS. This issue affects MISP before 2.5.37. A stored cross-site scripting vulnerability exists in the template element attribute handling logic. The application accepted...

6.8CVSS0.00029EPSS

Exploits0References1

Cvelist•added 2026/05/07 12:7 p.m.•28 views

CVE-2026-8080 MISP core - Stored XSS in MISP template (old engine) element attribute type

6.8CVSS0.00029EPSS

Exploits0References1

Vulnrichment•added 2026/05/07 12:7 p.m.•5 views

CVE-2026-8080 MISP core - Stored XSS in MISP template (old engine) element attribute type

6.8CVSS5.8AI score0.00029EPSS

Exploits0References1

NVD•added 2025/12/03 3:15 a.m.•2 views

CVE-2025-13448

The CSSIgniter Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'element' shortcode attribute in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00037EPSS

Exploits0References4

EUVD•added 2025/12/03 2:25 a.m.•3 views

EUVD-2025-200724

6.4CVSS4.7AI score0.00037EPSS

Exploits0References5

Cvelist•added 2025/12/03 2:25 a.m.•15 views

CVE-2025-13448 CSSIgniter Shortcodes <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'element' Shortcode Attribute

6.4CVSS0.00037EPSS

Exploits0References4

CVE•added 2025/12/03 2:25 a.m.•9 views

CVE-2025-13448

CVE-2025-13448: CSSIgniter Shortcodes for WordPress is vulnerable to Stored XSS via the element shortcode attribute in versions up to 2.4.1. Exploitation requires Contributor+ access; an attacker can inject scripts on pages viewed by users. Wordfence has patched the issue in 2.4.1—update to 2.4.1...

6.4CVSS4.7AI score0.00037EPSS

Exploits0References4

Positive Technologies•added 2025/12/03 12:0 a.m.•2 views

PT-2025-48788

6.4CVSS5AI score0.00037EPSS

Exploits0References5

Patchstack•added 2025/12/02 9:27 p.m.•4 views

WordPress CSSIgniter Shortcodes plugin <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'element' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'element' Shortcode Attribute vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin CSSIgniter Shortcodes versions = 2.4.1...

6.4CVSS5.5AI score0.00037EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2025/05/22 5:16 p.m.•1 views

CVE-2020-0138

In getelementattrrsp of btifrc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if bluetoothtbd were used, which it isn't in typical Android platforms, with no additional execution privileges needed. User interaction is not needed...

9.8CVSS8.1AI score0.0552EPSS

Exploits0References1

Positive Technologies•added 2024/05/03 12:0 a.m.•3 views

PT-2024-25903 · Vditor · Vditor

Name of the Vulnerable Software and Affected Versions: Vditor version 3.10.3 Description: The issue allows XSS via an attribute of an A element. The vendor indicates that a user is supposed to mitigate this via sanitize=true. Recommendations: For Vditor version 3.10.3, to mitigate the issue, set...

6.1CVSS6AI score0.00193EPSS

Exploits1References9

RedHat Linux•added 2023/10/17 2:1 p.m.•2 views

python-reportlab: code injection in paraparser.py allows code execution

A code injection vulnerability was found in python-reportlab that may allow an attacker to execute code while parsing a unichar element attribute. An application that uses python-reportlab to parse untrusted input files may be vulnerable and could allow remote code execution...

9.8CVSS6.2AI score0.09484EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by