CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4 matches found

Vulnrichment•added 2026/04/08 4:27 a.m.•1 views

CVE-2026-3600 Investi <= 1.0.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'maximum-num-years' Shortcode Attribute

The Investi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'investi-announcements-accordion' shortcode's 'maximum-num-years' attribute in all versions up to, and including, 1.0.26. This is due to insufficient input sanitization and output escaping on user-supplied...

6.4CVSS6.1AI score0.00015EPSS

Exploits0References6

CVE•added 2026/04/08 4:27 a.m.•8 views

CVE-2026-3600

The CVE concerns the WordPress plugin Investi . It is vulnerable to Stored Cross-Site Scripting via the shortcode attribute maximum-num-years in the investi-announcements-accordion shortcode, affecting versions up to and including 1.0.26 . The root cause is insufficient input sanitization and out...

6.4CVSS6.1AI score0.00015EPSS

Exploits0References6

Positive Technologies•added 2026/04/08 12:0 a.m.•4 views

PT-2026-31076

Name of the Vulnerable Software and Affected Versions Investi plugin for WordPress versions up to and including 1.0.26 Description The Investi plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'maximum-num-years' attribute of the 'investi-announcements-accordion'...

6.4CVSS5.9AI score0.00015EPSS

Exploits0References11

Patchstack•added 2026/04/07 11:19 p.m.•3 views

WordPress Investi plugin <= 1.0.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'maximum-num-years' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'maximum-num-years' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin Investi versions = 1.0.26...

6.4CVSS5.9AI score0.00015EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by