Lucene search
K

9 matches found

NVD
NVD
added 2026/06/17 1:21 p.m.8 views

CVE-2026-7850

The WP Magnific Popup WordPress plugin through 1.0 does not properly escape user-controlled link URLs before injecting them into the DOM when displaying image load error messages, allowing authenticated attackers with Author-level access or above to perform Stored Cross-Site Scripting attacks...

5.9CVSS0.0014EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 6:0 a.m.27 views

CVE-2026-7850 WP Magnific Popup <= 1.0 - Author+ Stored XSS via href Attribute

The WP Magnific Popup WordPress plugin through 1.0 does not properly escape user-controlled link URLs before injecting them into the DOM when displaying image load error messages, allowing authenticated attackers with Author-level access or above to perform Stored Cross-Site Scripting attacks...

0.0014EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Happy Addons for Elementor plugin <= 3.12.2 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Happy Addons for Elementor versions = 3.12.2...

6.4CVSS5.3AI score0.00292EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.4 views

WordPress Shortcodes Ultimate plugin <= 7.4.2 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Shortcodes Ultimate versions = 7.4.2...

6.4CVSS5.3AI score0.00292EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.5 views

WordPress Carousel Slider plugin <= 2.2.14 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Carousel Slider versions = 2.2.14...

6.4CVSS5.3AI score0.00292EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.8 views

WordPress OceanWP theme <= 3.6.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability discovered by Webbernaut in WordPress Theme OceanWP versions = 3.6.0...

6.4CVSS5.3AI score0.00292EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Divi Builder plugin <= 4.27.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Divi Builder versions = 4.27.1...

6.4CVSS5.3AI score0.00292EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.5 views

WordPress Divi theme <= 4.27.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability discovered by Webbernaut in WordPress Theme Divi versions = 4.27.1...

6.4CVSS5.3AI score0.00292EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress Supreme Modules Lite plugin <= 2.5.52 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Supreme Modules Lite versions = 2.5.52...

6.4CVSS5.3AI score0.00292EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder