Lucene search
K

3512 matches found

Nuclei
Nuclei
added yesterday163 views

My Calendar WordPress Plugin - Information Disclosure

My Calendar WordPress plugin = 3.7.6 contains an injection vulnerability caused by unvalidated user input passed to parsestr in mcajaxmcjsaction endpoint, letting unauthenticated attackers access or crash sites via switchtoblog, exploit requires WordPress Multisite or Single Site setup. id:...

8.8CVSS6.1AI score0.00932EPSS
Exploits0References2
NVD
NVD
added 3 days ago6 views

CVE-2026-11591

The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 13.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level...

4.4CVSS0.00251EPSS
Exploits0References10
NVD
NVD
added 3 days ago6 views

CVE-2026-11898

The White Label CMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.7.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...

4.4CVSS0.00246EPSS
Exploits0References10
CVE
CVE
added 3 days ago14 views

CVE-2026-11591

CVE-2026-11591 affects the WordPress plugin Widgets for Google Reviews up to version 13.3. It is a Stored Cross‑Site Scripting (XSS) vulnerability triggered via admin settings, caused by insufficient input sanitization and output escaping in the parameters fomo-title and fomo-text . Exploitation ...

4.4CVSS6.2AI score0.00251EPSS
Exploits0References10
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-11591 Widgets for Google Reviews <= 13.3 - Authenticated (Editor+) Stored Cross-Site Scripting via 'fomo-title' and 'fomo-text' Parameters

The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 13.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level...

4.4CVSS0.00251EPSS
Exploits0References10
EUVD
EUVD
added 3 days ago8 views

EUVD-2026-43150

The White Label CMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.7.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...

4.4CVSS6.2AI score0.00246EPSS
Exploits0References10
CVE
CVE
added 3 days ago15 views

CVE-2026-11898

CVE-2026-11898 affects the White Label CMS WordPress plugin (all versions up to and including 2.7.12). It enables Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. Attack scenario: an authenticated attacker with administrator-level permissi...

4.4CVSS6.2AI score0.00246EPSS
Exploits0References10
NVD
NVD
added 3 days ago7 views

CVE-2026-3367

The Lockme OAuth2 calendars integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'App ID' setting in all versions up to, and including, 2.11.0. This is due to insufficient input sanitization and output escaping. The registersetting call on line 197 lacks a sanitiz...

4.4CVSS0.00256EPSS
Exploits0References14
CVE
CVE
added 3 days ago9 views

CVE-2026-3367

The CVE-2026-3367 entry concerns the WordPress plugin Lockme Cal­endars Integration (

4.4CVSS6.2AI score0.00256EPSS
Exploits0References14
Cvelist
Cvelist
added 3 days ago36 views

CVE-2026-3367 Lockme OAuth2 calendars integration <= 2.11.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'App ID' Setting

The Lockme OAuth2 calendars integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'App ID' setting in all versions up to, and including, 2.11.0. This is due to insufficient input sanitization and output escaping. The registersetting call on line 197 lacks a sanitiz...

4.4CVSS0.00256EPSS
Exploits0References14
NVD
NVD
added 4 days ago5 views

CVE-2026-15295

The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 7.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.0019EPSS
Exploits0References2
CVE
CVE
added 4 days ago14 views

CVE-2026-15295

CVE-2026-15295 affects the WordPress Infinite Scroll – Ajax Load More plugin for WordPress, vulnerable in all versions up to 7.0.1 due to insufficient input sanitization and output escaping. Stored XSS can be triggered by authenticated attackers with administrator-level permissions (and above) vi...

4.4CVSS6.2AI score0.0019EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-43002

The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 7.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS6.2AI score0.0019EPSS
Exploits0References2
NVD
NVD
added 4 days ago6 views

CVE-2026-12108

The Highlighting Code Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS0.00208EPSS
Exploits0References8
CVE
CVE
added 4 days ago7 views

CVE-2026-12108

The CVE-2026-12108 entry concerns the WordPress Highlighting Code Block plugin. Affected: the Highlighting Code Block plugin for WordPress (versions up to 2.2.0). Vulnerability: Stored Cross-Site Scripting via admin settings caused by insufficient input sanitization and output escaping. Impact: a...

4.4CVSS6.2AI score0.00208EPSS
Exploits0References8
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-42841

The Highlighting Code Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS6.2AI score0.00208EPSS
Exploits0References8
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-15283 WPvivid Backup for MainWP <= 0.9.33 - Authenticated (Admin+) Stored Cross-Site Scripting

The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.9.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS0.00187EPSS
Exploits0References2
CVE
CVE
added 4 days ago9 views

CVE-2026-15283

The CVE pertains to the WPvivid Backup for MainWP WordPress plugin. A stored XSS flaw exists in admin settings across all versions up to 0.9.33 due to insufficient input sanitization and output escaping. This affects multi-site installations and sites where unfiltered_html is disabled, allowing a...

4.4CVSS6AI score0.00187EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-15283

The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.9.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS6AI score0.00187EPSS
Exploits0References3
NVD
NVD
added 6 days ago7 views

CVE-2026-12041

The Chatra Live Chat + ChatBot + Cart Saver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.00193EPSS
Exploits0References3
Rows per page
Query Builder