Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3423 matches found

ATTACKERKB
ATTACKERKBadded 2026/04/22 7:45 a.m.1 views

CVE-2026-1845

The Real Estate Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...

5.5CVSS5.8AI score0.0001EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/04/22 7:45 a.m.3 views

CVE-2026-1845 Real Estate Pro <= 1.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting via Settings

The Real Estate Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...

5.5CVSS5.8AI score0.0001EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/04/22 7:45 a.m.19 views

CVE-2026-1379 HTTP Headers <= 1.19.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Custom Headers' Plugin Setting

The HTTP Headers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.19.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...

4.4CVSS0.00009EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/04/22 7:45 a.m.1 views

CVE-2026-1379

The HTTP Headers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.19.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...

4.4CVSS5.8AI score0.00009EPSS
Exploits0References4
CVE
CVEadded 2026/04/22 7:45 a.m.2 views

CVE-2026-1379

The CVE-2026-1379 entry concerns the WordPress HTTP Headers plugin. It describes a Stored Cross-Site Scripting vulnerability in admin settings for all versions up to and including 1.19.2, caused by insufficient input sanitization and output escaping. Exploitation requires an authenticated attacke...

4.4CVSS5.8AI score0.00009EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/04/22 7:45 a.m.1 views

CVE-2026-1379 HTTP Headers <= 1.19.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Custom Headers' Plugin Setting

The HTTP Headers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.19.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...

4.4CVSS5.8AI score0.00009EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/04/22 12:0 a.m.0 views

PT-2026-34273

Name of the Vulnerable Software and Affected Versions Private WP suite versions prior to 0.4.2 Description The Private WP suite plugin for WordPress contains a Stored Cross-Site Scripting issue within the 'Exceptions' setting. This occurs because of insufficient input sanitization and output...

4.4CVSS5.9AI score0.00011EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2026/04/22 12:0 a.m.1 views

PT-2026-34271

The Institute Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Enquiry Form Title' setting in all versions up to, and including, 5.5. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.8AI score0.00011EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/04/22 12:0 a.m.0 views

PT-2026-34277

Name of the Vulnerable Software and Affected Versions Short Comment Filter versions prior to 2.3 Description The Short Comment Filter plugin for WordPress contains a Stored Cross-Site Scripting issue. The problem exists because the 'Minimum Count' settings field lacks proper input sanitization an...

4.4CVSS5.9AI score0.00026EPSS
Exploits0References12
Positive Technologies
Positive Technologiesadded 2026/04/22 12:0 a.m.2 views

PT-2026-34268

Name of the Vulnerable Software and Affected Versions HTTP Headers plugin for WordPress versions prior to 1.19.3 Description Insufficient input sanitization and output escaping in admin settings allow authenticated attackers with administrator-level permissions and above to perform Stored...

4.4CVSS6AI score0.00009EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2026/04/22 12:0 a.m.1 views

PT-2026-34269

Name of the Vulnerable Software and Affected Versions Real Estate Pro versions prior to 1.1.0 Description The Real Estate Pro plugin for WordPress contains a Stored Cross-Site Scripting issue within the admin settings. This occurs because of insufficient input sanitization and output escaping,...

5.5CVSS5.9AI score0.0001EPSS
Exploits0References5
NVD
NVDadded 2026/04/21 7:16 a.m.0 views

CVE-2026-6712

The Website LLMs.txt plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...

4.4CVSS0.00031EPSS
Exploits0References2
EUVD
EUVDadded 2026/04/21 6:43 a.m.1 views

EUVD-2026-24072

The Website LLMs.txt plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...

4.4CVSS5.8AI score0.00031EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/04/21 6:43 a.m.24 views

CVE-2026-6712 Website LLMs.txt <= 8.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting

The Website LLMs.txt plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...

4.4CVSS0.00031EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/04/21 6:43 a.m.1 views

CVE-2026-6712

The Website LLMs.txt plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...

4.4CVSS5.8AI score0.00031EPSS
Exploits0References3
CVE
CVEadded 2026/04/21 6:43 a.m.7 views

CVE-2026-6712

CVE-2026-6712 describes a Stored Cross-Site Scripting vulnerability in the Website LLMs.txt WordPress plugin. The flaw affects versions up to 8.2.6 and arises from insufficient input sanitization and output escaping in admin settings, enabling authenticated attackers with administrator-level (or ...

4.4CVSS5.8AI score0.00031EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/04/21 6:43 a.m.1 views

CVE-2026-6712 Website LLMs.txt <= 8.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting

The Website LLMs.txt plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...

4.4CVSS5.8AI score0.00031EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/04/21 12:0 a.m.0 views

PT-2026-33921

Name of the Vulnerable Software and Affected Versions LLMs.txt plugin for WordPress versions prior to 8.2.7 Description The plugin is subject to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in admin settings. Authenticated attackers with administrator-lev...

4.4CVSS5.4AI score0.00031EPSS
Exploits0References5
NVD
NVDadded 2026/04/20 7:16 a.m.0 views

CVE-2024-7083

The Email Encoder WordPress plugin before 2.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS0.00031EPSS
Exploits0References1
CVE
CVEadded 2026/04/20 6:0 a.m.6 views

CVE-2024-7083

The CVE-2024-7083 issue affects the WordPress Email Encoder (Email Encoder Bundle) plugin, prior to version 2.3.4. Root cause: insufficient sanitization/escaping of certain settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in mul...

3.5CVSS5.7AI score0.00031EPSS
Exploits0References1
Rows per page
Query Builder