CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/02/19 4:36 a.m.•2 views

CVE-2026-1055 TalkJS <= 0.1.15 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'welcomeMessage' Parameter

The TalkJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.1.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS5.6AI score0.00038EPSS

Cvelist•added 2026/02/19 4:36 a.m.•23 views

CVE-2026-1055 TalkJS <= 0.1.15 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'welcomeMessage' Parameter

4.4CVSS0.00038EPSS

CVE•added 2026/02/19 4:36 a.m.•5 views

CVE-2026-1055

CVE-2026-1055 relates to the TalkJS WordPress plugin and is a stored XSS vulnerability in admin settings (notably the welcomeMessage parameter) present in versions up to 0.1.15. Exploitation requires administrator-level access and affects multi-site installs or sites with unfiltered_html disabled...

4.4CVSS5.7AI score0.00038EPSS

CVE•added 2026/02/19 4:36 a.m.•11 views

CVE-2026-1044

CVE-2026-1044 concerns the WordPress plugin Tennis Court Bookings (

Vulnrichment•added 2026/02/19 4:36 a.m.•2 views

CVE-2026-2282 Slidorion <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Slidorion Settings

4.4CVSS5.7AI score0.00032EPSS

Exploits0References3

Positive Technologies•added 2026/02/19 12:0 a.m.•5 views

PT-2026-20633

Positive Technologies•added 2026/02/19 12:0 a.m.•3 views

PT-2026-20639

Name of the Vulnerable Software and Affected Versions Slidorion versions up to and including 1.0.2 Description The Slidorion plugin for WordPress is susceptible to Stored Cross-Site Scripting through admin settings. Insufficient input sanitization and output escaping allow authenticated attackers...

4.4CVSS5.3AI score0.00032EPSS

NVD•added 2026/02/18 10:16 a.m.•3 views

CVE-2025-13727

The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 2.7.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

4.4CVSS0.00011EPSS

ATTACKERKB•added 2026/02/18 9:25 a.m.•1 views

CVE-2025-13727

CVE•added 2026/02/18 9:25 a.m.•8 views

Exploits0References7

CVE-2025-13727

CVE-2025-13727 affects Video Share VOD – Turnkey Video Site Builder Script (WordPress) up to version 2.7.11. It is a Stored XSS via plugin settings exploitable by authenticated editors or higher, with impact on multi-site installs and when unfiltered_html is disabled. Wordfence and related source...

Cvelist•added 2026/02/18 9:25 a.m.•28 views

CVE-2025-13727 Video Share VOD <= 2.7.11 - Authenticated (Editor+) Stored Cross-Site Scripting via Custom Field Meta Values

4.4CVSS0.00011EPSS

NVD•added 2026/02/18 8:16 a.m.•2 views

CVE-2026-1943

The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Shop...

4.4CVSS0.0001EPSS

Cvelist•added 2026/02/18 7:25 a.m.•25 views

CVE-2026-1943 YayMail <= 4.3.2 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via Template Elements

4.4CVSS0.0001EPSS

Vulnrichment•added 2026/02/18 7:25 a.m.•3 views

CVE-2026-1943 YayMail <= 4.3.2 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via Template Elements

4.4CVSS5.7AI score0.0001EPSS