Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3426 matches found

Cvelist
Cvelistadded 2026/01/24 7:26 a.m.27 views

CVE-2026-1084 Cookie consent for developers <= 1.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Multiple Settings Fields

The Cookie consent for developers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple settings fields in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.00015EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/01/24 7:26 a.m.2 views

CVE-2026-1084 Cookie consent for developers <= 1.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Multiple Settings Fields

The Cookie consent for developers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple settings fields in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.9AI score0.00015EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/01/24 7:26 a.m.2 views

CVE-2026-1084

The Cookie consent for developers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple settings fields in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.9AI score0.00015EPSS
Exploits0References6
CVE
CVEadded 2026/01/24 7:26 a.m.10 views

CVE-2026-1084

CVE-2026-1084 concerns the WordPress plugin “Cookie consent for developers.” The vulnerability is a Stored Cross-Site Scripting (XSS) via multiple settings fields in all versions up to 1.7.1, caused by insufficient input sanitization and output escaping. Impact is limited to sites using multisite...

4.4CVSS5.7AI score0.00015EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/01/24 12:0 a.m.3 views

PT-2026-4597

The Postalicious plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.4CVSS5.7AI score0.00072EPSS
Exploits0References10
Positive Technologies
Positive Technologiesadded 2026/01/24 12:0 a.m.3 views

PT-2026-4598

The Meta-box GalleryMeta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions a...

4.4CVSS5.7AI score0.00046EPSS
Exploits1References6
Positive Technologies
Positive Technologiesadded 2026/01/24 12:0 a.m.3 views

PT-2026-4582

The Cookie consent for developers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple settings fields in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.7AI score0.00015EPSS
Exploits0References6
RedhatCVE
RedhatCVEadded 2026/01/21 6:33 a.m.4 views

CVE-2026-1045

The Viet contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.4CVSS5.7AI score0.00039EPSS
Exploits0References1
NVD
NVDadded 2026/01/20 6:16 a.m.2 views

CVE-2026-1045

The Viet contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.4CVSS0.00039EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/01/20 5:30 a.m.1 views

CVE-2026-1045

The Viet contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.4CVSS5.5AI score0.00039EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/01/20 5:30 a.m.19 views

CVE-2026-1045 Viet contact <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'll1', 'll2', 'll3', and 'll4' Parameters

The Viet contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.4CVSS0.00039EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/01/20 5:30 a.m.2 views

CVE-2026-1045 Viet contact <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'll1', 'll2', 'll3', and 'll4' Parameters

The Viet contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.4CVSS5.7AI score0.00039EPSS
Exploits0References3
CVE
CVEadded 2026/01/20 5:30 a.m.12 views

CVE-2026-1045

CVE-2026-1045 : The Viet contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to 1.3.2. The issue arises from insufficient input sanitization and output escaping, allowing an authenticated attacker with administrator-level permissions (an...

4.4CVSS5.7AI score0.00039EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/01/20 12:0 a.m.3 views

PT-2026-3538

The Viet contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.4CVSS5.7AI score0.00039EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2026/01/18 7:18 a.m.3 views

CVE-2026-0691

The CM E-Mail Blacklist – Simple email filtering for safer registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blackemail' parameter in all versions up to, and including, 1.6.2. This is due to insufficient input sanitization and output escaping. This makes it...

4.4CVSS5AI score0.00051EPSS
Exploits0References1
CVE
CVEadded 2026/01/17 6:42 a.m.7 views

CVE-2026-0691

CVE-2026-0691 applies to CM E-Mail Blacklist – Simple email filtering for safer registration (WordPress plugin) and is an authenticated Stored XSS via the black_email parameter, affecting versions up to 1.6.2. Root cause: insufficient input sanitization and output escaping; impact: authenticated ...

4.4CVSS4.7AI score0.00051EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/01/17 6:42 a.m.1 views

CVE-2026-0691 CM E-Mail Blacklist <= 1.6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'black_email' Parameter

The CM E-Mail Blacklist – Simple email filtering for safer registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blackemail' parameter in all versions up to, and including, 1.6.2. This is due to insufficient input sanitization and output escaping. This makes it...

4.4CVSS5.7AI score0.00051EPSS
Exploits0References4
EUVD
EUVDadded 2026/01/17 6:42 a.m.2 views

EUVD-2026-3144

The CM E-Mail Blacklist – Simple email filtering for safer registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blackemail' parameter in all versions up to, and including, 1.6.2. This is due to insufficient input sanitization and output escaping. This makes it...

4.4CVSS4.6AI score0.00051EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/01/17 12:0 a.m.3 views

PT-2026-3350

The CM E-Mail Blacklist – Simple email filtering for safer registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'black email' parameter in all versions up to, and including, 1.6.2. This is due to insufficient input sanitization and output escaping. This makes it...

4.4CVSS5AI score0.00051EPSS
Exploits0References5
EUVD
EUVDadded 2026/01/16 6:31 p.m.4 views

EUVD-2023-44310

The Sticky Side Buttons WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.3CVSS4.7AI score0.00054EPSS
Exploits1References2
Rows per page
Query Builder