Lucene search
K

360 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/26 3:37 a.m.2 views

CVE-2026-4331

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized data loss in all versions up to, and including, 8.8.2. This is due to the resetSocialMetaTags function only verifying that the user has the 'read' capability and a valid b2ssecuritynonce, both o...

4.3CVSS5.8AI score0.00248EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/03/26 3:37 a.m.28 views

CVE-2026-4331 Blog2Social: Social Media Auto Post & Scheduler <= 8.8.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Deletion via 'b2s_reset_social_meta_tags' AJAX Action

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized data loss in all versions up to, and including, 8.8.2. This is due to the resetSocialMetaTags function only verifying that the user has the 'read' capability and a valid b2ssecuritynonce, both o...

4.3CVSS0.00248EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.6 views

PT-2026-28203

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized data loss in all versions up to, and including, 8.8.2. This is due to the resetSocialMetaTags function only verifying that the user has the 'read' capability and a valid b2s security nonce, both...

4.3CVSS5.8AI score0.00248EPSS
Exploits0References11
NVD
NVD
added 2026/03/25 2:16 a.m.11 views

CVE-2026-4766

The Easy Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Gallery shortcode post meta field in all versions up to, and including, 1.5.3. This is due to insufficient input sanitization and output escaping on user-supplied gallery shortcode values. This makes ...

6.4CVSS0.00187EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/25 1:25 a.m.10 views

CVE-2026-4766 Easy Image Gallery <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Shortcode Post Meta

The Easy Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Gallery shortcode post meta field in all versions up to, and including, 1.5.3. This is due to insufficient input sanitization and output escaping on user-supplied gallery shortcode values. This makes ...

6.4CVSS6AI score0.00187EPSS
Exploits0References3
CVE
CVE
added 2026/03/25 1:25 a.m.17 views

CVE-2026-4766

Product/Component: Easy Image Gallery WordPress plugin. Vulnerability: Stored Cross-Site Scripting via Gallery shortcode post meta, affecting all versions up to 1.5.3. Root cause: Insufficient input sanitization and output escaping on user-supplied gallery shortcode values. Impact: Authenticated ...

6.4CVSS6AI score0.00187EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/03/23 7:13 p.m.10 views

WordPress Easy Image Gallery plugin <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery SHORTCODE Post Meta vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Gallery SHORTCODE Post Meta vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Easy Image Gallery versions = 1.5.3...

6.4CVSS5.9AI score0.00187EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/11 9:31 a.m.3 views

EUVD-2026-11111

The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ast-page-background-meta and ast-content-background-meta post meta fields in all versions up to, and including, 4.12.3. This is due to insufficient input sanitization on meta registration and missing output escapin...

6.4CVSS5.9AI score0.00199EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/03/11 6:45 a.m.3 views

CVE-2026-3534 Astra <= 4.12.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta

The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ast-page-background-meta and ast-content-background-meta post meta fields in all versions up to, and including, 4.12.3. This is due to insufficient input sanitization on meta registration and missing output escapin...

6.4CVSS5.9AI score0.00199EPSS
Exploits0References6
CVE
CVE
added 2026/03/11 6:45 a.m.29 views

CVE-2026-3534

CVE-2026-3534 affects the Astra WordPress theme (versions

6.4CVSS5.9AI score0.00199EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/11 6:45 a.m.27 views

CVE-2026-3534 Astra <= 4.12.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta

The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ast-page-background-meta and ast-content-background-meta post meta fields in all versions up to, and including, 4.12.3. This is due to insufficient input sanitization on meta registration and missing output escapin...

6.4CVSS0.00199EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/03/10 11:11 p.m.5 views

WordPress Astra theme <= 4.12.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Post Meta vulnerability discovered by at1as - Self-Employed in WordPress Theme Astra WordPress Theme versions = 4.12.3...

6.4CVSS5.8AI score0.00199EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/07 1:44 a.m.8 views

CVE-2026-2593

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the gspbpostcss post meta value and the dynamicAttributes block attribute in all versions up to, and including, 12.8.5 due to insufficient input sanitization and output escapin...

6.4CVSS5.9AI score0.00197EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/06 12:31 a.m.3 views

EUVD-2026-9887

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the gspbpostcss post meta value and the dynamicAttributes block attribute in all versions up to, and including, 12.8.5 due to insufficient input sanitization and output escapin...

6.4CVSS6AI score0.00197EPSS
Exploits0References5
NVD
NVD
added 2026/03/05 10:16 p.m.6 views

CVE-2026-2593

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the gspbpostcss post meta value and the dynamicAttributes block attribute in all versions up to, and including, 12.8.5 due to insufficient input sanitization and output escapin...

6.4CVSS0.00197EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/05 9:24 p.m.5 views

CVE-2026-2593 Greenshift – animation and page builder blocks <= 12.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the gspbpostcss post meta value and the dynamicAttributes block attribute in all versions up to, and including, 12.8.5 due to insufficient input sanitization and output escapin...

6.4CVSS5.9AI score0.00197EPSS
Exploits0References4
CVE
CVE
added 2026/03/05 9:24 p.m.10 views

CVE-2026-2593

CVE-2026-2593 affects Greenshift – animation and page builder blocks plugin for WordPress. The vulnerability is a stored cross-site scripting (XSS) flaw via the _gspb_post_css post meta value and the dynamicAttributes block attribute, exploitable in all versions up to and including 12.8.5. It req...

6.4CVSS6AI score0.00197EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.3 views

PT-2026-23519

Name of the Vulnerable Software and Affected Versions Greenshift – animation and page builder blocks plugin for WordPress versions through 12.8.5 Description The Greenshift plugin for WordPress is susceptible to Stored Cross-Site Scripting. The issue stems from inadequate input sanitization and...

6.4CVSS5.8AI score0.00197EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/02/26 10:14 a.m.6 views

CVE-2026-2301

The Post Duplicator plugin for WordPress is vulnerable to unauthorized arbitrary protected post meta insertion in all versions up to, and including, 3.0.8. This is due to the duplicatepost function in includes/api.php using $wpdb-insert directly to the wppostmeta table instead of WordPress's...

4.3CVSS5.5AI score0.00211EPSS
Exploits0References1
NVD
NVD
added 2026/02/25 10:16 a.m.11 views

CVE-2026-2301

The Post Duplicator plugin for WordPress is vulnerable to unauthorized arbitrary protected post meta insertion in all versions up to, and including, 3.0.8. This is due to the duplicatepost function in includes/api.php using $wpdb-insert directly to the wppostmeta table instead of WordPress's...

4.3CVSS0.00211EPSS
Exploits0References4
Rows per page
Query Builder