Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8962 matches found

Positive Technologies
Positive Technologiesadded 2026/04/04 12:0 a.m.1 views

PT-2026-30314

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wte trip tax' shortcode in all versions up to, and including, 6.7.5 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS6.1AI score0.00159EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/04/04 12:0 a.m.4 views

PT-2026-30308

Name of the Vulnerable Software and Affected Versions The Simple Shopping Cart plugin for WordPress versions up to and including 5.2.4 Description The Simple Shopping Cart plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'wpsc display product' shortcode. Insufficient...

6.4CVSS5.9AI score0.00195EPSS
Exploits0References5
CNNVD
CNNVDadded 2026/04/04 12:0 a.m.4 views

WordPress plugin Shortcodes Ultimate 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.7AI score0.00346EPSS
Exploits0References3
Patchstack
Patchstackadded 2026/04/03 11:14 p.m.3 views

WordPress Shortcodes Ultimate plugin <= 7.4.8 - authenticated (Contributor+) Stored Cross-Site Scripting via 'su_carousel' Shortcode vulnerability

authenticated Contributor+ Stored Cross-Site Scripting via 'sucarousel' Shortcode vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Shortcodes Ultimate versions = 7.4.8...

6.4CVSS5.9AI score0.00346EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded 2026/04/03 11:2 p.m.4 views

WordPress Simple Shopping Cart plugin <= 5.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpsc_display_product' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'wpscdisplayproduct' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Simple Shopping Cart versions = 5.2.4...

6.4CVSS5.9AI score0.00195EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVEadded 2026/04/02 5:4 a.m.6 views

CVE-2026-3831

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the entriesshortcode function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with...

4.3CVSS5.9AI score0.00229EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/04/01 10:58 a.m.2 views

CVE-2026-1834

The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ive' shortcode in all versions up to, and including, 1.2.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...

6.4CVSS6AI score0.00197EPSS
Exploits0References1
Patchstack
Patchstackadded 2026/04/01 2:34 a.m.3 views

WordPress Database for Contact Form 7, WPforms, Elementor forms plugin <= 1.4.9 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Shortcode vulnerability

Missing Authorization to Authenticated Contributor+ Sensitive Information Exposure via Shortcode vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Plugin Contact Form Entries versions = 1.4.9...

4.3CVSS5.9AI score0.00229EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/01 1:24 a.m.1 views

CVE-2026-3831 Database for Contact Form 7, WPforms, Elementor forms <= 1.4.9 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Shortcode

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the entriesshortcode function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with...

4.3CVSS5.9AI score0.00229EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/04/01 1:24 a.m.6 views

CVE-2026-3831

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the entriesshortcode function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with...

4.3CVSS5.9AI score0.00229EPSS
Exploits0References3
NVD
NVDadded 2026/03/31 11:17 p.m.4 views

CVE-2026-2480

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'maxwidth' attribute of the subox shortcode in all versions up to, and including, 7.4.10 due to insufficient input sanitization and output escaping on user supplied attributes...

6.4CVSS0.00197EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/03/31 10:26 p.m.26 views

CVE-2026-2480 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.4.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'max_width' Shortcode Attribute

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'maxwidth' attribute of the subox shortcode in all versions up to, and including, 7.4.10 due to insufficient input sanitization and output escaping on user supplied attributes...

6.4CVSS0.00197EPSS
Exploits0References4
EUVD
EUVDadded 2026/03/31 6:31 a.m.3 views

EUVD-2026-17319

The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ive' shortcode in all versions up to, and including, 1.2.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...

6.4CVSS6AI score0.00197EPSS
Exploits0References6
CVE
CVEadded 2026/03/31 5:28 a.m.6 views

CVE-2026-1834

CVE-2026-1834 affects the Ibtana – WordPress Website Builder plugin for WordPress. The issue is a Stored Cross-Site Scripting vulnerability via the plugin's 'ive' shortcode in all versions up to and including 1.2.5.7 , caused by insufficient input sanitization and output escaping on user-supplied...

6.4CVSS6AI score0.00197EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/03/31 5:28 a.m.1 views

CVE-2026-1834

The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ive' shortcode in all versions up to, and including, 1.2.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...

6.4CVSS6AI score0.00197EPSS
Exploits0References6
Cvelist
Cvelistadded 2026/03/31 5:28 a.m.24 views

CVE-2026-1834 Ibtana - WordPress Website Builder <= 1.2.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ive' shortcode in all versions up to, and including, 1.2.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...

6.4CVSS0.00197EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/03/31 5:28 a.m.0 views

CVE-2026-1834 Ibtana - WordPress Website Builder <= 1.2.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ive' shortcode in all versions up to, and including, 1.2.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...

6.4CVSS6AI score0.00197EPSS
Exploits0References5
Patchstack
Patchstackadded 2026/03/31 12:9 a.m.3 views

WordPress Ibtana - WordPress Website Builder plugin <= 1.2.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

WordPress Ibtana - WordPress Website Builder plugin = 1.2.5.7 - Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Ibtana versions = 1.2.5.7...

6.4CVSS5.9AI score0.00197EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologiesadded 2026/03/31 12:0 a.m.2 views

PT-2026-29195

The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ive' shortcode in all versions up to, and including, 1.2.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...

6.4CVSS6AI score0.00197EPSS
Exploits0References6
Patchstack
Patchstackadded 2026/03/30 1:11 p.m.3 views

WordPress Ultimate Member plugin <= 2.11.2 - Authenticated (Contributor+) Sensitive Information Exposure to Account Takeover via Shortcode Template Tag vulnerability

Authenticated Contributor+ Sensitive Information Exposure to Account Takeover via Shortcode Template Tag vulnerability discovered by HDH - FPT Software in WordPress Plugin Ultimate Member versions = 2.11.2...

8CVSS5.9AI score0.00229EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder