CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/02/11 8:26 a.m.•23 views

CVE-2026-1853 BuddyHolis ListSearch <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'placeholder' Shortcode Attribute

The BuddyHolis ListSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'listsearch' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00015EPSS

ATTACKERKB•added 2026/02/11 8:26 a.m.•3 views

CVE-2026-1853

6.4CVSS5.7AI score0.00015EPSS

Exploits0References5

NVD•added 2026/02/11 5:16 a.m.•2 views

CVE-2026-1893

The Orbisius Random Name Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btnlabel' parameter in the 'orbisiusrandomnamegenerator' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS0.00014EPSS

Exploits0References3

CVE•added 2026/02/11 4:36 a.m.•14 views

CVE-2026-1893

The CVE affects Orbisius Random Name Generator for WordPress. Description: Stored Cross-Site Scripting via the btn_label shortcode attribute in orbisius_random_name_generator, affect versions up to 1.0.2. Root cause: insufficient input sanitization and output escaping. Impact: authenticated attac...

6.4CVSS5.7AI score0.00014EPSS

Exploits0References3

ATTACKERKB•added 2026/02/10 9:26 a.m.•2 views

CVE-2026-1922

The The Events Calendar Shortcode & Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ecs-list-events shortcode message attribute in all versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS5.7AI score0.00016EPSS

Exploits0References5

CVE•added 2026/02/10 9:26 a.m.•13 views

CVE-2026-1922

CVE-2026-1922 : The Events Calendar Shortcode & Block plugin for WordPress contains a stored XSS vulnerability in the ecs-list-events shortcode, via the message attribute. It affects all versions up to 3.1.2 and arises from insufficient input sanitization and output escaping on user-supplied attr...

6.4CVSS5.8AI score0.00016EPSS

CVE•added 2026/02/07 8:26 a.m.•14 views

CVE-2026-1573

Summary: CVE-2026-1573 affects the WordPress OMIGO plugin (versions up to and including 3.3). Vulnerability: Stored Cross-Site Scripting via the plugin’s omigo_donate_button shortcode. Insufficient input sanitization and output escaping on user-supplied attributes. Impact: Authenticated attackers...

6.4CVSS5.6AI score0.00052EPSS

Vulnrichment•added 2026/02/07 8:26 a.m.•3 views

CVE-2026-1573 OMIGO <= 3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The OMIGO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's omigodonatebutton shortcode in all versions up to, and including, 3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.8AI score0.00052EPSS

CVE•added 2026/02/07 8:26 a.m.•16 views

CVE-2026-1611

CVE-2026-1611 affects the Wikiloops Track Player plugin for WordPress. The vulnerability is a Stored Cross-Site Scripting (XSS) via the plugin’s wikiloops shortcode in all versions up to and including 1.0.1, caused by insufficient input sanitization and output escaping on user-supplied attributes...

Cvelist•added 2026/02/07 8:26 a.m.•21 views

CVE-2026-1570 Simple Bible Verse via Shortcode <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Simple Bible Verse via Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's verse shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00016EPSS

CVE•added 2026/02/07 5:52 a.m.•17 views

CVE-2025-15267

The CVE-2025-15267 entry concerns the Bold Page Builder WordPress plugin (versions up to and including 5.5.7). The vulnerability is a Stored Cross-Site Scripting flaw in the bt_bb_accordion_item shortcode caused by insufficient input sanitization and output escaping on user-supplied attributes. I...

Patchstack•added 2026/02/07 12:6 a.m.•3 views

WordPress Video Onclick plugin <= 0.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Video Onclick versions = 0.4.7...

6.4CVSS5.3AI score0.00016EPSS

Patchstack•added 2026/02/07 12:5 a.m.•6 views

WordPress Simple Bible Verse via Shortcode plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zaim in WordPress Plugin Simple Bible Verse via Shortcode versions = 1.1...

6.4CVSS5.3AI score0.00016EPSS

Positive Technologies•added 2026/02/07 12:0 a.m.•5 views

PT-2026-6893

Name of the Vulnerable Software and Affected Versions Wonka Slide versions up to and including 1.3.3 Description The Wonka Slide plugin for WordPress is susceptible to Stored Cross-Site Scripting through the list class shortcode. Insufficient input sanitization and output escaping on user-supplie...

6.4CVSS5.7AI score0.00016EPSS

Patchstack•added 2026/02/06 11:46 p.m.•5 views

WordPress OMIGO plugin <= 3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zaim in WordPress Plugin OMIGO versions = 3.3...

6.4CVSS5.3AI score0.00052EPSS

Patchstack•added 2026/02/06 11:29 p.m.•5 views

WordPress Wonka Slide plugin <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Wonka Slide versions = 1.3.3...

6.4CVSS5.3AI score0.00016EPSS

EUVD•added 2026/02/06 6:46 a.m.•4 views

EUVD-2026-5612

The WaveSurfer-WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's audio shortcode in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping on the 'src' attribute. This makes it possible for authenticated attackers,...

ATTACKERKB•added 2026/02/06 6:46 a.m.•4 views

CVE-2026-1888

The Docus – YouTube Video Playlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'docusplaylist' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

Patchstack•added 2026/02/02 12:47 p.m.•3 views

Exploits0References5

WordPress Colibri Page Builder plugin <= 1.0.272 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'colibri_breadcrumb_element' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'colibribreadcrumbelement' Shortcode vulnerability discovered by stealthcopter in WordPress Plugin Colibri Page Builder versions = 1.0.272...

6.4CVSS5.3AI score0.00229EPSS