CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/04/04 12:0 a.m.•5 views

PT-2026-30346

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.16.11. This is due to the plugin allowing user-supplied billing fie...

6.5CVSS6.2AI score0.00407EPSS

Positive Technologies•added 2026/04/04 12:0 a.m.•5 views

PT-2026-30308

Name of the Vulnerable Software and Affected Versions The Simple Shopping Cart plugin for WordPress versions up to and including 5.2.4 Description The Simple Shopping Cart plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'wpsc display product' shortcode. Insufficient...

6.4CVSS5.9AI score0.00195EPSS

Positive Technologies•added 2026/04/04 12:0 a.m.•2 views

PT-2026-30314

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wte trip tax' shortcode in all versions up to, and including, 6.7.5 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS6.1AI score0.00159EPSS

CNNVD•added 2026/04/04 12:0 a.m.•6 views

WordPress plugin Shortcodes Ultimate 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.7AI score0.00346EPSS

Patchstack•added 2026/04/03 11:14 p.m.•4 views

WordPress Shortcodes Ultimate plugin <= 7.4.8 - authenticated (Contributor+) Stored Cross-Site Scripting via 'su_carousel' Shortcode vulnerability

authenticated Contributor+ Stored Cross-Site Scripting via 'sucarousel' Shortcode vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Shortcodes Ultimate versions = 7.4.8...

6.4CVSS5.9AI score0.00346EPSS

Patchstack•added 2026/04/03 11:2 p.m.•4 views

WordPress Simple Shopping Cart plugin <= 5.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpsc_display_product' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'wpscdisplayproduct' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Simple Shopping Cart versions = 5.2.4...

6.4CVSS5.9AI score0.00195EPSS

RedhatCVE•added 2026/04/02 5:4 a.m.•7 views

CVE-2026-3831

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the entriesshortcode function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with...

RedhatCVE•added 2026/04/01 10:58 a.m.•3 views

Exploits0References1

CVE-2026-1834

The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ive' shortcode in all versions up to, and including, 1.2.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...

Patchstack•added 2026/04/01 2:34 a.m.•5 views

Exploits0References1

WordPress Database for Contact Form 7, WPforms, Elementor forms plugin <= 1.4.9 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Shortcode vulnerability

Missing Authorization to Authenticated Contributor+ Sensitive Information Exposure via Shortcode vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Plugin Contact Form Entries versions = 1.4.9...

Vulnrichment•added 2026/04/01 1:24 a.m.•3 views

CVE-2026-3831 Database for Contact Form 7, WPforms, Elementor forms <= 1.4.9 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Shortcode

ATTACKERKB•added 2026/04/01 1:24 a.m.•6 views

Exploits0References2

CVE-2026-3831

NVD•added 2026/03/31 11:17 p.m.•4 views

CVE-2026-2480

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'maxwidth' attribute of the subox shortcode in all versions up to, and including, 7.4.10 due to insufficient input sanitization and output escaping on user supplied attributes...

6.4CVSS0.00197EPSS

Exploits0References4

Cvelist•added 2026/03/31 10:26 p.m.•27 views

CVE-2026-2480 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.4.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'max_width' Shortcode Attribute

6.4CVSS0.00197EPSS

Exploits0References4

EUVD•added 2026/03/31 6:31 a.m.•3 views

EUVD-2026-17319

ATTACKERKB•added 2026/03/31 5:28 a.m.•1 views

Exploits0References6

CVE-2026-1834

Cvelist•added 2026/03/31 5:28 a.m.•24 views

Exploits0References6

CVE-2026-1834 Ibtana - WordPress Website Builder <= 1.2.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4CVSS0.00197EPSS

CVE•added 2026/03/31 5:28 a.m.•8 views

CVE-2026-1834

CVE-2026-1834 affects the Ibtana – WordPress Website Builder plugin for WordPress. The issue is a Stored Cross-Site Scripting vulnerability via the plugin's 'ive' shortcode in all versions up to and including 1.2.5.7 , caused by insufficient input sanitization and output escaping on user-supplied...

Vulnrichment•added 2026/03/31 5:28 a.m.•1 views

CVE-2026-1834 Ibtana - WordPress Website Builder <= 1.2.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Patchstack•added 2026/03/31 12:9 a.m.•5 views

WordPress Ibtana - WordPress Website Builder plugin <= 1.2.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

WordPress Ibtana - WordPress Website Builder plugin = 1.2.5.7 - Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Ibtana versions = 1.2.5.7...

6.4CVSS5.9AI score0.00197EPSS