CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

6.4CVSS6AI score0.00193EPSS

EUVD-2026-14183

The Sheets2Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titles' shortcode attribute in the sheets2table-render-table shortcode in all versions up to and including 0.4.1. This is due to insufficient input sanitization and output escaping. Specifically, the...

Exploits0References6

EUVD-2026-14190

The WP Games Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the game shortcode in all versions up to and including 0.1beta. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes such as 'width', 'height', 'src',...

Exploits0References10

6.4CVSS6AI score0.00188EPSS

EUVD-2026-13999

The Ad Short plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ad' shortcode's 'client' attribute in all versions up to and including 2.0.1. This is due to insufficient input sanitization and output escaping on the 'client' shortcode attribute. The adfunc shortcode handle...

Exploits0References6

6.4CVSS6AI score0.00193EPSS

EUVD-2026-14177

The WordPress PayPal Donation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'donate' shortcode in all versions up to, and including, 1.01. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes such as 'amount', 'email'...

Exploits0References6

EUVD•added 2026/03/21 6:30 a.m.•9 views

EUVD-2026-14150

The Task Manager plugin for WordPress is vulnerable to arbitrary shortcode execution via the 'search' AJAX action in all versions up to, and including, 3.0.2. This is due to missing capability checks in the callbacksearch function and insufficient input validation that allows shortcode syntax...

6.5CVSS6.1AI score0.00254EPSS

Exploits0References8

EUVD•added 2026/03/21 6:30 a.m.•5 views

EUVD-2026-14001

The iVysilani Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' shortcode attribute in all versions up to, and including, 3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

EUVD•added 2026/03/21 6:30 a.m.•4 views

EUVD-2026-14005

The Post Flagger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'flag' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

EUVD-2026-14174

The Integration with Hubspot Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hubspotform' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

Exploits0References4

EUVD-2026-14008

The WP NG Weather plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ng-weather' shortcode in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

Exploits0References4

EUVD-2026-13990

The Simple Football Scoreboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ytmrfbscoreboard' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

EUVD•added 2026/03/21 6:30 a.m.•2 views

Exploits0References4

EUVD-2026-14002

The Outgrow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute of the 'outgrow' shortcode in all versions up to, and including, 2.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

EUVD•added 2026/03/21 6:30 a.m.•2 views

EUVD-2026-13996

The WPFAQBlock– FAQ & Accordion Plugin For Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter of the 'wpfaqblock' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied...

EUVD•added 2026/03/21 6:30 a.m.•4 views

EUVD-2024-55483

The The Contact Form, Survey, Quiz & Popup Form Builder – ARForms plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.2. This is due to the software allowing users to execute an action that does not properly validate a value before running...

5.6CVSS6.2AI score0.00268EPSS

Exploits0References3

NVD•added 2026/03/21 4:17 a.m.•4 views

CVE-2026-4086

The WP Random Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cat', 'nocat', and 'text' shortcode attributes of the 'wprandombutton' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on...

6.4CVSS0.00193EPSS

CVE-2026-4067

6.4CVSS0.00188EPSS

NVD•added 2026/03/21 4:17 a.m.•4 views

CVE-2026-4077

The Ecover Builder For Dummies plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the 'ecover' shortcode in all versions up to and including 1.0. This is due to insufficient input sanitization and output escaping on the user-supplied 'id' shortcode...

6.4CVSS0.00201EPSS

Exploits0References7

CVE-2026-4072

6.4CVSS0.00193EPSS

CVE-2026-3996

6.4CVSS0.00235EPSS

Exploits0References9