Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8990 matches found

EUVD
EUVDadded 2026/03/07 9:30 a.m.8 views

EUVD-2026-10130

The MyQtip – easy qTip2 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's myqtip shortcode in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.9AI score0.00159EPSS
Exploits0References3
NVD
NVDadded 2026/03/07 8:16 a.m.2 views

CVE-2026-1805

The DA Media GigList plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's damediagiglist shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00197EPSS
Exploits0References5
NVD
NVDadded 2026/03/07 8:16 a.m.5 views

CVE-2026-1825

The Show YouTube video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'syv' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00191EPSS
Exploits0References3
NVD
NVDadded 2026/03/07 8:16 a.m.8 views

CVE-2026-1823

The Consensus Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's consensus shortcode in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00193EPSS
Exploits0References5
NVD
NVDadded 2026/03/07 8:16 a.m.9 views

CVE-2026-1569

The Wueen plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wueen-blocket shortcode in all versions up to, and including, 0.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00159EPSS
Exploits0References2
NVD
NVDadded 2026/03/07 8:16 a.m.5 views

CVE-2026-1574

The MyQtip – easy qTip2 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's myqtip shortcode in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00159EPSS
Exploits0References2
CVE
CVEadded 2026/03/07 7:22 a.m.13 views

CVE-2026-1825

The CVE refers to CVE-2026-1825 for the WordPress Show YouTube video plugin (versions up to 1.1). The connected Wordfence report confirms a Stored Cross-Site Scripting vulnerability via the plugin’s shortcodes, exploitable by authenticated users with contributor-level access or higher. The descri...

6.4CVSS5.9AI score0.00191EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/03/07 7:22 a.m.28 views

CVE-2026-1824 Infomaniak Connect for OpenID <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Infomaniak Connect for OpenID plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'endpointlogin' parameter of the infomaniakconnectgenericauthurl shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes...

6.4CVSS0.00191EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/03/07 7:22 a.m.28 views

CVE-2026-1825 Show YouTube video <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute

The Show YouTube video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'syv' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00191EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/03/07 7:22 a.m.2 views

CVE-2026-1825 Show YouTube video <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute

The Show YouTube video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'syv' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.9AI score0.00191EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/03/07 7:22 a.m.4 views

CVE-2026-1825

The Show YouTube video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'syv' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.9AI score0.00191EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/03/07 7:22 a.m.3 views

CVE-2026-1823 Consensus Embed <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'src' Shortcode Attribute

The Consensus Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's consensus shortcode in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.9AI score0.00193EPSS
Exploits0References5
CVE
CVEadded 2026/03/07 7:22 a.m.14 views

CVE-2026-1823

CVE-2026-1823 (Consensus Embed plugin, WordPress) is a stored XSS vulnerability affecting all versions up to 1.6, caused by insufficient input sanitization and output escaping on attributes used by the plugin’s consensus shortcode. The CVE description specifies that exploitation requires authenti...

6.4CVSS5.9AI score0.00193EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/03/07 7:22 a.m.30 views

CVE-2026-1823 Consensus Embed <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'src' Shortcode Attribute

The Consensus Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's consensus shortcode in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00193EPSS
Exploits0References5
CVE
CVEadded 2026/03/07 7:22 a.m.14 views

CVE-2026-1805

CVE-2026-1805 concerns the DA Media GigList WordPress plugin. It is vulnerable to Stored Cross‑Site Scripting via the plugin’s shortcodes (damedia_giglist) in all versions up to and including 1.9.0 due to insufficient input sanitization and output escaping on user‑supplied attributes. Authenticat...

6.4CVSS5.9AI score0.00197EPSS
Exploits0References5
CVE
CVEadded 2026/03/07 7:22 a.m.12 views

CVE-2026-1820

The CVE CVE-2026-1820 concerns the WordPress plugin Media Library Alt Text Editor, vulnerable to an authenticated Stored Cross-Site Scripting (XSS) via shortcode attributes (notably post_id and bvmalt_sc_div_update_alt_text) in versions up to 1.0.0. The issue arises from insufficient input saniti...

6.4CVSS5.9AI score0.00159EPSS
Exploits0References2
CVE
CVEadded 2026/03/07 7:22 a.m.14 views

CVE-2026-1574

CVE-2026-1574 concerns the WordPress plugin MyQtip – easy qTip2. Wordfence and CVE records describe a Stored Cross-Site Scripting flaw via the plugin’s myqtip shortcode in all versions up to and including 2.0.5. The vulnerability requires authentication at contributor level or higher and allows i...

6.4CVSS5.9AI score0.00159EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/03/07 7:22 a.m.32 views

CVE-2026-1820 Media Library Alt Text Editor <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'post_id' Shortcode Attribute

The Media Library Alt Text Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bvmaltscdivupdatealttext' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

6.4CVSS0.00159EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/03/07 7:22 a.m.33 views

CVE-2026-1574 MyQtip – easy qTip2 <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The MyQtip – easy qTip2 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's myqtip shortcode in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00159EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/03/07 7:22 a.m.3 views

CVE-2026-1574 MyQtip – easy qTip2 <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The MyQtip – easy qTip2 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's myqtip shortcode in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.9AI score0.00159EPSS
Exploits0References2
Rows per page
Query Builder