Lucene search
K

36562 matches found

CVE
CVE
added 2 hours ago4 views

CVE-2026-4804

The Zakra theme for WordPress is vulnerable to Stored Cross-Site Scripting via post meta values in all versions up to, and including, 4.2.0. This is due to the theme registering three post meta fields zakramenuitemcolor, zakramenuitemhovercolor, and zakramenuitemactivecolor with 'showinrest' = tr...

6.4CVSS
Exploits0References2
CVE
CVE
added 3 hours ago5 views

CVE-2026-8351

CVE-2026-8351 concerns the RTMKit plugin for WordPress, vulnerable up to version 2.0.7. The flaw is a Stored Cross-Site Scripting in the Advanced Heading widget via the 'Background Text' parameter. The render() function concatenates the value directly into an HTML attribute without applying esc_a...

6.4CVSS6.1AI score
Exploits0References9
ATTACKERKB
ATTACKERKB
added 5 hours ago3 views

CVE-2026-8892

The CM Business Directory – Optimise and showcase local business plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Business Address Meta Fields in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.9AI score
Exploits0References8
ATTACKERKB
ATTACKERKB
added 5 hours ago4 views

CVE-2026-13040

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'realval' parameter in all versions up to, and including, 9.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS5.9AI score
Exploits0References15
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-41487

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'realval' parameter in all versions up to, and including, 9.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS5.9AI score
Exploits0References14
CVE
CVE
added 8 hours ago9 views

CVE-2026-12731

The CVE-2026-12731 entry concerns the weDocs WordPress plugin (Docs, Documentation, Wiki & AI Chatbot). Affected: all versions up to 2.3.0. Issue: Stored Cross-Site Scripting via the Block Attributes sectionTitleTag and articleTitleTag, caused by insufficient input sanitization and output escapin...

6.4CVSS5.9AI score
Exploits0References5
EUVD
EUVD
added 8 hours ago8 views

EUVD-2026-41467

The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'connectorWidth' Block Attribute in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes i...

6.4CVSS5.9AI score
Exploits0References4
EUVD
EUVD
added 9 hours ago4 views

EUVD-2026-41452

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS SIP Proxy module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-6947. This issue affects Fireware OS 12.0 up to and...

4.8CVSS5.7AI score0.00341EPSS
Exploits0References2
EUVD
EUVD
added 9 hours ago4 views

EUVD-2026-41450

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS Autotask Technology Integration module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-13938. This issue affects Fireware O...

6.1CVSS5.7AI score0.00151EPSS
Exploits0References2
CVE
CVE
added yesterday8 views

CVE-2026-13375

WatchGuard Fireware OS Autotask Technology Integration module is affected by CVE-2026-13375, a Stored XSS vulnerability. Affected versions are Fireware OS 12.4–12.12, 12.5–12.5.18, and 2025.1–2026.2. Attack vector is NETWORK with low attack complexity and high privileges required; user interactio...

4.8CVSS5.7AI score
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-13374

CVE-2026-13374 is a stored XSS vulnerability in WatchGuard Fireware OS (ConnectWise Technology Integration module). It affects Fireware OS versions 12.4–12.12, 12.5–12.5.18, and 2025.1–2026.2. The issue stems from improper neutralization of input during web page generation, allowing stored cross-...

4.8CVSS5.7AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2026-4772

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in TR7 Cyber ​​Defense Inc. WAF-ASP allows Stored XSS. This issue affects WAF-ASP: from v1.0.324.900 before v1.4.0.117...

5.4CVSS5.8AI score
Exploits0References2Affected Software1
CVE
CVE
added yesterday7 views

CVE-2026-57761

CVE-2026-57761 concerns the WordPress theme SEOWP, affected in versions <= 3.12.2. The vulnerability is described as Unauthenticated CSRF . Several connected sources also frame the issue as a CSRF leading to Stored XSS in SEOWP

7.1CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added yesterday20 views

CVE-2026-57761 WordPress SEOWP theme <= 3.12.2 - CSRF to Stored XSS vulnerability

Unauthenticated Cross Site Request Forgery CSRF in SEOWP = 3.12.2 versions...

7.1CVSS
Exploits0References1
Nuclei
Nuclei
added yesterday25 views

Limit Login Attempts - Stored Cross-Site Scripting

Limit Login Attempts WordPress plugin 4.0.72 contains a stored cross-site scripting caused by unsanitized and unescaped settings, letting malicious administrators inject Javascript code, exploit requires administrator privileges. id: CVE-2022-1029 info: name: Limit Login Attempts - Stored...

4.8CVSS5.6AI score0.00848EPSS
Exploits2References1
Nuclei
Nuclei
added yesterday16 views

Duplicate Page WordPress - Stored Cross-Site Scripting

Duplicate Page WordPress plugin = 4.4.2 contains a stored cross-site scripting caused by unsanitized Duplicate Post Suffix settings in output, letting high privilege users execute malicious scripts, exploit requires high privilege user role. id: CVE-2021-24681 info: name: Duplicate Page WordPress...

4.8CVSS5.7AI score0.0087EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday34 views

Microweber <1.2.12 - Stored Cross-Site Scripting

Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability. It allows unrestricted upload of XML files,. id: CVE-2022-0963 info: name: Microweber 1.2.12 - Stored Cross-Site Scripting author: amit-jd severity: medium description: | Microweber prior to 1.2.12 contains a stored...

5.7CVSS6AI score0.01877EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday16 views

tagDiv Composer < 4.2 - Stored Cross-Site Scripting

tagDiv Composer plugin versions before 4.2 for WordPress are vulnerable to unauthenticated stored XSS via the /wp-json/tdw/savecss endpoint. An attacker can inject malicious JavaScript code through the compiledcss parameter, which gets stored and executed when the CSS is loaded. id: CVE-2023-3169...

6.1CVSS7AI score0.01595EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday31 views

ChurchCRM 4.5.3 - Cross-Site Scripting

A stored Cross-site scripting XSS vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the NoteEditor.php. id: CVE-2023-26843 info: name: ChurchCRM 4.5.3 - Cross-Site Scripting author: Harsh severity: medium description: | A stored Cross-site scripti...

5.4CVSS6.2AI score0.0142EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday21 views

LiteSpeed Cache <= 5.7 - Unauthenticated Stored XSS

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache- from n/a through 5.7. id: CVE-2023-40000 info: name: LiteSpeed Cache = 5.7 - Unauthenticated Stored XSS...

8.3CVSS7.1AI score0.54872EPSS
Exploits5References3
Rows per page
Query Builder