Lucene search
K

36612 matches found

CVE
CVE
added 1 hour ago3 views

CVE-2026-41122

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain a stored cross-site scripting vulnerability. An unauthenticated attacker wit...

7.1CVSS5.9AI score
Exploits0References1
NVD
NVD
added 1 hour ago2 views

CVE-2026-6740

The Nexter Blocks – Gutenberg Blocks, Page Builder & AI Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'commentIcon' parameter in all versions up to, and including, 4.7.4 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS
Exploits0References2
CVE
CVE
added 2 hours ago7 views

CVE-2026-6740

CVE-2026-6740 affects the Nexter Blocks – Gutenberg Blocks, Page Builder & AI Website Builder plugin for WordPress. The vulnerability is a Stored XSS via the ‘commentIcon’ block attribute, caused by insufficient input sanitization and output escaping. It affects all versions up to and including 4...

6.4CVSS6.1AI score
Exploits0References2
CVE
CVE
added 2 hours ago7 views

CVE-2026-6820

CVE-2026-6820: The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the email parameter in all versions up to 1.8.8 due to insufficient input sanitization and output escaping. Unauthenticated attackers can inject arbitrary web scripts in ...

7.2CVSS6.1AI score
Exploits0References3
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42219

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'additional' parameter in all versions up to, and including, 2026.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

6.4CVSS6.1AI score
Exploits0References3
NVD
NVD
added 2 hours ago5 views

CVE-2026-6818

The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'specialrequests' parameter in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS
Exploits0References4
Cvelist
Cvelist
added 3 hours ago5 views

CVE-2026-6371 Stored XSS in Limatek's LimRAD NAC

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Limatek System Inc. LimRAD NAC allows Stored XSS. This issue affects LimRAD NAC: through 08072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

4.8CVSS
Exploits0References1
NVD
NVD
added 8 hours ago4 views

CVE-2026-12041

The Chatra Live Chat + ChatBot + Cart Saver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS
Exploits0References3
NVD
NVD
added 8 hours ago4 views

CVE-2026-10570

The Sympl Repeater for ACF and Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ACF repeater field values in all versions up to, and including, 2.3. This is due to insufficient input sanitization and output escaping in the symparfereplacecontent function, which uses...

6.4CVSS
Exploits0References3
Cvelist
Cvelist
added 9 hours ago8 views

CVE-2026-10570 Sympl Repeater for ACF and Elementor <= 2.3 - Authenticated (Author+) Stored Cross-Site Scripting via ACF Repeater Field Values

The Sympl Repeater for ACF and Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ACF repeater field values in all versions up to, and including, 2.3. This is due to insufficient input sanitization and output escaping in the symparfereplacecontent function, which uses...

6.4CVSS
Exploits0References3
EUVD
EUVD
added 9 hours ago5 views

EUVD-2026-42176

The Sympl Repeater for ACF and Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ACF repeater field values in all versions up to, and including, 2.3. This is due to insufficient input sanitization and output escaping in the symparfereplacecontent function, which uses...

6.4CVSS6.1AI score
Exploits0References3
Cvelist
Cvelist
added 9 hours ago9 views

CVE-2026-12041 Chatra Live Chat + ChatBot + Cart Saver <= 1.0.12 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'chatra-code' Setting

The Chatra Live Chat + ChatBot + Cart Saver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS
Exploits0References3
EUVD
EUVD
added 9 hours ago5 views

EUVD-2026-42171

The Chatra Live Chat + ChatBot + Cart Saver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS6AI score
Exploits0References3
Nuclei
Nuclei
added 9 hours ago21 views

Duplicate Page WordPress - Stored Cross-Site Scripting

Duplicate Page WordPress plugin = 4.4.2 contains a stored cross-site scripting caused by unsanitized Duplicate Post Suffix settings in output, letting high privilege users execute malicious scripts, exploit requires high privilege user role. id: CVE-2021-24681 info: name: Duplicate Page WordPress...

4.8CVSS5.8AI score0.0087EPSS
Exploits2References3
Nuclei
Nuclei
added 9 hours ago52 views

Limit Login Attempts WordPress - Stored Cross-site Scripting

Limit Login Attempts WordPress plugin 4.0.50 contains a stored cross-site scripting caused by not escaping IP addresses controlled via headers like X-Forwarded-For before outputting them in reports, letting unauthenticated attackers execute scripts in admin context. id: CVE-2021-24657 info: name:...

6.1CVSS6.3AI score0.0157EPSS
Exploits2References2
Nuclei
Nuclei
added 9 hours ago17 views

tagDiv Composer < 4.2 - Stored Cross-Site Scripting

tagDiv Composer plugin versions before 4.2 for WordPress are vulnerable to unauthenticated stored XSS via the /wp-json/tdw/savecss endpoint. An attacker can inject malicious JavaScript code through the compiledcss parameter, which gets stored and executed when the CSS is loaded. id: CVE-2023-3169...

6.1CVSS7AI score0.01595EPSS
Exploits2References2
Nuclei
Nuclei
added 9 hours ago63 views

Microweber <1.2.12 - Stored Cross-Site Scripting

Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability. It allows unrestricted upload of XML files,. id: CVE-2022-0963 info: name: Microweber 1.2.12 - Stored Cross-Site Scripting author: amit-jd severity: medium description: | Microweber prior to 1.2.12 contains a stored...

5.7CVSS6.1AI score0.01877EPSS
Exploits1References5
Nuclei
Nuclei
added 9 hours ago21 views

The Events Calendar < 6.4.0.1 - Cross-site Scripting

The Events Calendar WordPress plugin 6.4.0.1 contains a stored XSS caused by improper sanitization of user-submitted content when rendering views via AJAX, letting attackers execute scripts in the context of the affected site. Exploitation requires user interaction. id: CVE-2024-4180 info: name:...

9.1CVSS6AI score0.01834EPSS
Exploits2References3
Nuclei
Nuclei
added 9 hours ago120 views

Limit Login Attempts - Stored Cross-Site Scripting

Limit Login Attempts WordPress plugin 4.0.72 contains a stored cross-site scripting caused by unsanitized and unescaped settings, letting malicious administrators inject Javascript code, exploit requires administrator privileges. id: CVE-2022-1029 info: name: Limit Login Attempts - Stored...

4.8CVSS5.8AI score0.00848EPSS
Exploits2References1
EUVD
EUVD
added yesterday6 views

EUVD-2025-13498

Open WebUI vulnerable to stored XSS via unescaped markdown token in MarkdownTokens.svelte leading to full account takeover and RCE via functions...

6.4CVSS5.9AI score0.00434EPSS
Exploits1References5
Rows per page
Query Builder