Lucene search
K

99 matches found

OSV
OSV
added 2026/05/14 4:36 p.m.6 views

GHSA-CCFX-MFMX-2FX9 Mistune Image Directive CSS Injection Vulnerability

Summary The Image directive plugin validates the :width: and :height: options with a regex compiled as numre = re.compiler"^\d+?:.\d?". This pattern is applied via re.match which anchors only at the start of the string, not the end. Any value that begins with one or more digits passes validation,...

4.7CVSS6AI score0.00228EPSS
Exploits1References4
EUVD
EUVD
added 2026/05/12 9:31 a.m.28 views

EUVD-2026-29401

The Quick Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' attribute of the 'qtbl' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS6AI score0.00187EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/12 7:48 a.m.6 views

CVE-2026-6237

The Quick Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' attribute of the 'qtbl' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS6AI score0.00187EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/12 7:48 a.m.75 views

CVE-2026-6237 Quick Table <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'style' Shortcode Attribute

The Quick Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' attribute of the 'qtbl' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00187EPSS
Exploits0References3
CVE
CVE
added 2026/05/12 7:48 a.m.20 views

CVE-2026-6237

CVE-2026-6237 affects the WordPress plugin Quick Table (all versions ≤ 1.0.0). It enables stored XSS via the style attribute of the qtbl shortcode due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at contributor level or higher, with scripts ex...

6.4CVSS6AI score0.00187EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.21 views

PT-2026-39956

The Quick Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' attribute of the 'qtbl' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS6AI score0.00187EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/22 9:31 p.m.5 views

EUVD-2026-22865

The WM JqMath plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' shortcode attribute of the jqmath shortcode in all versions up to and including 1.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The...

6.4CVSS5.9AI score0.00265EPSS
Exploits0References6
NVD
NVD
added 2026/04/15 9:16 a.m.5 views

CVE-2026-3998

The WM JqMath plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' shortcode attribute of the jqmath shortcode in all versions up to and including 1.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The...

6.4CVSS0.00265EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/15 8:28 a.m.3 views

CVE-2026-3998

The WM JqMath plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' shortcode attribute of the jqmath shortcode in all versions up to and including 1.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The...

6.4CVSS5.9AI score0.00265EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/15 8:28 a.m.32 views

CVE-2026-3998 WM JqMath <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'style' Shortcode Attribute

The WM JqMath plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' shortcode attribute of the jqmath shortcode in all versions up to and including 1.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The...

6.4CVSS0.00265EPSS
Exploits0References5
CVE
CVE
added 2026/04/15 8:28 a.m.17 views

CVE-2026-3998

The WM JqMath WordPress plugin (versions

6.4CVSS5.9AI score0.00265EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/15 8:28 a.m.3 views

CVE-2026-3998 WM JqMath <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'style' Shortcode Attribute

The WM JqMath plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' shortcode attribute of the jqmath shortcode in all versions up to and including 1.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The...

6.4CVSS5.9AI score0.00265EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/04/15 4:6 a.m.5 views

WordPress WM JqMath plugin <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'style' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'style' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin WM JqMath versions = 1.3...

6.4CVSS5.8AI score0.00265EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.10 views

PT-2026-33023

The WM JqMath plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' shortcode attribute of the jqmath shortcode in all versions up to and including 1.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The genera...

6.4CVSS5.9AI score0.00265EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/04/08 9:25 p.m.1 views

CVE-2026-5711

The Post Blocks & Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sliderStyle' block attribute in the Posts Slider block in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

6.4CVSS6.1AI score0.00188EPSS
Exploits0References6
Ubuntu
Ubuntu
added 2026/03/05 4:4 p.m.11 views

USN-8077-1: Bleach vulnerabilities

It was discovered that Bleach did not properly sanitize URI attributes containing character entities. An attacker could possibly use this issue to construct a URI with a disallowed scheme that would bypass sanitization, leading to cross-site scripting. This issue only affected Ubuntu 18.04 LTS...

9.8CVSS5.5AI score0.02195EPSS
Exploits4
CVE
CVE
added 2026/02/06 6:46 a.m.51 views

CVE-2026-1808

The CVE-2026-1808 entry concerns the Orange Confort+ accessibility toolbar for WordPress plugin. It is vulnerable to Stored Cross-Site Scripting via the style parameter of the ocplus_button shortcode in all versions up to 0.7 due to insufficient input sanitization and output escaping. Exploitatio...

6.4CVSS5.6AI score0.00235EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.5 views

WordPress plugin Snillrik Restaurant 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripti...

6.4CVSS5.8AI score0.00297EPSS
Exploits0References3
Debian
Debian
added 2025/12/30 3:55 p.m.6 views

[SECURITY] [DLA 4428-1] mediawiki security update

Debian LTS Advisory DLA-4428-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin December 30, 2025 https://wiki.debian.org/LTS Package : mediawiki Version : 1:1.35.13-1+deb11u6 CVE ID : CVE-2025-67475 CVE-2025-67478 CVE-2025-67479 CVE-2025-67480 CVE-2025-67481...

9.8CVSS5.9AI score0.00395EPSS
Exploits0
NVD
NVD
added 2025/11/04 5:16 a.m.21 views

CVE-2025-11812

The Reuse Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'reusebuildersingleposttitle' shortcode in all versions up to, and including, 1.7. This is due to insufficient input sanitization and output escaping on the 'style' attribute. This makes it possible for...

6.4CVSS0.00211EPSS
Exploits0References3
Rows per page
Query Builder