201 matches found
WordPress OneTone theme <= 3.0.6 – Unauthenticated Stored XSS
includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress has multiple stored XSS issues. id: CVE-2019-17231 info: name: WordPress OneTone theme = 3.0.6 – Unauthenticated Stored XSS author: daffainfo severity: medium description: | includes/theme-functions.php in the OneTone...
CVE-2026-7052
The CVE concerns the HT Contact Form – Drag & Drop Form Builder for WordPress plugin. A Stored Cross-Site Scripting (XSS) vulnerability exists in the file_upload parameter for all versions up to 2.8.2 due to insufficient input sanitization and output escaping. Exploitation requires the Store Subm...
CVE-2026-5324
The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce verification for unauthenticated form submissions, insufficient handling of FileUpload fields when ...
CVE-2026-5110 Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Single Product Field Inside Repeater
The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping in the SingleProduct field when used inside a Repeater field. When SingleProduct fields are...
PT-2026-36594
The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce verification for unauthenticated form submissions, insufficient handling of FileUpload fields when ...
WordPress Vagaro Booking Widget plugin <= 0.3 - Unauthenticated Stored Cross-Site Scripting via 'vagaro_code' vulnerability
Unauthenticated Stored Cross-Site Scripting via 'vagarocode' vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Vagaro Booking Widget versions = 0.3...
CVE-2025-15386
The Responsive Lightbox & Gallery WordPress plugin before 2.6.1 is vulnerable to an Unauthenticated Stored-XSS attack due to flawed regex replacement rules that can be abused by posting a comment with a malicious link when lightbox for comments are enabled and then approved...
WordPress PixelYourSite plugin <= 11.2.0 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - cyberdogzmarketing.com | krei.dev | ogbuilders.io in WordPress Plugin PixelYourSite – Your smart PIXEL TAG Manager versions = 11.2.0...
WordPress Customer Reviews for WooCommerce plugin <= 5.97.0 - Unauthenticated Stored Cross-Site Scripting via media[].href Parameter vulnerability
Unauthenticated Stored Cross-Site Scripting via media.href Parameter vulnerability discovered by type5afe in WordPress Plugin Customer Reviews for WooCommerce versions = 5.97.0...
CVE-2020-12132
Fifthplay S.A.M.I before 2019.3HP2 allows unauthenticated stored XSS via a POST request...
PT-2025-51810
The HTML Forms – Simple WordPress Forms Plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to and including 1.6.0 due to insufficient sanitization of fabricated file upload field metadata before displaying it in the WordPress admin dashboard. This...
CVE-2025-12499
CVE-2025-12499 affects the WordPress plugin Rich Shortcodes for Google Reviews (
EUVD-2019-4891
Malware in sbrugna...
EUVD-2021-11569
Malware in sbrugna...
EUVD-2017-8010
Malware in sbrugna...
EUVD-2021-11263
Malware in sbrugna...
EUVD-2020-13413
Malware in sbrugna...
EUVD-2019-7655
Malware in sbrugna...
EUVD-2025-16698
Malicious code in bioql PyPI...
EUVD-2021-34192
Malicious code in bioql PyPI...