Lucene search
K

67 matches found

Cvelist
Cvelist
added 2026/05/12 7:48 a.m.72 views

CVE-2026-6237 Quick Table <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'style' Shortcode Attribute

The Quick Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' attribute of the 'qtbl' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00187EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/05/04 2:6 p.m.5 views

WordPress WP-Clippy plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin WP-Clippy versions = 1.0.0...

6.4CVSS5.8AI score0.00188EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/17 2:20 a.m.5 views

WordPress CMS für Motorrad Werkstätten plugin <= 1.0.0 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Régis SENET - ORHUS in WordPress Plugin CMS für Motorrad Werkstätten versions = 1.0.0...

4.3CVSS5.8AI score0.00225EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/08 6:43 a.m.3 views

CVE-2026-5508 WowPress <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The WowPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wowpress shortcode in all versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS6.1AI score0.00234EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/25 3:21 p.m.1 views

CVE-2026-2349 UI Icons - Critical - Cross-site Scripting - SA-CONTRIB-2026-010

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal UI Icons allows Cross-Site Scripting XSS.This issue affects UI Icons: from 0.0.0 before 1.0.1, from 1.1.0 before 1.1.1...

5.8AI score0.00149EPSS
Exploits0References1
NVD
NVD
added 2026/03/05 6:16 a.m.7 views

CVE-2026-28043

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Healer - Doctor, Clinic & Medical WordPress Theme healer allows PHP Local File Inclusion.This issue affects Healer - Doctor, Clinic & Medical WordPress Theme: from n/a...

9.8CVSS0.00404EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/14 6:42 a.m.34 views

CVE-2026-1795 Address Bar Ads <= 1.0.0 - Reflected Cross-Site Scripting

The Address Bar Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL Path in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

6.1CVSS0.00266EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/14 6:42 a.m.3 views

CVE-2026-1795 Address Bar Ads <= 1.0.0 - Reflected Cross-Site Scripting

The Address Bar Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL Path in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

6.1CVSS5.8AI score0.00266EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/14 6:42 a.m.2 views

CVE-2026-1795

The Address Bar Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL Path in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

6.1CVSS5.7AI score0.00266EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/12/25 11:35 a.m.5 views

WordPress CookieHint WP plugin <= 1.0.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin CookieHint WP versions = 1.0.0...

7.5CVSS6.7AI score0.0028EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/11/11 1:18 a.m.4 views

WordPress Progress Bar Blocks for Gutenberg plugin <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG vulnerability discovered by Peerapat Samatathanyakorn in WordPress Plugin Progress Bar Blocks for Gutenberg versions = 1.0.0...

5.4CVSS5.5AI score0.00142EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-26900

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00137EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2025-30524

Malicious code in bioql PyPI...

5.9CVSS6.5AI score0.0021EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-35502

Malicious code in bioql PyPI...

8.6CVSS6.6AI score0.00605EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/27 6:47 a.m.13 views

CVE-2025-9944 Professional Contact Form <= 1.0.0 - Cross-Site Request Forgery to Test Email Sending

The Professional Contact Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the watchforcontactformsubmit function. This makes it possible for unauthenticated attackers to trigg...

4.3CVSS0.00124EPSS
Exploits0References2
NVD
NVD
added 2025/09/22 7:16 p.m.2 views

CVE-2025-58661

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in eZee Technosys eZee Online Hotel Booking Engine online-booking-engine allows Stored XSS.This issue affects eZee Online Hotel Booking Engine: from n/a through = 1.0.0...

5.9CVSS0.0021EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/22 6:23 p.m.9 views

CVE-2025-58646 WordPress Mobi2Go Plugin <= 1.0.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in chtombleson Mobi2Go mobi2go allows Stored XSS.This issue affects Mobi2Go: from n/a through = 1.0.0...

5.9CVSS0.0021EPSS
Exploits0References1
CVE
CVE
added 2025/09/22 6:23 p.m.8 views

CVE-2025-58646

CVE-2025-58646 affects Mobi2Go (WordPress plugin). Reported as an Improper Neutralization of Input During Web Page Generation (Stored XSS) affecting Mobi2Go: from n/a through 1.0.0. Public details in the initial document indicate a Stored XSS vulnerability via insufficient input sanitization, wit...

5.9CVSS5.9AI score0.0021EPSS
Exploits0References1
NVD
NVD
added 2025/09/09 5:16 p.m.6 views

CVE-2025-59008

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in PressTigers ZIP Code Based Content Protection zip-code-based-content-protection allows SQL Injection.This issue affects ZIP Code Based Content Protection: from n/a through = 1.0.0...

7.6CVSS0.00261EPSS
Exploits0References1
NVD
NVD
added 2025/09/05 2:16 p.m.13 views

CVE-2025-58878

Cross-Site Request Forgery CSRF vulnerability in usamafarooq Woocommerce Gifts Product woo-gift-product allows Cross Site Request Forgery.This issue affects Woocommerce Gifts Product: from n/a through = 1.0.0...

6.5CVSS0.00137EPSS
Exploits0References1
Rows per page
Query Builder