67 matches found
CVE-2026-6237 Quick Table <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'style' Shortcode Attribute
The Quick Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' attribute of the 'qtbl' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress WP-Clippy plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin WP-Clippy versions = 1.0.0...
WordPress CMS für Motorrad Werkstätten plugin <= 1.0.0 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by Régis SENET - ORHUS in WordPress Plugin CMS für Motorrad Werkstätten versions = 1.0.0...
CVE-2026-5508 WowPress <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The WowPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wowpress shortcode in all versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2026-2349 UI Icons - Critical - Cross-site Scripting - SA-CONTRIB-2026-010
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal UI Icons allows Cross-Site Scripting XSS.This issue affects UI Icons: from 0.0.0 before 1.0.1, from 1.1.0 before 1.1.1...
CVE-2026-28043
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Healer - Doctor, Clinic & Medical WordPress Theme healer allows PHP Local File Inclusion.This issue affects Healer - Doctor, Clinic & Medical WordPress Theme: from n/a...
CVE-2026-1795 Address Bar Ads <= 1.0.0 - Reflected Cross-Site Scripting
The Address Bar Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL Path in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
CVE-2026-1795 Address Bar Ads <= 1.0.0 - Reflected Cross-Site Scripting
The Address Bar Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL Path in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
CVE-2026-1795
The Address Bar Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL Path in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
WordPress CookieHint WP plugin <= 1.0.0 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin CookieHint WP versions = 1.0.0...
WordPress Progress Bar Blocks for Gutenberg plugin <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG vulnerability
Authenticated Author+ Stored Cross-Site Scripting via SVG vulnerability discovered by Peerapat Samatathanyakorn in WordPress Plugin Progress Bar Blocks for Gutenberg versions = 1.0.0...
EUVD-2025-26900
Malicious code in bioql PyPI...
EUVD-2025-30524
Malicious code in bioql PyPI...
EUVD-2024-35502
Malicious code in bioql PyPI...
CVE-2025-9944 Professional Contact Form <= 1.0.0 - Cross-Site Request Forgery to Test Email Sending
The Professional Contact Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the watchforcontactformsubmit function. This makes it possible for unauthenticated attackers to trigg...
CVE-2025-58661
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in eZee Technosys eZee Online Hotel Booking Engine online-booking-engine allows Stored XSS.This issue affects eZee Online Hotel Booking Engine: from n/a through = 1.0.0...
CVE-2025-58646 WordPress Mobi2Go Plugin <= 1.0.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in chtombleson Mobi2Go mobi2go allows Stored XSS.This issue affects Mobi2Go: from n/a through = 1.0.0...
CVE-2025-58646
CVE-2025-58646 affects Mobi2Go (WordPress plugin). Reported as an Improper Neutralization of Input During Web Page Generation (Stored XSS) affecting Mobi2Go: from n/a through 1.0.0. Public details in the initial document indicate a Stored XSS vulnerability via insufficient input sanitization, wit...
CVE-2025-59008
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in PressTigers ZIP Code Based Content Protection zip-code-based-content-protection allows SQL Injection.This issue affects ZIP Code Based Content Protection: from n/a through = 1.0.0...
CVE-2025-58878
Cross-Site Request Forgery CSRF vulnerability in usamafarooq Woocommerce Gifts Product woo-gift-product allows Cross Site Request Forgery.This issue affects Woocommerce Gifts Product: from n/a through = 1.0.0...