CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23 matches found

RedhatCVE•added 2026/03/26 3:8 p.m.•2 views

CVE-2026-2121

The Weaver Show Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'addclass' parameter in all versions up to, and including, 1.8.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

4.4CVSS6AI score0.0005EPSS

Exploits0References1

Patchstack•added 2026/03/23 7:11 p.m.•2 views

WordPress Weaver Show Posts plugin <= 1.8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Additional Classes to Wrap Posts' Widget Setting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'Additional Classes to Wrap Posts' Widget Setting vulnerability discovered by Muqsith Barru - TCC in WordPress Plugin Weaver Show Posts versions = 1.8.1...

4.4CVSS5.8AI score0.0005EPSS

Exploits0References1Affected Software1

EUVD•added 2026/03/21 6:30 a.m.•0 views

EUVD-2026-14151

4.4CVSS6AI score0.0005EPSS

Exploits0References7

NVD•added 2026/03/21 4:16 a.m.•0 views

CVE-2026-2121

4.4CVSS0.0005EPSS

Exploits0References6

CVE•added 2026/03/21 3:27 a.m.•4 views

CVE-2026-2121

The CVE-2026-2121 issue affects the Weaver Show Posts WordPress plugin (all versions up to 1.8.1). It permits Stored Cross-Site Scripting via the add_class parameter due to insufficient input sanitization and output escaping of user attributes. Authenticated attackers with Administrator-level acc...

4.4CVSS6AI score0.0005EPSS

Exploits0References6

Vulnrichment•added 2026/03/21 3:27 a.m.•1 views

CVE-2026-2121 Weaver Show Posts <= 1.8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Additional Classes to Wrap Posts' Widget Setting

4.4CVSS6AI score0.0005EPSS

Exploits0References6

ATTACKERKB•added 2026/03/21 3:27 a.m.•0 views

CVE-2026-2121

4.4CVSS6AI score0.0005EPSS

Exploits0References7

Cvelist•added 2026/03/21 3:27 a.m.•27 views

CVE-2026-2121 Weaver Show Posts <= 1.8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Additional Classes to Wrap Posts' Widget Setting

4.4CVSS0.0005EPSS

Exploits0References6

CNNVD•added 2026/03/21 12:0 a.m.•2 views

WordPress plugin Weaver Show Posts 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.4CVSS5.7AI score0.0005EPSS

Exploits0References6

Positive Technologies•added 2026/03/21 12:0 a.m.•1 views

PT-2026-26828

The Weaver Show Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'add class' parameter in all versions up to, and including, 1.8.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

4.4CVSS6AI score0.0005EPSS

Exploits0References7

EUVD•added 2025/10/03 8:7 p.m.•6 views

EUVD-2023-23659

Malicious code in bioql PyPI...

6.4CVSS6.6AI score0.00121EPSS

Exploits2References2

NVD•added 2023/06/09 6:15 a.m.•20 views

CVE-2023-1404

The Weaver Show Posts Plugin for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 1.6. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitra...

6.4CVSS5.9AI score0.00121EPSS

Exploits2References3

ATTACKERKB•added 2023/06/09 6:15 a.m.•1 views

CVE-2023-1404

6.4CVSS6.1AI score0.00121EPSS

Exploits2References3

OSV•added 2023/06/09 6:15 a.m.•0 views

CVE-2023-1404

5.4CVSS7.4AI score0.00121EPSS

Exploits2References2

Prion•added 2023/06/09 6:15 a.m.•14 views

Cross site scripting

4.9CVSS5AI score0.00121EPSS

Exploits2References2Affected Software1

CVE•added 2023/06/09 5:33 a.m.•48 views

CVE-2023-1404

The CVE-2023-1404 entry concerns the Weaver Show Posts plugin for WordPress (versions ≤ 1.6). It enables stored XSS by insufficient escaping of the profile display name, exploitable by authenticated users with contributor-level permissions and above. Wordfence documentation confirms two related W...

6.4CVSS5AI score0.00121EPSS

Exploits2References3Affected Software1

Vulnrichment•added 2023/06/09 5:33 a.m.•18 views

CVE-2023-1404 Weaver Show Posts <= 1.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via Display Name

6.4CVSS6.8AI score0.00121EPSS

Exploits2References3

Positive Technologies•added 2023/06/09 12:0 a.m.•6 views

PT-2023-16961 · WordPress · Weaver Show Posts Plugin

Name of the Vulnerable Software and Affected Versions: Weaver Show Posts Plugin for WordPress versions up to, and including, 1.6 Description: The issue is related to stored Cross-Site Scripting due to insufficient escaping of the profile display name. This allows authenticated attackers with...

6.4CVSS5.8AI score0.00121EPSS

Exploits2References4

CNNVD•added 2023/06/09 12:0 a.m.•8 views

WordPress Plugin Weaver Show Posts 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

6.4CVSS6.8AI score0.00121EPSS

Exploits2References3

Wordfence Blog•added 2023/04/18 1:51 p.m.•36 views

Hiding in Plain Sight: Cross-Site Scripting Vulnerabilities Patched in Weaver Products

On March 14, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for 2 nearly identical Cross-Site Scripting vulnerabilities in the Weaver Xtreme theme and the Weaver Show Posts plugin, which each have over 10,000 installations. The plugin developer responded...

8.9AI score0.00121EPSS

Exploits2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by