115 matches found
CVE-2026-42643
The CVE concerns the StellarWP WordPress Image Widget (image-widget) plugin, affected up to version 4.4.11. Root cause: improper neutralization of input during web page generation, leading to a Stored Cross-Site Scripting (XSS) vulnerability. Impact, per the provided data, is an XSS condition wit...
CVE-2026-42643 WordPress Image Widget plugin <= 4.4.11 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in StellarWP Image Widget image-widget allows Stored XSS.This issue affects Image Widget: from n/a through = 4.4.11...
CVE-2026-5425 Widgets for Social Photo Feed <= 1.7.9 - Unauthenticated Stored Cross-Site Scripting via feed_data
The Widgets for Social Photo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'feeddata' parameter keys in all versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
CVE-2026-1792
The Geo Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL path in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...
CVE-2026-1987 Scheduler Widget <= 0.1.6 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Event Modification
The Scheduler Widget plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.1.6. This is due to the schedulerwidgetajaxsaveevent function lacking proper authorization checks and ownership verification when updating events. This makes it...
CVE-2026-1792
The Geo Widget WordPress plugin (up to version 1.0) is vulnerable to Stored Cross-Site Scripting via the URL path due to insufficient input sanitization and output escaping. Unauthenticated attackers can inject arbitrary web scripts on pages viewed by users, leading to potential user-side code ex...
PT-2026-8075
The Geo Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL path in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...
WordPress Buttons Shortcode and Widget plugin <= 1.16 - Stored XSS via shortcode vulnerability
Stored XSS via shortcode vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Buttons Shortcode and Widget versions = 1.16...
CVE-2018-25132
MyBB Trending Widget Plugin 1.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through thread titles. Attackers can modify thread titles with script payloads that will execute when other users view the trending widget...
CVE-2018-25132 MyBB Trending Widget Plugin 1.2 - Cross-Site Scripting
MyBB Trending Widget Plugin 1.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through thread titles. Attackers can modify thread titles with script payloads that will execute when other users view the trending widget...
PT-2026-4502
MyBB Trending Widget Plugin 1.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through thread titles. Attackers can modify thread titles with script payloads that will execute when other users view the trending widget...
CVE-2023-25474
Cross-Site Request Forgery CSRF vulnerability in Csaba Kissi About Me 3000 widget plugin = 2.2.6 versions...
EUVD-2025-202967
The Divelogs Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'latestdive' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
EUVD-2016-1982
Malware in sbrugna...
EUVD-2023-44036
Malicious code in bioql PyPI...
EUVD-2023-50336
Malicious code in bioql PyPI...
EUVD-2023-27917
Malicious code in bioql PyPI...
EUVD-2023-29423
Malicious code in bioql PyPI...
WordPress Wp tabber widget Plugin <= 4.0 - SQL Injection Vulnerability
SQL Injection Vulnerability discovered by Peter Thaleikis in WordPress Plugin Wp tabber widget versions = 4.0...
WordPress Toggles Shortcode and Widget plugin <= 1.14 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Toggles Shortcode and Widget versions = 1.14...