CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2 days ago•8 views

EUVD-2026-33893

6.4CVSS6AI score0.00029EPSS

Positive Technologies•added 2 days ago•5 views

PT-2026-45710

Name of the Vulnerable Software and Affected Versions DeMomentSomTres Shortcodes versions prior to 1.1.2 Description The DeMomentSomTres Shortcodes plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs because the st callout function fails to properly sanitize input and...

6.4CVSS6AI score0.00029EPSS

Exploits0References6

NVD•added 2026/05/27 7:16 a.m.•6 views

CVE-2026-8845

The Islamic Database plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'islamicDB-roqya' shortcode in versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user-supplied 'width' and 'height' shortcode attributes within th...

6.4CVSS0.00032EPSS

Cvelist•added 2026/05/27 5:31 a.m.•24 views

CVE-2026-8845 Islamic Database <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

6.4CVSS0.00032EPSS

CVE•added 2026/05/27 5:31 a.m.•8 views

CVE-2026-8845

CVE-2026-8845 : The WordPress Islamic Database plugin (versions

EUVD•added 2026/05/27 5:31 a.m.•4 views

EUVD-2026-32081

EUVD•added 2026/05/27 5:31 a.m.•6 views

EUVD-2026-32078

The Tuxquote plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'TUXQUOTE' shortcode in versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes 'title', 'align', and 'width' in the tuxquotebuildforma...

ATTACKERKB•added 2026/05/27 5:31 a.m.•4 views

CVE-2026-8891

The BitForm plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bitform' shortcode in versions up to, and including, 1.1.0. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes 'width' and 'height' in the...

6AI score0.00034EPSS

Exploits0References1

CVE•added 2026/05/27 5:31 a.m.•8 views

CVE-2026-8698

The CVE-2026-8698 affects the WordPress plugin Cryptocurrency Prijsvergelijking Widget (version 1.0). Root cause: insufficient output escaping in as_get_coin_shortcode(), which renders the 'width' (and 'height') shortcode attributes directly into the style attribute of an iframe without esc_attr(...

Cvelist•added 2026/05/27 5:31 a.m.•23 views

CVE-2026-8698 Cryptocurrency Prijsvergelijking Widget <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'width' Shortcode Attribute

The Cryptocurrency Prijsvergelijking Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0. This is due to insufficient output escaping in the asgetcoinshortcode function, which renders the 'width' and 'height' shortcode attribute directly into the style attribut...

6.4CVSS0.00032EPSS

Positive Technologies•added 2026/05/27 12:0 a.m.•6 views

PT-2026-43531

The Auto Thumbnail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'thumbnails' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on the shortcode's 'width' and 'height' attributes in the athn thumbnai...

Patchstack•added 2026/04/01 2:31 a.m.•4 views

WordPress WP Shortcodes Plugin - Shortcodes Ultimate plugin <= 7.4.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'max_width' Shortcode Attribute vulnerability

WordPress WP Shortcodes Plugin - Shortcodes Ultimate plugin = 7.4.10 - Authenticated Contributor+ Stored Cross-Site Scripting via 'maxwidth' Shortcode Attribute vulnerability discovered by Michael Iden Mickhat - Hack The Box in WordPress Plugin Shortcodes Ultimate versions = 7.4.10...

6.4CVSS5.9AI score0.00039EPSS

Exploits0References1Affected Software1

CVE•added 2026/03/31 10:26 p.m.•8 views

CVE-2026-2480

CVE-2026-2480 affects the WordPress WP Shortcodes Plugin — Shortcodes Ultimate up to version 7.4.10. The vulnerability is a Stored Cross-Site Scripting (XSS) in the su_box shortcode via the max_width attribute, caused by insufficient input sanitization and output escaping on user-supplied attribu...

6.4CVSS6AI score0.00039EPSS

RedhatCVE•added 2026/03/26 3:10 p.m.•0 views

CVE-2026-1851

The iVysilani Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' shortcode attribute in all versions up to, and including, 3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

Patchstack•added 2026/03/23 7:19 p.m.•2 views

Exploits0References1

WordPress iVysilani Shortcode plugin <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'width' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'width' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin iVysilani Shortcode versions = 3.0...

6.4CVSS5.8AI score0.00045EPSS

Exploits0References1Affected Software1

EUVD•added 2026/03/21 6:30 a.m.•2 views

EUVD-2026-14001

Vulnrichment•added 2026/03/21 3:26 a.m.•0 views

Exploits0References5

CVE-2026-1851 iVysilani Shortcode <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'width' Shortcode Attribute

CVE•added 2026/03/21 3:26 a.m.•2 views

CVE-2026-1851

The CVE-2026-1851 entry relates to the iVysilani Shortcode plugin for WordPress. All versions up to and including 3.0 are vulnerable to Stored Cross‑Site Scripting via the width shortcode attribute due to insufficient input sanitization and output escaping. Authenticated attackers with Contributo...

ATTACKERKB•added 2026/03/21 3:26 a.m.•1 views

CVE-2026-1851