Lucene search
K

1119 matches found

NVD
NVD
added 2 days ago5 views

CVE-2026-11898

The White Label CMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.7.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...

4.4CVSS0.00246EPSS
Exploits0References10
CVE
CVE
added 2 days ago15 views

CVE-2026-11898

CVE-2026-11898 affects the White Label CMS WordPress plugin (all versions up to and including 2.7.12). It enables Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. Attack scenario: an authenticated attacker with administrator-level permissi...

4.4CVSS6.2AI score0.00246EPSS
Exploits0References10
NVD
NVD
added 3 days ago5 views

CVE-2026-15295

The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 7.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.0019EPSS
Exploits0References2
NVD
NVD
added 3 days ago6 views

CVE-2026-12108

The Highlighting Code Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS0.00208EPSS
Exploits0References8
CVE
CVE
added 3 days ago7 views

CVE-2026-12108

The CVE-2026-12108 entry concerns the WordPress Highlighting Code Block plugin. Affected: the Highlighting Code Block plugin for WordPress (versions up to 2.2.0). Vulnerability: Stored Cross-Site Scripting via admin settings caused by insufficient input sanitization and output escaping. Impact: a...

4.4CVSS6.2AI score0.00208EPSS
Exploits0References8
Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-12108 Highlighting Code Block <= 2.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'font_family' Setting

The Highlighting Code Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS0.00208EPSS
Exploits0References8
NVD
NVD
added 5 days ago8 views

CVE-2026-8650

Relative path traversal vulnerability in Progress MOVEit Transfer Admin Settings module. This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3...

7.5CVSS0.00365EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-8650 Authenticated Path Traversal allows MOVEit admins to view arbitrary system files

Relative path traversal vulnerability in Progress MOVEit Transfer Admin Settings module. This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3...

4.5CVSS0.00365EPSS
Exploits0References1
CVE
CVE
added 5 days ago11 views

CVE-2026-8650

Vulnerability: Relative path traversal in Progress MOVEit Transfer (Admin Settings module). Affected versions: MOVEit Transfer before 2025.0.7, and from 2025.1.0 before 2025.1.3. Impact (as described): Authenticated path traversal that can allow viewing arbitrary system files. Notes: The provided...

7.5CVSS5.9AI score0.00365EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-42379

Relative path traversal vulnerability in Progress MOVEit Transfer Admin Settings module. This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3...

4.5CVSS5.9AI score0.00365EPSS
Exploits0References1
NVD
NVD
added 5 days ago7 views

CVE-2026-12041

The Chatra Live Chat + ChatBot + Cart Saver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.00193EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-12041 Chatra Live Chat + ChatBot + Cart Saver <= 1.0.12 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'chatra-code' Setting

The Chatra Live Chat + ChatBot + Cart Saver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.00193EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago5 views

PT-2026-56571

Name of the Vulnerable Software and Affected Versions MOVEit Transfer versions prior to 2025.0.7 MOVEit Transfer versions 2025.1.0 through 2025.1.2 Description A relative path traversal issue exists within the Admin Settings module. Path traversal is a flaw that allows an attacker to access files...

7.5CVSS6.1AI score0.00365EPSS
Exploits0References4
NVD
NVD
added 2026/06/30 3:17 a.m.11 views

CVE-2026-12114

The Team Members – Multi Language Supported Team Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

4.4CVSS0.00212EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/30 2:30 a.m.14 views

CVE-2026-12114

The Team Members – Multi Language Supported Team Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

4.4CVSS5.9AI score0.00212EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/27 6:50 a.m.37 views

CVE-2026-12399 Gutenverse <= 3.8.0 - Authenticated (Editor+) Stored Cross-Site Scripting via 'fonts[].font.font.value' Parameter

The Gutenverse – WordPress Blocks, Page Builder & Site Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.4CVSS0.00246EPSS
Exploits0References12
ATTACKERKB
ATTACKERKB
added 2026/06/27 6:50 a.m.9 views

CVE-2026-12399

The Gutenverse – WordPress Blocks, Page Builder & Site Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.4CVSS5.9AI score0.00246EPSS
Exploits0References13
EUVD
EUVD
added 2026/06/27 6:50 a.m.9 views

EUVD-2026-39959

The Gutenverse – WordPress Blocks, Page Builder & Site Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.4CVSS5.9AI score0.00246EPSS
Exploits0References12
NVD
NVD
added 2026/06/19 6:17 a.m.13 views

CVE-2026-12430

The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and...

4.4CVSS0.00208EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:31 a.m.9 views

CVE-2026-12430

The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and...

4.4CVSS5.9AI score0.00208EPSS
Exploits0References9
Rows per page
Query Builder