242919 matches found
CVE-2026-3462 Frisbii Pay <= 1.8.9 - Missing Authorization to Authenticated (Subscriber+) Payment Token Modification
The Frisbii Pay plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'uploadcsv' and 'processbatch' functions in all versions up to, and including, 1.8.9. This makes it possible for authenticated attackers, with Subscriber-level access an...
CVE-2026-12399 Gutenverse <= 3.8.0 - Authenticated (Editor+) Stored Cross-Site Scripting via 'fonts[].font.font.value' Parameter
The Gutenverse – WordPress Blocks, Page Builder & Site Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2026-3462 Frisbii Pay <= 1.8.9 - Missing Authorization to Authenticated (Subscriber+) Payment Token Modification
The Frisbii Pay plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'uploadcsv' and 'processbatch' functions in all versions up to, and including, 1.8.9. This makes it possible for authenticated attackers, with Subscriber-level access an...
CVE-2026-12399 Gutenverse <= 3.8.0 - Authenticated (Editor+) Stored Cross-Site Scripting via 'fonts[].font.font.value' Parameter
The Gutenverse – WordPress Blocks, Page Builder & Site Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2026-9233 Quiz and Survey Master (QSM) <= 11.1.4 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification via qsm_insert_quiz_template AJAX Action
The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 11.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
CVE-2026-9233 Quiz and Survey Master (QSM) <= 11.1.4 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification via qsm_insert_quiz_template AJAX Action
The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 11.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
EUVD-2026-39947
The Shariff for WordPress Shariff for WordPress plugin through 1.0.11 does not sanitize or escape the shariffinfourl setting before outputting it in the frontend HTML via the generateshariff function, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...
CVE-2026-9677
The Shariff for WordPress Shariff for WordPress plugin through 1.0.11 does not sanitize or escape the shariffinfourl setting before outputting it in the frontend HTML via the generateshariff function, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...
CVE-2026-9677 Shariff for WordPress <= 1.0.11 - Admin+ Stored Cross-Site Scripting
The Shariff for WordPress Shariff for WordPress plugin through 1.0.11 does not sanitize or escape the shariffinfourl setting before outputting it in the frontend HTML via the generateshariff function, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...
CVE-2026-9677
The Shariff for WordPress Shariff for WordPress plugin through 1.0.11 does not sanitize or escape the shariffinfourl setting before outputting it in the frontend HTML via the generateshariff function, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...
Exploit for Improper Access Control in Widgetfactorylimited Jce
MASTA CVE-2026-48907 Scanner Joomla! JCE 2.9.99.5 Unauthe...
testimonial-widgets-sqli-cve
CVE-2026-XXXXX Admin SQL Injection in Testimonial Widget...
boxmoe-dove-sqli-cve
CVE-2026-XXXXX Unauthenticated SQL Injection in Boxmoe Dov...
sakura-theme-sqli-cve
CVE-2026-XXXXX Unauthenticated SQL Injection in Sakura Wor...
CVE-2026-11356
The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'menutitle' and 'menumagnifiercolor' Settings in all versions up to, and including, 5.5.15 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-11356 Ivory Search <= 5.5.15 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'menu_title' and 'menu_magnifier_color' Settings
The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'menutitle' and 'menumagnifiercolor' Settings in all versions up to, and including, 5.5.15 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-11356
The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'menutitle' and 'menumagnifiercolor' Settings in all versions up to, and including, 5.5.15 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-11356
The Ivory Search – WordPress Search Plugin for WordPress is affected by a Stored Cross-Site Scripting vulnerability in the settings fields menu_title and menu_magnifier_color, affecting all versions up to and including 5.5.15. The root cause is insufficient input sanitization and output escaping....
EUVD-2026-39931
The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'menutitle' and 'menumagnifiercolor' Settings in all versions up to, and including, 5.5.15 due to insufficient input sanitization and output escaping. This makes it possible for...
PT-2026-53047
The Shariff for WordPress Shariff for WordPress plugin through 1.0.11 does not sanitize or escape the shariff infourl setting before outputting it in the frontend HTML via the generateshariff function, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...