8416 matches found
EUVD-2026-20034
The LightPress Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the group attribute in the gallery shortcode in all versions up to, and including, 2.3.4. This is due to the plugin modifying gallery shortcode output to include the group attribute value without proper...
CVE-2026-39314
A flaw was found in CUPS, an open-source printing system. An unprivileged local user can exploit an integer underflow vulnerability by providing a negative job-password-supported Internet Printing Protocol IPP attribute. This manipulation causes the cupsd root process to crash, which can be...
CVE-2026-4333
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'skin' attribute of the learnpresscourses shortcode in all versions up to and including 4.3.3. This is due to insufficient input sanitization and output escaping on the 'skin' shortcode...
CVE-2026-3600
The Investi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'investi-announcements-accordion' shortcode's 'maximum-num-years' attribute in all versions up to, and including, 1.0.26. This is due to insufficient input sanitization and output escaping on user-supplied...
CVE-2026-3600 Investi <= 1.0.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'maximum-num-years' Shortcode Attribute
The Investi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'investi-announcements-accordion' shortcode's 'maximum-num-years' attribute in all versions up to, and including, 1.0.26. This is due to insufficient input sanitization and output escaping on user-supplied...
CVE-2026-4379
The LightPress Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the group attribute in the gallery shortcode in all versions up to, and including, 2.3.4. This is due to the plugin modifying gallery shortcode output to include the group attribute value without proper...
CVE-2026-4333
Affected software: LearnPress – WordPress LMS Plugin (WordPress)
CVE-2026-4333 LearnPress <= 4.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'skin' Shortcode Attribute
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'skin' attribute of the learnpresscourses shortcode in all versions up to and including 4.3.3. This is due to insufficient input sanitization and output escaping on the 'skin' shortcode...
WordPress WP Visitor Statistics (Real Time Traffic) plugin <= 8.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'height' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'height' Shortcode Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Visitor Statistics Real Time Traffic versions = 8.4...
CVE-2026-4379
The CVE-2026-4379 entry describes a Stored Cross-Site Scripting vulnerability in the LightPress Lightbox WordPress plugin, affecting all versions up to 2.3.4. The issue arises from how the plugin appends the group attribute to the [gallery] shortcode output without proper escaping, enabling authe...
CVE-2026-4379 LightPress Lightbox <= 2.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'group' Shortcode Attribute
The LightPress Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the group attribute in the gallery shortcode in all versions up to, and including, 2.3.4. This is due to the plugin modifying gallery shortcode output to include the group attribute value without proper...
CVE-2026-4379 LightPress Lightbox <= 2.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'group' Shortcode Attribute
The LightPress Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the group attribute in the gallery shortcode in all versions up to, and including, 2.3.4. This is due to the plugin modifying gallery shortcode output to include the group attribute value without proper...
WordPress Sports Club Management plugin <= 1.12.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'before' Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'before' Attribute vulnerability discovered by zaim in WordPress Plugin Sports Club Management versions = 1.12.9...
PT-2026-31080
Name of the Vulnerable Software and Affected Versions LearnPress – WordPress LMS Plugin versions up to and including 4.3.3 Description The LearnPress – WordPress LMS Plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'skin' attribute of the learn press courses shortcod...
PT-2026-31076
Name of the Vulnerable Software and Affected Versions Investi plugin for WordPress versions up to and including 1.0.26 Description The Investi plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'maximum-num-years' attribute of the 'investi-announcements-accordion'...
PT-2026-31097
The Columns by BestWebSoft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the print clmns shortcode in all versions up to and including 1.0.3. This is due to insufficient input sanitization and output escaping on the 'id' attribute. The...
PT-2026-31317
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Google Maps iframe setting cMap field in compInfosPost sanitizes input using strip tags with an allowlist and regex-based removal of...
WordPress plugin LightPress Lightbox 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CI4MS 安全漏洞
CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.4.0 contained security vulnerabilities. These vulnerabilities stemmed from the improper storage and rendering of blacklist remark parameters into HTML attributes, potentially allowing...
PT-2026-31716
Name of the Vulnerable Software and Affected Versions LangChain versions prior to 0.3.84 and prior to 1.2.28 Description LangChain's f-string prompt-template validation was incomplete, allowing attribute access and indexing expressions in templates for DictPromptTemplate and ImagePromptTemplate...