Lucene search
K

8 matches found

EUVD
EUVD
added 2026/06/24 5:33 a.m.6 views

EUVD-2026-38684

The WP Latest Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted image src attributes in post content in versions up to, and including, 5.0.11. This is due to insufficient output escaping in the field and loop functions, which extract the raw src attribute value...

6.4CVSS6AI score0.00207EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/18 5:34 a.m.30 views

CVE-2026-11784 Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization <= 4.2.6 - Cross-Site Request Forgery via 'optml_replace_file' AJAX Action

The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.6. This is due to missing or incorrect nonce validation on the replacefile function. This makes it...

4.3CVSS0.00157EPSS
Exploits1References6
EUVD
EUVD
added 2026/04/04 9:30 a.m.4 views

EUVD-2026-18977

The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sucarousel shortcode in all versions up to, and including, 7.4.8. This is due to insufficient input sanitization and output escaping in the 'suslidelink' attachment meta field...

6.4CVSS6.1AI score0.00346EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.6 views

CVE-2026-0609

The Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image alt text in all versions up to, and including, 4.9.0 due to insufficient input sanitization and output escaping in the 'logo-slider' shortcode...

6.4CVSS6AI score0.00156EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/05 8:25 a.m.28 views

CVE-2026-1319 Robin Image Optimizer <= 2.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via Image Alternative Text Field

The Robin Image Optimizer – Unlimited Image Optimization & WebP Converter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Alternative Text' field of a Media Library image in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output...

6.4CVSS0.00205EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/05 12:1 p.m.8 views

CVE-2025-12045

The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the category and tag 'name' parameters in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output...

6.4CVSS5AI score0.00199EPSS
Exploits0References1
NVD
NVD
added 2025/11/04 12:15 p.m.14 views

CVE-2025-12045

The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the category and tag 'name' parameters in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output...

6.4CVSS0.00199EPSS
Exploits0References5
OSV
OSV
added 2024/09/26 10:15 a.m.5 views

CVE-2024-9173

The GF Custom Style plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, ...

5.4CVSS5.9AI score0.00283EPSS
Exploits0References2
Rows per page
Query Builder