Lucene search
K

10 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/27 5:31 a.m.9 views

CVE-2026-8866

The jQuery googleslides plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'googleslides' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes userid, albumid, authkey, imgmax,...

6AI score0.00235EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/10 3:35 a.m.30 views

CVE-2026-2305 AddFunc Head & Footer Code <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Fields

The AddFunc Head & Footer Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the aFhfcheadcode, aFhfcbodycode, and aFhfcfootercode post meta values in all versions up to, and including, 2.3. This is due to the plugin outputting these meta values without any sanitization or...

6.4CVSS0.002EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/03/26 3:9 p.m.8 views

CVE-2026-1908

The Integration with Hubspot Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hubspotform' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS6AI score0.00235EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-23604

Malicious code in bioql PyPI...

6.4CVSS4.5AI score0.00244EPSS
Exploits0References3
NVD
NVD
added 2025/08/19 8:15 a.m.7 views

CVE-2025-7654

Multiple FunnelKit plugins are vulnerable to Sensitive Information Exposure via the wfgetcookie shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including authentication cookies of other site users, which may make...

8.8CVSS0.00572EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/07/25 2:29 a.m.8 views

CVE-2025-5753

The Valuation Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS6AI score0.00235EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/27 12:0 a.m.6 views

PT-2025-27072 · WordPress · Ninja Forms

Name of the Vulnerable Software and Affected Versions: Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress versions up to, and including, 3.10.2.1 Description: The issue is related to Stored Cross-Site Scripting via the use of a templating engine due to insufficient...

6.4CVSS6.1AI score0.00198EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/05/23 10:38 a.m.20 views

CVE-2024-8282

The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:ive/ive-productscarousel' Gutenberg block in all versions up to, and including, 1.2.4.4 due to insufficient input sanitization and output escaping. Thi...

6.4CVSS5.8AI score0.00311EPSS
Exploits0References1
NVD
NVD
added 2025/05/01 5:15 a.m.13 views

CVE-2025-4099

The List Children plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'listchildren' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00223EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/05/15 12:0 a.m.6 views

PT-2023-16302 · WordPress · F(X) Toc Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: fx TOC WordPress plugin versions 1.1.0 and earlier Description: The issue concerns the fx TOC WordPress plugin, which does not properly validate and escape some of its shortcode attributes before outputting them in a page or post. This could...

5.4CVSS8.3AI score0.00462EPSS
Exploits1References4
Rows per page
Query Builder