Lucene search
K

2546 matches found

NVD
NVD
added 2026/07/03 2:16 a.m.8 views

CVE-2026-12731

The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sectionTitleTag' and 'articleTitleTag' Block Attributes in all versions up to, and including, 2.3.0 due to insufficient input sanitization and outpu...

6.4CVSS0.00206EPSS
Exploits0References5
CVE
CVE
added 2026/07/03 1:28 a.m.18 views

CVE-2026-12731

The CVE-2026-12731 entry concerns the weDocs WordPress plugin (Docs, Documentation, Wiki & AI Chatbot). Affected: all versions up to 2.3.0. Issue: Stored Cross-Site Scripting via the Block Attributes sectionTitleTag and articleTitleTag, caused by insufficient input sanitization and output escapin...

6.4CVSS5.9AI score0.00206EPSS
Exploits0References5
CVE
CVE
added 2026/07/03 1:28 a.m.19 views

CVE-2026-12734

The weDocs WordPress plugin (Authenticated access level: Contributor+) is vulnerable to Stored XSS via the connectorWidth Block Attribute in all versions up to and including 2.3.0. The root cause is insufficient input sanitization and output escaping. Impact: injected scripts can execute when use...

6.4CVSS5.9AI score0.00206EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/03 1:28 a.m.12 views

CVE-2026-12734

The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'connectorWidth' Block Attribute in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes i...

6.4CVSS5.9AI score0.00206EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/03 1:28 a.m.36 views

CVE-2026-12734 weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'connectorWidth' Block Attribute

The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'connectorWidth' Block Attribute in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes i...

6.4CVSS0.00206EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.13 views

PT-2026-55518

Name of the Vulnerable Software and Affected Versions GenerateBlocks versions prior to 2.2.2 Description The GenerateBlocks plugin for WordPress contains a Stored Cross-Site Scripting issue caused by insufficient input sanitization and output escaping. Authenticated attackers with contributor-lev...

6.4CVSS6.1AI score0.00215EPSS
Exploits0References13
Patchstack
Patchstack
added 2026/07/02 7:1 p.m.5 views

WordPress Ad Inserter – Ad Manager & AdSense Ads plugin <= 2.8.16 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Post Content Disclosure vulnerability

Insecure Direct Object Reference to Authenticated Contributor+ Arbitrary Post Content Disclosure vulnerability discovered by nightward in WordPress Plugin Ad Inserter versions = 2.8.16...

4.3CVSS5.9AI score0.00273EPSS
Exploits0References1Affected Software1
Wordfence Blog
Wordfence Blog
added 2026/07/02 6:34 p.m.13 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 22, 2026 to June 28, 2026)

Last week, there were 201 vulnerabilities disclosed in 171 WordPress Plugins and 9 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 112 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilitie...

6.3AI score
Exploits0
EUVD
EUVD
added 2026/07/02 8:33 a.m.8 views

EUVD-2026-41268

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'aspectRatio' Attribute in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. Th...

6.4CVSS5.9AI score0.00274EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/02 8:33 a.m.42 views

CVE-2026-13252 RSS Aggregator by Feedzy <= 5.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aspectRatio' Attribute

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'aspectRatio' Attribute in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. Th...

6.4CVSS0.00274EPSS
Exploits0References6
NVD
NVD
added 2026/07/02 6:16 a.m.10 views

CVE-2026-11592

The Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.27. This is due to the plugin not properly verifying that a user is authorized to perfor...

4.3CVSS0.00272EPSS
Exploits0References12
EUVD
EUVD
added 2026/07/02 6:0 a.m.8 views

EUVD-2026-41254

The Adminify WordPress plugin before 4.2.10 does not perform per-user read-capability checks on the results returned by one of its administration search features, allowing users with a low-privilege role Contributor to disclose non-public content that WordPress would not otherwise expose to them,...

2.7CVSS5.7AI score0.00189EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 5:35 a.m.16 views

CVE-2026-11592

The CVE-2026-11592 entry concerns the WordPress plugin Email Subscribers & Newsletters (formerly “Email Marketing, Post Notifications & Newsletter”). It describes an authorization bypass vulnerability affecting all versions up to and including 5.9.27. The root cause is that the plugin fails to ve...

4.3CVSS5.9AI score0.00272EPSS
Exploits0References12
CVE
CVE
added 2026/07/01 9:32 a.m.12 views

CVE-2026-10095

CVE-2026-10095 affects the WP Photo Album Plus plugin for WordPress. The flaw is a Stored Cross-Site Scripting (XSS) via the subtext parameter in all versions up to and including 9.1.13.005, caused by insufficient input sanitization and output escaping. An authenticated attacker with contributor-...

6.4CVSS5.9AI score0.00241EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/07/01 7:53 a.m.37 views

CVE-2026-13733 Download Manager <= 3.3.60 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'no_data_msg' Shortcode Attribute

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'nodatamsg' Shortcode Attribute in all versions up to, and including, 3.3.60 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00206EPSS
Exploits0References8
CVE
CVE
added 2026/07/01 4:32 a.m.11 views

CVE-2026-12113

The WordPress plugin Appointment Booking Calendar (versions

4.3CVSS5.8AI score0.00228EPSS
Exploits0References8
CVE
CVE
added 2026/07/01 4:32 a.m.14 views

CVE-2026-2387

The CVE-2026-2387 entry concerns the WordPress Event Organiser plugin (versions up to and including 3.12.9). The vulnerability is a Stored Cross-Site Scripting flaw in the eo_events shortcode: attacker-controlled no_events content is rendered in event list templates without output escaping, allow...

6.4CVSS5.9AI score0.00156EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 4:32 a.m.31 views

CVE-2026-2387 Event Organiser <= 3.12.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via eo_events Shortcode

The Event Organiser plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.12.9. This is due to the 'eoevents' shortcode accepting attacker-controlled 'noevents' content and rendering it in event list templates without output escaping. This makes...

6.4CVSS0.00156EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 4:32 a.m.7 views

EUVD-2026-40903

The Appointment Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.02 via the cpabcappointmentsfilterlist. This makes it possible for authenticated attackers, with contributor-level access and above, to extract customer...

4.3CVSS5.8AI score0.00228EPSS
Exploits0References8
CVE
CVE
added 2026/07/01 3:43 a.m.13 views

CVE-2026-12135

The CVE-2026-12135 entry concerns the FV Flowplayer Video Player plugin for WordPress. Affected versions are all releases up to 7.5.51.7212, where a Stored Cross-Site Scripting vulnerability exists in the video_player shortcode align attribute due to insufficient input sanitization and output esc...

6.4CVSS5.9AI score0.00205EPSS
Exploits0References6
Rows per page
Query Builder