CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2 matches found

CVE•added 2026/02/06 7:24 a.m.•10 views

CVE-2026-1279

The CVE-2026-1279 entry concerns the WordPress Employee Directory plugin (versions up to and including 1.2.1). It describes Stored Cross-Site Scripting via the form_title parameter in the search_employee_directory shortcode, caused by insufficient input sanitization and output escaping. Authentic...

6.4CVSS5.6AI score0.00017EPSS

Exploits0References5

Cvelist•added 2026/02/06 7:24 a.m.•24 views

CVE-2026-1279 Employee Directory <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'form_title' Shortcode Attribute

The Employee Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'formtitle' parameter in the searchemployeedirectory shortcode in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00017EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by