CVE-2026-8891

The BitForm plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bitform' shortcode in versions up to, and including, 1.1.0. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes 'width' and 'height' in the...

CVE-2026-8845

The Islamic Database plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'islamicDB-roqya' shortcode in versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user-supplied 'width' and 'height' shortcode attributes within th...

CVE-2026-8698

The Cryptocurrency Prijsvergelijking Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0. This is due to insufficient output escaping in the asgetcoinshortcode function, which renders the 'width' and 'height' shortcode attribute directly into the style attribut...

CVE-2026-4083 Scoreboard for HTML5 Games Lite <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Scoreboard for HTML5 Games Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'scoreboard' shortcode in all versions up to, and including, 1.2. The shortcode function sfhgshortcode allows arbitrary HTML attributes to be added to the rendered element, with only a...

PT-2026-26720

The Contact List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ' cl map iframe' parameter in all versions up to, and including, 3.0.18. This is due to insufficient input sanitization and output escaping when handling the Google Maps iframe custom field. The...

PT-2026-26724

The Scoreboard for HTML5 Games Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'scoreboard' shortcode in all versions up to, and including, 1.2. The shortcode function sfhg shortcode allows arbitrary HTML attributes to be added to the rendered element, with only a...

Cross-site Scripting (XSS)

Overview dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the createDOMPurify function, via comments embedded in XML noscript, xmp, noembed, noframes, and iframe attributes containing scripts. Details...

Cross-site Scripting (XSS)

Overview org.webjars.npm:dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the createDOMPurify function, via comments embedded in XML noscript, xmp, noembed, noframes, and iframe attributes containing...

Silverware Games SilverwareGames.io 跨站脚本漏洞

Silverware Games SilverwareGames.io is an online gaming website from Silverware Games, Inc. Silverware Games SilverwareGames.io suffers from a cross-site scripting vulnerability that originates from allowing custom HTML attributes to be added to iframe tags...