Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Positive Technologies
Positive Technologiesadded 2026/06/12 12:0 a.m.16 views

PT-2026-48818

The Presto Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link url' parameter of the presto player overlay shortcode in versions up to, and including, 4.2.0 This is due to insufficient input sanitization and output escaping in the getOverlays function, which...

6.4CVSS5.7AI score0.00239EPSS
Exploits0References11
Vulnrichment
Vulnrichmentadded 2026/02/14 6:42 a.m.4 views

CVE-2026-1985 Press3D <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via Link URL Parameter in 3D Model Block

The Press3D plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 3D Model Gutenberg block in all versions up to, and including, 1.0.2. This is due to the plugin failing to sanitize and validate the URL scheme when storing link URLs for 3D model blocks, allowing javascript:...

6.4CVSS5.7AI score0.00279EPSS
Exploits0References5
CVE
CVEadded 2026/02/14 6:42 a.m.17 views

CVE-2026-1985

CVE-2026-1985 pertains to the WordPress Press3D plugin up to version 1.0.2, where a vulnerability in the 3D Model Gutenberg block allows Stored Cross-Site Scripting via the link URL parameter. The root cause is inadequate sanitization/validation of the URL scheme when storing model block URLs, en...

6.4CVSS5.8AI score0.00279EPSS
Exploits0References5
Patchstack
Patchstackadded 2026/02/13 11:20 p.m.7 views

WordPress Press3D plugin <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via Link URL Parameter in 3D Model Block vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Link URL Parameter in 3D Model Block vulnerability discovered by WordFence in WordPress Plugin Press3D versions = 1.0.2...

6.4CVSS5.4AI score0.00279EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVEadded 2025/05/23 8:21 a.m.3 views

CVE-2024-1074

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the audio widget 'linkurl' parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS4.9AI score0.00532EPSS
Exploits0References1
Hacker One
Hacker Oneadded 2025/05/09 2:8 p.m.5 views

U.S. Dept Of Defense: Cross-Site Scripting via 'return_link_url' parameter

A Cross-Site Scripting XSS vulnerability was discovered on a website. The vulnerability was found in the 'returnlinkurl' parameter, which allowed an attacker to inject malicious scripts that could be executed. Exploitation of this vulnerability could have led to consequences such as cookie theft...

5.8AI score
Exploits0
Positive Technologies
Positive Technologiesadded 2024/03/13 12:0 a.m.3 views

PT-2024-16503 · WordPress · The Beaver Builder

Name of the Vulnerable Software and Affected Versions: The Beaver Builder – WordPress Page Builder plugin for WordPress versions up to, and including, 2.7.4.2 Description: The issue is related to Stored Cross-Site Scripting via the link url parameter in the audio widget, caused by insufficient...

6.4CVSS8AI score0.00532EPSS
Exploits0References7
Rows per page
Query Builder