Lucene search
K

66 matches found

EUVD
EUVD
added 2026/07/03 7:53 a.m.8 views

EUVD-2026-41522

The GenerateBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Headline Block 'linkMetaFieldType' Dynamic Link Attribute in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS6.1AI score0.00215EPSS
Exploits0References8
NVD
NVD
added 2026/06/29 8:17 p.m.8 views

CVE-2026-54889

Improper Neutralization of Input During Web Page Generation XSS vulnerability in leandrocp mdex allows cross-site scripting via unsanitized URL schemes in Quill Delta output. 'Elixir.MDEx':todelta/2 converts Markdown into a Quill Delta. 'Elixir.MDEx.DeltaConverter':defaultconvertnode/3 in...

5.1CVSS0.0031EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/24 11:17 p.m.3 views

Improper Handling of Unexpected Data Type

Overview Affected versions of this package are vulnerable to Improper Handling of Unexpected Data Type via the Link::isAllowedUri function when processing Tiptap JSON containing an attrs.href field set to an array instead of a string. An attacker can cause persistent server-side crashes by...

7.1CVSS5.8AI score0.00305EPSS
Exploits0References2
NVD
NVD
added 2026/06/18 6:16 a.m.16 views

CVE-2026-11402

The Services Section Block – Showcase Service Details in Grid or Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'link' Block Attribute in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00212EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/18 5:34 a.m.6 views

CVE-2026-11402

The Services Section Block – Showcase Service Details in Grid or Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'link' Block Attribute in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.5AI score0.00212EPSS
Exploits0References5
CVE
CVE
added 2026/06/18 5:34 a.m.23 views

CVE-2026-11402

The CVE-2026-11402 entry concerns the WordPress plugin “Services Section Block – Showcase Service Details in Grid or Columns.” Affected component is the ‘link’ Block Attribute, with stored XSS in all versions up to 1.4.4 due to insufficient input sanitization and output escaping. The vulnerabilit...

6.4CVSS5.6AI score0.00212EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/18 5:34 a.m.14 views

EUVD-2026-37849

The Services Section Block – Showcase Service Details in Grid or Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'link' Block Attribute in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.5AI score0.00212EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/18 5:34 a.m.30 views

CVE-2026-11402 Services Section Block <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'link' Block Attribute

The Services Section Block – Showcase Service Details in Grid or Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'link' Block Attribute in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00212EPSS
Exploits0References4
OSV
OSV
added 2026/06/17 6:35 p.m.5 views

GHSA-52MM-H59V-F3C7 earmark: Stored XSS via unescaped HTML attribute values

Improper Neutralization of Script in Attributes in a Web Page vulnerability in pragdave earmark allows stored cross-site scripting via unescaped HTML attribute values. 'Elixir.Earmark.Transform':makeatt1/2 in lib/earmark/transform.ex splices attribute values verbatim between two literal " bytes: ...

4.8CVSS5.1AI score0.00133EPSS
Exploits0References4
CVE
CVE
added 2026/06/17 4:42 p.m.14 views

CVE-2026-48591

CVE-2026-48591 describes a stored cross-site scripting vulnerability in the open-source earmark Markdown library used with Elixir. The issue arises from how Elixir.Earmark.Transform:_make_att1/2 splices attribute values directly between two literal quotes, causing attribute values to be emitted v...

4.8CVSS5AI score0.00133EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.10 views

CVE-2026-9022

The Splide Carousel Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'url' Block Attribute in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

6.4CVSS5.6AI score0.00197EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.11 views

CVE-2026-6256

The Credits Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the 'credits' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.7AI score0.00187EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 9:31 a.m.8 views

EUVD-2026-29403

The Credits Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the 'credits' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS6AI score0.00187EPSS
Exploits0References4
NVD
NVD
added 2026/05/12 9:16 a.m.16 views

CVE-2026-6256

The Credits Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the 'credits' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00187EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/12 7:48 a.m.8 views

CVE-2026-6256

The Credits Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the 'credits' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS6AI score0.00187EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/12 7:48 a.m.39 views

CVE-2026-6256 Credits Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'link' Shortcode Attribute

The Credits Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the 'credits' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00187EPSS
Exploits0References3
CVE
CVE
added 2026/05/12 7:48 a.m.14 views

CVE-2026-6256

CVE-2026-6256 affects the WordPress plugin Credits Shortcode (versions

6.4CVSS6AI score0.00187EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/12 7:48 a.m.7 views

CVE-2026-6256 Credits Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'link' Shortcode Attribute

The Credits Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the 'credits' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS6AI score0.00187EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.11 views

PT-2026-39958

The Credits Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the 'credits' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS6AI score0.00187EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.7 views

unhead 跨站脚本漏洞

unhead is a document header and template manager developed by UnJS. Versions of unhead prior to 2.1.11 contained a cross-site scripting vulnerability. This vulnerability stemmed from the link.href check being case-sensitive, which could allow attackers to inject arbitrary CSS for UI masking or da...

6.1CVSS5.8AI score0.00237EPSS
Exploits1References1
Rows per page
Query Builder