Lucene search
K

377 matches found

Vulnrichment
Vulnrichment
added 2026/02/19 4:36 a.m.3 views

CVE-2026-0561 Shield Security <= 21.0.8 - Unauthenticated Reflected Cross-Site Scripting via 'message' Parameter

The Shield Security plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 21.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

6.1CVSS5.8AI score0.00266EPSS
Exploits0References3
CVE
CVE
added 2026/02/19 4:36 a.m.23 views

CVE-2026-0561

CVE-2026-0561 affects the Shield Security plugin for WordPress up to version 21.0.8. It enables unauthenticated, reflected Cross-Site Scripting via the 'message' parameter due to insufficient input sanitization and output escaping. The impact is described as injecting arbitrary web scripts on pag...

6.1CVSS5.8AI score0.00266EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.9 views

WordPress plugin Shield Security 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.1CVSS5.6AI score0.00266EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.9 views

PT-2026-20627

The Shield Security plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 21.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

6.1CVSS5.8AI score0.00266EPSS
Exploits0References3
NVD
NVD
added 2026/02/18 5:16 a.m.5 views

CVE-2025-6460

The Display During Conditional Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00227EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/18 4:35 a.m.4 views

CVE-2025-6460

The Display During Conditional Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.7AI score0.00227EPSS
Exploits0References4
CVE
CVE
added 2026/02/18 4:35 a.m.17 views

CVE-2025-6460

CVE-2025-6460 relates to the WordPress plugin Display During Conditional Shortcode. The vulnerability is a stored cross-site scripting (XSS) via the message parameter in all versions up to and including 1.2, enabling authenticated users with Contributor+ privileges to inject scripts that execute ...

6.4CVSS5.7AI score0.00227EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/18 4:35 a.m.28 views

CVE-2025-6460 Display During Conditional Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via message Parameter

The Display During Conditional Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00227EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/18 4:35 a.m.4 views

CVE-2025-6460 Display During Conditional Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via message Parameter

The Display During Conditional Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.7AI score0.00227EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.8 views

PT-2026-20258

Name of the Vulnerable Software and Affected Versions Display During Conditional Shortcode plugin for WordPress versions prior to 1.3 Description The software is susceptible to Stored Cross-Site Scripting through the message parameter. Insufficient input sanitization and output escaping allow...

6.4CVSS5.7AI score0.00227EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/02/17 11:18 p.m.6 views

WordPress Display During Conditional Shortcode plugin <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via message Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via message Parameter vulnerability discovered by Gilang - DJ in WordPress Plugin Display During Conditional Shortcode versions = 1.2...

6.4CVSS5.5AI score0.00227EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/15 7:10 a.m.17 views

CVE-2026-1164

The Easy Voice Mail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level...

6.1CVSS5.7AI score0.00194EPSS
Exploits0References1
NVD
NVD
added 2026/02/14 5:16 a.m.14 views

CVE-2026-1164

The Easy Voice Mail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level...

6.1CVSS0.00194EPSS
Exploits0References4
CVE
CVE
added 2026/02/14 4:35 a.m.22 views

CVE-2026-1164

CVE-2026-1164 describes a Stored Cross-Site Scripting vulnerability in the WordPress plugin Easy Voice Mail (versions up to and including 1.2.5). An authenticated attacker with at least Administrator-level access can inject arbitrary scripts via the message parameter, which are executed when user...

6.1CVSS5.7AI score0.00194EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/14 4:35 a.m.30 views

CVE-2026-1164 Easy Voice Mail <= 1.2.5 - Unauthenticated Stored Cross-Site Scripting via 'message'

The Easy Voice Mail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level...

6.1CVSS0.00194EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/14 4:35 a.m.3 views

CVE-2026-1164 Easy Voice Mail <= 1.2.5 - Unauthenticated Stored Cross-Site Scripting via 'message'

The Easy Voice Mail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level...

6.1CVSS5.7AI score0.00194EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/14 12:0 a.m.6 views

PT-2026-8049

The Easy Voice Mail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level...

6.1CVSS5.7AI score0.00194EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/13 12:0 a.m.5 views

CVE-2025-70954

A Null Pointer Dereference vulnerability exists in the TON Virtual Machine TVM within the TON Blockchain before v2025.06. The issue is located in the execution logic of the INMSGPARAM instruction, where the program fails to validate if a specific pointer is null before accessing it. By sending a...

5.8AI score0.00554EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/02/04 8:25 a.m.7 views

CVE-2026-0743

The WP Content Permission plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ohmem-message' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.6AI score0.00264EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/04 8:25 a.m.3 views

CVE-2026-0743 WP Content Permission <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'ohmem-message' Parameter

The WP Content Permission plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ohmem-message' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.6AI score0.00264EPSS
Exploits0References3
Rows per page
Query Builder