Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.9 views

CVE-2026-6813

The Continually plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS5.6AI score0.00195EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/14 4:35 a.m.26 views

CVE-2026-2027 AMP Enhancer <= 1.0.49 - Authenticated (Administrator+) Stored Cross-Site Scripting via AMP Custom CSS Setting

The AMP Enhancer – Compatibility Layer for Official AMP Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AMP Custom CSS setting in all versions up to, and including, 1.0.49 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

4.4CVSS0.00202EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/17 6:42 a.m.22 views

CVE-2026-0691 CM E-Mail Blacklist <= 1.6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'black_email' Parameter

The CM E-Mail Blacklist – Simple email filtering for safer registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blackemail' parameter in all versions up to, and including, 1.6.2. This is due to insufficient input sanitization and output escaping. This makes it...

4.4CVSS0.0026EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.4 views

PT-2026-2810

The Testimonials Creator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject...

4.4CVSS5.2AI score0.00208EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/07 8:21 a.m.2 views

CVE-2025-15000 Page Keys <= 1.3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'page_key' Parameter

The Page Keys plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pagekey’ parameter in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, ...

4.4CVSS4.6AI score0.00189EPSS
Exploits0References2
Rows per page
Query Builder