Lucene search
K

227 matches found

NVD
NVD
added 3 days ago11 views

CVE-2026-12114

The Team Members – Multi Language Supported Team Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

4.4CVSS0.00212EPSS
Exploits0References8
CVE
CVE
added 3 days ago12 views

CVE-2026-12114

The CVE-2026-12114 entry concerns the WordPress plugin “Team Members – Multi Language Supported Team”. The vulnerability is a Stored Cross-Site Scripting flaw in admin settings present in all versions up to 8.7, caused by insufficient input sanitization and output escaping. It affects multisite i...

4.4CVSS5.9AI score0.00212EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 3 days ago12 views

CVE-2026-12114

The Team Members – Multi Language Supported Team Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

4.4CVSS5.9AI score0.00212EPSS
Exploits0References9
NVD
NVD
added 6 days ago10 views

CVE-2026-12399

The Gutenverse – WordPress Blocks, Page Builder & Site Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.4CVSS0.00246EPSS
Exploits0References12
CVE
CVE
added 2026/06/19 4:31 a.m.15 views

CVE-2026-12430

The CVE-2026-12430 entry concerns the Blocksy Companion WordPress plugin (

4.4CVSS5.9AI score0.00208EPSS
Exploits0References8
CVE
CVE
added 2026/06/18 5:34 a.m.29 views

CVE-2026-11358

The CVE concerns the Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More plugin for WordPress (versions up to 3.0.6). The vulnerability is a Stored Cross-Site Scripting flaw arising from insufficient input sanitization and output escaping in admin settings. It a...

4.4CVSS5.5AI score0.00203EPSS
Exploits0References6
NVD
NVD
added 2026/06/09 6:16 a.m.12 views

CVE-2026-8981

The Custom Block Builder WordPress plugin before 4.3.0 does not consistently check the unfilteredhtml capability across all paths that write to its block template code fields, allowing administrators on multisite installations or single-site installs with DISALLOWUNFILTEREDHTML defined to inject...

3.5CVSS0.00138EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 6:0 a.m.8 views

CVE-2026-8981 Lazy Blocks < 4.3.0 - Admin+ Stored XSS via Custom Block Frontend HTML

The Custom Block Builder WordPress plugin before 4.3.0 does not consistently check the unfilteredhtml capability across all paths that write to its block template code fields, allowing administrators on multisite installations or single-site installs with DISALLOWUNFILTEREDHTML defined to inject...

5.7AI score0.00138EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.8 views

CVE-2025-5085

The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blogrolelink’ parameter in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.5CVSS5.6AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.10 views

CVE-2026-3551

The Custom New User Notification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's admin settings in all versions up to, and including, 1.2.0. This is due to insufficient input sanitization and output escaping on multiple settings fields including 'User Mail...

4.4CVSS5.7AI score0.00361EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.10 views

CVE-2026-6800

The FastBots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS5.6AI score0.00195EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.7 views

CVE-2026-2288

The myLinksDump plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'linktitle' parameter in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access...

4.8CVSS5.6AI score0.0023EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 7:48 a.m.19 views

EUVD-2025-210029

The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blogrolelink’ parameter in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.5CVSS6AI score0.00201EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/02 7:48 a.m.7 views

CVE-2025-5085

The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blogrolelink’ parameter in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.5CVSS6AI score0.00201EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.15 views

PT-2026-45698

The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blogrole link’ parameter in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.5CVSS6AI score0.00201EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/27 9:27 a.m.11 views

CVE-2026-3348

The MinhNhut Link Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings Description, Title, and other fields in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

4.4CVSS6AI score0.00237EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/27 9:27 a.m.11 views

EUVD-2026-32174

The MinhNhut Link Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings Description, Title, and other fields in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

4.4CVSS6AI score0.00237EPSS
Exploits0References3
CVE
CVE
added 2026/05/27 9:27 a.m.23 views

CVE-2026-3348

Summary: CVE-2026-3348 affects the MinhNhut Link Gateway WordPress plugin up to version 3.6.1. The issue is a Stored Cross-Site Scripting flaw caused by insufficient input sanitization and output escaping in plugin settings (Description, Title, and other fields). Exploitation requires authenticat...

4.4CVSS6AI score0.00237EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.12 views

PT-2026-43633

The rexCrawler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.8CVSS6AI score0.0023EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/13 4:26 a.m.9 views

CVE-2025-9989

The Broadstreet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.53.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.4CVSS6AI score0.0019EPSS
Exploits0References3
Rows per page
Query Builder