Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3465 matches found

OSV
OSVadded 2026/03/07 2:16 a.m.2 views

CVE-2026-2721

The MailArchiver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.8CVSS5.9AI score
Exploits0References8
NVD
NVDadded 2026/03/07 2:16 a.m.2 views

CVE-2026-2721

The MailArchiver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.8CVSS0.00033EPSS
Exploits0References8
Vulnrichment
Vulnrichmentadded 2026/03/07 1:21 a.m.2 views

CVE-2026-2722 Stock Ticker <= 3.26.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Template

The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.26.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...

4.8CVSS5.9AI score0.00029EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/03/07 1:21 a.m.3 views

CVE-2026-2722

The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.26.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...

4.8CVSS5.9AI score0.00029EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/03/07 1:21 a.m.34 views

CVE-2026-2722 Stock Ticker <= 3.26.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Template

The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.26.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...

4.8CVSS0.00029EPSS
Exploits0References4
CVE
CVEadded 2026/03/07 1:21 a.m.8 views

CVE-2026-2722

The CVE-2026-2722 entry refers to the WordPress Stock Ticker plugin (versions up to and including 3.26.1) being vulnerable to Stored Cross-Site Scripting via admin settings/Templates, exploitable by authenticated administrators (and higher) on multi-site setups where unfiltered_html is disabled. ...

4.8CVSS5.9AI score0.00029EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/03/07 1:21 a.m.26 views

CVE-2026-2721 MailArchiver <= 4.4.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings

The MailArchiver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.8CVSS0.00033EPSS
Exploits0References8
Vulnrichment
Vulnrichmentadded 2026/03/07 1:21 a.m.1 views

CVE-2026-2721 MailArchiver <= 4.4.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings

The MailArchiver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.8CVSS5.9AI score0.00033EPSS
Exploits0References8
ATTACKERKB
ATTACKERKBadded 2026/03/07 1:21 a.m.2 views

CVE-2026-2721

The MailArchiver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.8CVSS5.9AI score0.00033EPSS
Exploits0References9
Positive Technologies
Positive Technologiesadded 2026/03/07 12:0 a.m.5 views

PT-2026-23819

The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.26.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...

4.8CVSS5.9AI score0.00029EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/03/07 12:0 a.m.3 views

PT-2026-23833

The Carta Online plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.13.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...

4.4CVSS5.9AI score0.00032EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/03/07 12:0 a.m.5 views

PT-2026-23818

The MailArchiver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.8CVSS5.9AI score0.00033EPSS
Exploits0References9
RedhatCVE
RedhatCVEadded 2026/03/05 1:57 a.m.3 views

CVE-2026-2289

The Taskbuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS5.9AI score0.00011EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/05 1:57 a.m.3 views

CVE-2026-2292

The Morkva UA Shipping plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS5.9AI score0.0001EPSS
Exploits0References1
EUVD
EUVDadded 2026/03/04 3:31 a.m.2 views

EUVD-2026-9354

The Morkva UA Shipping plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS5.9AI score0.0001EPSS
Exploits0References5
EUVD
EUVDadded 2026/03/04 3:31 a.m.3 views

EUVD-2026-9353

The Taskbuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS5.9AI score0.00011EPSS
Exploits0References7
NVD
NVDadded 2026/03/04 2:15 a.m.3 views

CVE-2026-2292

The Morkva UA Shipping plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS0.0001EPSS
Exploits0References4
NVD
NVDadded 2026/03/04 2:15 a.m.2 views

CVE-2026-2289

The Taskbuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS0.00011EPSS
Exploits0References6
ATTACKERKB
ATTACKERKBadded 2026/03/04 1:21 a.m.0 views

CVE-2026-2292

The Morkva UA Shipping plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS5.9AI score0.0001EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/03/04 1:21 a.m.30 views

CVE-2026-2292 Morkva UA Shipping <= 1.7.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Weight, kg' Field

The Morkva UA Shipping plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS0.0001EPSS
Exploits0References4
Rows per page
Query Builder