CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/02/14 6:42 a.m.•2 views

CVE-2026-0735 User Language Switch <= 1.6.10 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'tab_color_picker_language_switch' Parameter

The User Language Switch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tabcolorpickerlanguageswitch' parameter in all versions up to, and including, 1.6.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

Cvelist•added 2026/02/14 6:42 a.m.•32 views

CVE-2026-0735 User Language Switch <= 1.6.10 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'tab_color_picker_language_switch' Parameter

4.4CVSS0.00039EPSS

CVE•added 2026/02/14 6:42 a.m.•20 views

CVE-2026-0735

CVE-2026-0735 corresponds to a vulnerability in WordPress Plugin User Language Switch (versions 1.6.10 or applying vendor-provided fixes. If other details (e.g., affected product/vendor, CVE scope) are necessary, they are not present in the supplied sources.

Cvelist•added 2026/02/14 6:42 a.m.•22 views

CVE-2025-15483 Link Hopper <= 2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'hop_name' Parameter

4.4CVSS0.0004EPSS

Exploits0References2

ATTACKERKB•added 2026/02/14 6:42 a.m.•1 views

CVE-2026-0735

4.4CVSS5.6AI score0.00039EPSS

Vulnrichment•added 2026/02/14 6:42 a.m.•1 views

CVE-2026-0693 Allow HTML in Category Descriptions <= 1.2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Category Descriptions

The Allow HTML in Category Descriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via category descriptions in all versions up to, and including, 1.2.4. This is due to the plugin unconditionally removing the wpksesdata output filter for termdescription, linkdescription,...

ATTACKERKB•added 2026/02/14 6:42 a.m.•2 views

CVE-2026-0693

CVE•added 2026/02/14 4:35 a.m.•10 views

CVE-2026-2027

CVE-2026-2027 concerns the AMP Enhancer – Compatibility Layer for Official AMP Plugin (WordPress). Affected: AMP Enhancer, all versions up to and including 1.0.49. Root cause: insufficient input sanitization and output escaping on AMP Custom CSS attributes. Impact: Stored Cross-Site Scripting (XS...

4.4CVSS5.7AI score0.00042EPSS

ATTACKERKB•added 2026/02/14 4:35 a.m.•3 views

CVE-2026-2027

The AMP Enhancer – Compatibility Layer for Official AMP Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AMP Custom CSS setting in all versions up to, and including, 1.0.49 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

4.4CVSS6AI score0.00042EPSS

Exploits0References5

Vulnrichment•added 2026/02/14 4:35 a.m.•3 views

CVE-2026-2027 AMP Enhancer <= 1.0.49 - Authenticated (Administrator+) Stored Cross-Site Scripting via AMP Custom CSS Setting

4.4CVSS5.7AI score0.00042EPSS

Positive Technologies•added 2026/02/14 12:0 a.m.•5 views

PT-2026-8054

4.4CVSS5.7AI score0.00042EPSS

Exploits0References5

Positive Technologies•added 2026/02/14 12:0 a.m.•3 views

PT-2026-8065

The User Language Switch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tab color picker language switch' parameter in all versions up to, and including, 1.6.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.4CVSS5.6AI score0.00039EPSS