Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3456 matches found

CVE
CVEadded 2026/01/24 8:26 a.m.13 views

CVE-2026-1302

CVE-2026-1302 — Meta-box GalleryMeta (WordPress) is a stored cross-site scripting (XSS) vulnerability affecting versions up to 3.0.1 via admin/settings input, exploitable by authenticated users with Editor+ privileges. Impact is limited to multisite installs and sites where unfiltered_html is dis...

4.4CVSS5.7AI score0.00046EPSS
Exploits1References6
Vulnrichment
Vulnrichmentadded 2026/01/24 8:26 a.m.1 views

CVE-2026-1266 Postalicious <= 3.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings

The Postalicious plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.4CVSS5.9AI score0.00072EPSS
Exploits0References9
CVE
CVEadded 2026/01/24 8:26 a.m.13 views

CVE-2026-1266

CVE-2026-1266 pertains to the WordPress plugin Postalicious, where versions up to and including 3.0.1 are vulnerable to an authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings. The flaw arises from insufficient input sanitization and output escaping, enabling an admin wi...

4.4CVSS5.7AI score0.00072EPSS
Exploits0References9
ATTACKERKB
ATTACKERKBadded 2026/01/24 8:26 a.m.1 views

CVE-2026-1266

The Postalicious plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.4CVSS5.9AI score0.00072EPSS
Exploits0References10
NVD
NVDadded 2026/01/24 8:16 a.m.1 views

CVE-2026-1084

The Cookie consent for developers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple settings fields in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.00015EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/01/24 7:26 a.m.29 views

CVE-2026-1084 Cookie consent for developers <= 1.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Multiple Settings Fields

The Cookie consent for developers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple settings fields in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.00015EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/01/24 7:26 a.m.2 views

CVE-2026-1084 Cookie consent for developers <= 1.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Multiple Settings Fields

The Cookie consent for developers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple settings fields in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.9AI score0.00015EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/01/24 7:26 a.m.2 views

CVE-2026-1084

The Cookie consent for developers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple settings fields in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.9AI score0.00015EPSS
Exploits0References6
CVE
CVEadded 2026/01/24 7:26 a.m.14 views

CVE-2026-1084

CVE-2026-1084 concerns the WordPress plugin “Cookie consent for developers.” The vulnerability is a Stored Cross-Site Scripting (XSS) via multiple settings fields in all versions up to 1.7.1, caused by insufficient input sanitization and output escaping. Impact is limited to sites using multisite...

4.4CVSS5.7AI score0.00015EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/01/24 12:0 a.m.3 views

PT-2026-4597

The Postalicious plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.4CVSS5.7AI score0.00072EPSS
Exploits0References10
Positive Technologies
Positive Technologiesadded 2026/01/24 12:0 a.m.3 views

PT-2026-4598

The Meta-box GalleryMeta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions a...

4.4CVSS5.7AI score0.00046EPSS
Exploits1References6
Positive Technologies
Positive Technologiesadded 2026/01/24 12:0 a.m.3 views

PT-2026-4582

The Cookie consent for developers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple settings fields in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.7AI score0.00015EPSS
Exploits0References6
RedhatCVE
RedhatCVEadded 2026/01/21 6:33 a.m.13 views

CVE-2026-1045

The Viet contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.4CVSS5.7AI score0.00039EPSS
Exploits0References1
NVD
NVDadded 2026/01/20 6:16 a.m.2 views

CVE-2026-1045

The Viet contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.4CVSS0.00039EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/01/20 5:30 a.m.1 views

CVE-2026-1045

The Viet contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.4CVSS5.5AI score0.00039EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/01/20 5:30 a.m.22 views

CVE-2026-1045 Viet contact <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'll1', 'll2', 'll3', and 'll4' Parameters

The Viet contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.4CVSS0.00039EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/01/20 5:30 a.m.2 views

CVE-2026-1045 Viet contact <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'll1', 'll2', 'll3', and 'll4' Parameters

The Viet contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.4CVSS5.7AI score0.00039EPSS
Exploits0References3
CVE
CVEadded 2026/01/20 5:30 a.m.16 views

CVE-2026-1045

CVE-2026-1045 : The Viet contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to 1.3.2. The issue arises from insufficient input sanitization and output escaping, allowing an authenticated attacker with administrator-level permissions (an...

4.4CVSS5.7AI score0.00039EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/01/20 12:0 a.m.3 views

PT-2026-3538

The Viet contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.4CVSS5.7AI score0.00039EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2026/01/18 7:18 a.m.12 views

CVE-2026-0691

The CM E-Mail Blacklist – Simple email filtering for safer registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blackemail' parameter in all versions up to, and including, 1.6.2. This is due to insufficient input sanitization and output escaping. This makes it...

4.4CVSS5AI score0.00051EPSS
Exploits0References1
Rows per page
Query Builder