Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3476 matches found

ATTACKERKB
ATTACKERKBadded 2026/04/23 6:0 a.m.3 views

CVE-2026-4512

The reCaptcha by WebDesignBy WordPress plugin before 2.0 does not sanitize or escape the Site Key setting before outputting it in a JavaScript string context via the grecaptchajs function. This allows administrators on multisite installations who do not have the unfilteredhtml capability to injec...

5.9AI score0.002EPSS
Exploits0References1
CVE
CVEadded 2026/04/23 6:0 a.m.13 views

CVE-2026-4512

The CVE-2026-4512 entry concerns the WordPress plugin “reCaptcha by WebDesignBy” (before version 2.0). The root cause is the plugin’s Site Key setting not being sanitized/escaped before being output in a JavaScript string context via grecaptcha_js(), enabling stored XSS on multisite installations...

3.5CVSS5.9AI score0.002EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/04/23 12:0 a.m.5 views

PT-2026-34643

Name of the Vulnerable Software and Affected Versions reCaptcha by WebDesignBy WordPress plugin versions prior to 2.0 Description The plugin fails to sanitize or escape the Site Key setting before it is output within a JavaScript string context through the grecaptcha js function. This allows...

3.5CVSS6AI score0.002EPSS
Exploits0References4
EUVD
EUVDadded 2026/04/22 9:31 p.m.1 views

EUVD-2026-22776

The List View Google Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the event description in all versions up to, and including, 7.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.9AI score0.00221EPSS
Exploits0References3
EUVD
EUVDadded 2026/04/22 9:31 a.m.2 views

EUVD-2026-24638

The Private WP suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Exceptions' setting in all versions up to, and including, 0.4.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.8AI score0.0029EPSS
Exploits0References4
EUVD
EUVDadded 2026/04/22 9:31 a.m.4 views

EUVD-2026-24642

The Short Comment Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Minimum Count' settings field in all versions up to and including 2.2. This is due to insufficient input sanitization no sanitize callback on registersetting and missing output escaping no escattr ...

4.4CVSS5.9AI score0.00373EPSS
Exploits0References10
EUVD
EUVDadded 2026/04/22 9:31 a.m.4 views

EUVD-2026-24635

The Real Estate Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...

5.5CVSS5.8AI score0.00241EPSS
Exploits0References3
EUVD
EUVDadded 2026/04/22 9:31 a.m.1 views

EUVD-2026-24636

The Institute Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Enquiry Form Title' setting in all versions up to, and including, 5.5. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.8AI score0.0029EPSS
Exploits0References4
EUVD
EUVDadded 2026/04/22 9:31 a.m.2 views

EUVD-2026-24634

The HTTP Headers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.19.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...

4.4CVSS5.8AI score0.0029EPSS
Exploits0References4
NVD
NVDadded 2026/04/22 9:16 a.m.3 views

CVE-2026-3362

The Short Comment Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Minimum Count' settings field in all versions up to and including 2.2. This is due to insufficient input sanitization no sanitize callback on registersetting and missing output escaping no escattr ...

4.4CVSS0.00373EPSS
Exploits0References9
NVD
NVDadded 2026/04/22 9:16 a.m.2 views

CVE-2026-2714

The Institute Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Enquiry Form Title' setting in all versions up to, and including, 5.5. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.0029EPSS
Exploits0References3
NVD
NVDadded 2026/04/22 9:16 a.m.4 views

CVE-2026-1379

The HTTP Headers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.19.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...

4.4CVSS0.0029EPSS
Exploits0References3
CVE
CVEadded 2026/04/22 7:45 a.m.5 views

CVE-2026-2719

Vulnerability summary: The Private WP suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Exceptions' setting in all versions up to 0.4.1 due to insufficient input sanitization and output escaping. Attack requirements: Authenticated attackers with Administrator-level ...

4.4CVSS5.8AI score0.0029EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/04/22 7:45 a.m.1 views

CVE-2026-2719 Private WP suite <= 0.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Exceptions' Setting

The Private WP suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Exceptions' setting in all versions up to, and including, 0.4.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.8AI score0.0029EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/04/22 7:45 a.m.1 views

CVE-2026-2719

The Private WP suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Exceptions' setting in all versions up to, and including, 0.4.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.8AI score0.0029EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/04/22 7:45 a.m.28 views

CVE-2026-2719 Private WP suite <= 0.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Exceptions' Setting

The Private WP suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Exceptions' setting in all versions up to, and including, 0.4.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.0029EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/04/22 7:45 a.m.3 views

CVE-2026-3362 Short Comment Filter <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Minimum Count' Setting

The Short Comment Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Minimum Count' settings field in all versions up to and including 2.2. This is due to insufficient input sanitization no sanitize callback on registersetting and missing output escaping no escattr ...

4.4CVSS5.9AI score0.00373EPSS
Exploits0References9
CVE
CVEadded 2026/04/22 7:45 a.m.9 views

CVE-2026-3362

The CVE-2026-3362 entry affects the WordPress Short Comment Filter plugin (versions up to 2.2). The vulnerability is a Stored Cross-Site Scripting (Stored XSS) via the Minimum Count settings field. Root cause: insufficient input sanitization (no sanitize callback on register_setting) and missing ...

4.4CVSS5.9AI score0.00373EPSS
Exploits0References9
ATTACKERKB
ATTACKERKBadded 2026/04/22 7:45 a.m.3 views

CVE-2026-3362

The Short Comment Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Minimum Count' settings field in all versions up to and including 2.2. This is due to insufficient input sanitization no sanitize callback on registersetting and missing output escaping no escattr ...

4.4CVSS5.9AI score0.00373EPSS
Exploits0References10
Vulnrichment
Vulnrichmentadded 2026/04/22 7:45 a.m.1 views

CVE-2026-2714 Institute Management <= 5.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Enquiry Form Title' Setting

The Institute Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Enquiry Form Title' setting in all versions up to, and including, 5.5. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.8AI score0.0029EPSS
Exploits0References3
Rows per page
Query Builder