Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3476 matches found

Cvelist
Cvelistadded 2026/02/14 6:42 a.m.22 views

CVE-2025-15483 Link Hopper <= 2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'hop_name' Parameter

The Link Hopper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hopname’ parameter in all versions up to, and including, 2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, ...

4.4CVSS0.00206EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/02/14 6:42 a.m.3 views

CVE-2025-15483

The Link Hopper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hopname’ parameter in all versions up to, and including, 2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, ...

4.4CVSS5.7AI score0.00206EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/02/14 6:42 a.m.2 views

CVE-2026-0735 User Language Switch <= 1.6.10 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'tab_color_picker_language_switch' Parameter

The User Language Switch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tabcolorpickerlanguageswitch' parameter in all versions up to, and including, 1.6.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS5.7AI score0.00237EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/02/14 6:42 a.m.2 views

CVE-2026-0735

The User Language Switch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tabcolorpickerlanguageswitch' parameter in all versions up to, and including, 1.6.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS5.6AI score0.00237EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/02/14 6:42 a.m.3 views

CVE-2025-15483 Link Hopper <= 2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'hop_name' Parameter

The Link Hopper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hopname’ parameter in all versions up to, and including, 2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, ...

4.4CVSS5.7AI score0.00206EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/02/14 6:42 a.m.34 views

CVE-2026-0735 User Language Switch <= 1.6.10 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'tab_color_picker_language_switch' Parameter

The User Language Switch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tabcolorpickerlanguageswitch' parameter in all versions up to, and including, 1.6.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS0.00237EPSS
Exploits0References3
CVE
CVEadded 2026/02/14 6:42 a.m.24 views

CVE-2026-0735

CVE-2026-0735 affects WordPress plugin User Language Switch (versions ≤ 1.6.10). The vulnerability is a Stored Cross‑Site Scripting flaw exposed via the tab_color_picker_language_switch parameter, arising from insufficient input sanitization and output escaping. It is exploitable by authenticated...

4.4CVSS5.7AI score0.00237EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/02/14 6:42 a.m.1 views

CVE-2026-0693 Allow HTML in Category Descriptions <= 1.2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Category Descriptions

The Allow HTML in Category Descriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via category descriptions in all versions up to, and including, 1.2.4. This is due to the plugin unconditionally removing the wpksesdata output filter for termdescription, linkdescription,...

4.4CVSS5.7AI score0.00237EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/02/14 6:42 a.m.4 views

CVE-2026-0693

The Allow HTML in Category Descriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via category descriptions in all versions up to, and including, 1.2.4. This is due to the plugin unconditionally removing the wpksesdata output filter for termdescription, linkdescription,...

4.4CVSS5.7AI score0.00237EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/02/14 4:35 a.m.3 views

CVE-2026-2027

The AMP Enhancer – Compatibility Layer for Official AMP Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AMP Custom CSS setting in all versions up to, and including, 1.0.49 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

4.4CVSS6AI score0.00202EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/02/14 4:35 a.m.3 views

CVE-2026-2027 AMP Enhancer <= 1.0.49 - Authenticated (Administrator+) Stored Cross-Site Scripting via AMP Custom CSS Setting

The AMP Enhancer – Compatibility Layer for Official AMP Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AMP Custom CSS setting in all versions up to, and including, 1.0.49 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

4.4CVSS5.7AI score0.00202EPSS
Exploits0References4
CVE
CVEadded 2026/02/14 4:35 a.m.13 views

CVE-2026-2027

CVE-2026-2027 concerns the AMP Enhancer – Compatibility Layer for Official AMP Plugin (WordPress). Affected: AMP Enhancer, all versions up to and including 1.0.49. Root cause: insufficient input sanitization and output escaping on AMP Custom CSS attributes. Impact: Stored Cross-Site Scripting (XS...

4.4CVSS5.7AI score0.00202EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/02/14 12:0 a.m.5 views

PT-2026-8065

The User Language Switch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tab color picker language switch' parameter in all versions up to, and including, 1.6.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.4CVSS5.6AI score0.00237EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/02/14 12:0 a.m.7 views

PT-2026-8054

The AMP Enhancer – Compatibility Layer for Official AMP Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AMP Custom CSS setting in all versions up to, and including, 1.0.49 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

4.4CVSS5.7AI score0.00202EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2026/02/05 1:22 p.m.4 views

CVE-2026-0681

The Extended Random Number Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.5AI score0.0025EPSS
Exploits0References1
NVD
NVDadded 2026/02/04 9:15 a.m.7 views

CVE-2026-0681

The Extended Random Number Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.0025EPSS
Exploits0References3
CVE
CVEadded 2026/02/04 8:25 a.m.17 views

CVE-2026-0681

The CVE-2026-0681 entry concerns the WordPress plugin Extended Random Number Generator, affected versions up to 1.1. It is vulnerable to Stored Cross-Site Scripting via the plugin settings, caused by insufficient input sanitization and output escaping. Authenticated attackers with administrator-l...

4.4CVSS5.5AI score0.0025EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/02/04 8:25 a.m.30 views

CVE-2026-0681 Extended Random Number Generator <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings

The Extended Random Number Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.0025EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/02/04 8:25 a.m.5 views

CVE-2026-0681

The Extended Random Number Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.5AI score0.0025EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/02/04 8:25 a.m.3 views

CVE-2026-0681 Extended Random Number Generator <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings

The Extended Random Number Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.5AI score0.0025EPSS
Exploits0References3
Rows per page
Query Builder