Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

122 matches found

CVE
CVEadded 2026/03/21 3:26 a.m.7 views

CVE-2026-1647

CVE-2026-1647 affects the WordPress plugin Comment Genius prior to 1.2.6 (all versions up to and including 1.2.5). The root cause is insufficient input sanitization and output escaping for the Reflected Cross-Site Scripting vulnerability via the $_SERVER['PHP_SELF'] parameter. This enables unauth...

6.1CVSS6AI score0.00265EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/03/21 3:26 a.m.26 views

CVE-2026-1647 Comment Genius <= 1.2.5 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']

The Comment Genius plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...

6.1CVSS0.00265EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/02/07 8:26 a.m.29 views

CVE-2026-1634 Subitem AL Slider <= 1.0.0 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']

The Subitem AL Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.00264EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/02/07 8:26 a.m.6 views

CVE-2026-1634

The Subitem AL Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS5.6AI score0.00264EPSS
Exploits0References5
EUVD
EUVDadded 2026/02/07 8:26 a.m.5 views

EUVD-2026-5743

The Subitem AL Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS5.6AI score0.00264EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/02/05 9:13 a.m.33 views

CVE-2026-1654 Peter's Date Countdown <= 2.0.0 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']

The Peter's Date Countdown plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.00293EPSS
Exploits0References3
EUVD
EUVDadded 2026/02/05 9:13 a.m.8 views

EUVD-2026-5549

The Peter's Date Countdown plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS5.6AI score0.00293EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/01/29 3:18 p.m.9 views

CVE-2026-1391

The Vzaar Media Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on the $SERVER'PHPSELF' variable. This makes it possible for unauthenticated attackers to inject...

5.3CVSS6AI score0.00253EPSS
Exploits0References1
NVD
NVDadded 2026/01/28 12:15 p.m.6 views

CVE-2026-1391

The Vzaar Media Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on the $SERVER'PHPSELF' variable. This makes it possible for unauthenticated attackers to inject...

5.3CVSS0.00253EPSS
Exploits0References3
EUVD
EUVDadded 2026/01/28 11:23 a.m.8 views

EUVD-2026-4923

The Vzaar Media Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on the $SERVER'PHPSELF' variable. This makes it possible for unauthenticated attackers to inject...

5.3CVSS6AI score0.00253EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/01/28 12:0 a.m.3 views

PT-2026-5096

The Vzaar Media Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on the $ SERVER'PHP SELF' variable. This makes it possible for unauthenticated attackers to inject...

5.3CVSS6AI score0.00253EPSS
Exploits0References4
Patchstack
Patchstackadded 2026/01/26 6:55 a.m.6 views

WordPress JustClick registration plugin plugin <= 0.1 - Reflected Cross-Site Scripting via PHP_SELF vulnerability

Reflected Cross-Site Scripting via PHPSELF vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin JustClick registration plugin versions = 0.1...

6.1CVSS5.9AI score0.00255EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologiesadded 2026/01/24 12:0 a.m.5 views

PT-2026-4567

The JustClick registration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on the PHP SELF server variable. This makes it possible for unauthenticated attackers to...

6.1CVSS5.8AI score0.00255EPSS
Exploits0References4
CNNVD
CNNVDadded 2026/01/24 12:0 a.m.5 views

WordPress plugin JustClick registration: cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.1CVSS5.7AI score0.00255EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2026/01/13 10:53 p.m.7 views

CVE-2025-13701

The Shabat Keeper plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 0.4.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

6.1CVSS5.6AI score0.00255EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/01/13 10:53 p.m.4 views

CVE-2025-13892

The MG AdvancedOptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS5.6AI score0.00261EPSS
Exploits0References1
NVD
NVDadded 2026/01/09 12:15 p.m.6 views

CVE-2025-13892

The MG AdvancedOptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.00261EPSS
Exploits0References3
NVD
NVDadded 2026/01/09 12:15 p.m.9 views

CVE-2025-13893

The Lesson Plan Book plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

6.1CVSS0.00215EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/01/09 11:15 a.m.30 views

CVE-2025-13892 MG AdvancedOptions <= 1.2 - Reflected Cross-Site Scripting

The MG AdvancedOptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.00261EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/01/09 11:15 a.m.5 views

CVE-2025-13893 Lesson Plan Book <= 1.3 - Reflected Cross-Site Scripting

The Lesson Plan Book plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

6.1CVSS5.3AI score0.00215EPSS
Exploits0References4
Rows per page
Query Builder