224043 matches found
CVE-2026-8904 FastPicker, an order picker and order management system (oms) for WooCommerce on steroids <= 1.0.2 - Cross-Site Request Forgery via Settings Save
The FastPicker, an order picker and order management system oms for WooCommerce on steroids plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the settingsPage function. This makes i...
CVE-2026-10553 jQuery Hover Footnotes <= 1.4 - Cross-Site Request Forgery to Plugin Settings Update
The jQuery Hover Footnotes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the jqFootnotesoptionssubpanel function. This makes it possible for unauthenticated attackers to update th...
CVE-2026-11603 Product Filter Widget for Elementor <= 1.0.6 - Reflected Cross-Site Scripting via 'args[filterFormArray]' Parameter
The Product Filter Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via 'argsfilterFormArray' Parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
EUVD-2026-35315
The FastPicker, an order picker and order management system oms for WooCommerce on steroids plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the settingsPage function. This makes i...
EUVD-2026-35316
The Product Filter Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via 'argsfilterFormArray' Parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
CVE-2026-8904 FastPicker, an order picker and order management system (oms) for WooCommerce on steroids <= 1.0.2 - Cross-Site Request Forgery via Settings Save
The FastPicker, an order picker and order management system oms for WooCommerce on steroids plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the settingsPage function. This makes i...
CVE-2026-10553
CVE-2026-10553 affects the WordPress plugin jquery-hover-footnotes (≤ 1.4) . The root cause is missing/incorrect nonce validation in the jqFootnotes_options_subpanel function, enabling unauthenticated actors to update the plugin’s settings. Updated option values (e.g., jqfoot_anchor_open, jqfoot_...
CVE-2026-11603 Product Filter Widget for Elementor <= 1.0.6 - Reflected Cross-Site Scripting via 'args[filterFormArray]' Parameter
The Product Filter Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via 'argsfilterFormArray' Parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
EUVD-2026-35314
The jQuery Hover Footnotes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the jqFootnotesoptionssubpanel function. This makes it possible for unauthenticated attackers to update th...
CVE-2026-10553 jQuery Hover Footnotes <= 1.4 - Cross-Site Request Forgery to Plugin Settings Update
The jQuery Hover Footnotes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the jqFootnotesoptionssubpanel function. This makes it possible for unauthenticated attackers to update th...
CVE-2026-10738 jQuery Hover Footnotes <= 1.4 - Authenticated (Author+) Stored Cross-Site Scripting via Footnote Qualifier ('{{...}}' Syntax)
The jQuery Hover Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Footnote Qualifier '...' Syntax in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-10738
The CVE concerns the WordPress plugin jQuery Hover Footnotes, vulnerable in all versions up to 1.4. The root cause is insufficient input sanitization and output escaping in the Footnote Qualifier using a {{...}} syntax, enabling Stored XSS for authenticated users with author-level access and abov...
CVE-2026-8882 WP ApplicantStack Jobs Display <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The WP ApplicantStack Jobs Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-8882
CVE-2026-8882 affects the WP ApplicantStack Jobs Display WordPress plugin (versions up to 1.1.1). The vulnerability is a Stored Cross-Site Scripting via Shortcode Attributes caused by insufficient input sanitization and output escaping, exploitable by authenticated users with contributor-level ac...
CVE-2026-8882 WP ApplicantStack Jobs Display <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The WP ApplicantStack Jobs Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-8910 WP Emoticon Rating <= 1.0.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting via 'emo_settings' Parameter
The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web...
EUVD-2026-35313
The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web...
CVE-2026-8910 WP Emoticon Rating <= 1.0.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting via 'emo_settings' Parameter
The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web...
CVE-2026-8910
The CVE refers to the WordPress plugin WP Emoticon Rating (versions
CVE-2026-8977 WP GDPR Cookie Consent <= 1.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'ninja_gdpr_ajax_actions' AJAX Action
The WP GDPR Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ninjagdprajaxactions' AJAX action in versions up to, and including, 1.0.0. This is due to missing capability and nonce checks on the handleAjaxCalls function, combined with insufficient input...