Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

224641 matches found

EUVD
EUVDadded 2026/06/02 7:48 a.m.12 views

EUVD-2026-33891

The hiWeb Migration Simple plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'newdomain' parameter in all versions up to, and including, 2.0.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6AI score0.00208EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/06/02 7:48 a.m.10 views

CVE-2026-2425 hiWeb Migration Simple <= 2.0.0.1 - Reflected Cross-Site Scripting via 'new_domain' Parameter

The hiWeb Migration Simple plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'newdomain' parameter in all versions up to, and including, 2.0.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6AI score0.00208EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/06/02 7:48 a.m.7 views

CVE-2026-8885

The DeMomentSomTres Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'callout' shortcode in all versions up to, and including, 1.1.1. This is due to insufficient input sanitization and output escaping on the 'width' and 'align' shortcode attributes...

6.4CVSS6AI score0.00181EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/06/02 7:48 a.m.8 views

CVE-2026-8885 DeMomentSomTres Shortcodes <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The DeMomentSomTres Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'callout' shortcode in all versions up to, and including, 1.1.1. This is due to insufficient input sanitization and output escaping on the 'width' and 'align' shortcode attributes...

6.4CVSS6AI score0.00181EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/06/02 7:48 a.m.8 views

CVE-2026-2425

The hiWeb Migration Simple plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'newdomain' parameter in all versions up to, and including, 2.0.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6AI score0.00208EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/06/02 7:48 a.m.9 views

CVE-2026-4080

The Easy Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'addtocart' shortcode in all versions up to and including 1.8. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Specifically, the ectpaddtocart function...

6.4CVSS6AI score0.00243EPSS
Exploits0References16
Cvelist
Cvelistadded 2026/06/02 7:48 a.m.37 views

CVE-2026-4080 Easy Cart <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Easy Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'addtocart' shortcode in all versions up to and including 1.8. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Specifically, the ectpaddtocart function...

6.4CVSS0.00243EPSS
Exploits0References15
Vulnrichment
Vulnrichmentadded 2026/06/02 7:48 a.m.9 views

CVE-2026-4080 Easy Cart <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Easy Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'addtocart' shortcode in all versions up to and including 1.8. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Specifically, the ectpaddtocart function...

6.4CVSS6AI score0.00243EPSS
Exploits0References15
EUVD
EUVDadded 2026/06/02 7:48 a.m.12 views

EUVD-2026-33892

The Easy Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'addtocart' shortcode in all versions up to and including 1.8. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Specifically, the ectpaddtocart function...

6.4CVSS6AI score0.00243EPSS
Exploits0References15
CVE
CVEadded 2026/06/02 7:48 a.m.17 views

CVE-2026-4080

The CVE concerns the WordPress Easy Cart plugin (versions ≤ 1.8). The vulnerability is Stored Cross-Site Scripting via the add_to_cart shortcode attributes, due to insufficient input sanitization and output escaping in ectp_add_to_cart(). Specifically, sanitize_text_field() is applied to shortcod...

6.4CVSS6AI score0.00243EPSS
Exploits0References15
CVE
CVEadded 2026/06/02 7:48 a.m.17 views

CVE-2026-2425

The WordPress plugin hiWeb Migration Simple (WordPress) is affected by a Reflected Cross-Site Scripting (XSS) vulnerability via the new_domain parameter in all versions up to 2.0.0.1. Root cause: insufficient input sanitization and output escaping. Impact: unauthenticated attackers can lure an ad...

6.1CVSS6AI score0.00208EPSS
Exploits0References3
EUVD
EUVDadded 2026/06/02 7:48 a.m.11 views

EUVD-2025-210029

The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blogrolelink’ parameter in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.5CVSS6AI score0.00201EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/06/02 7:48 a.m.39 views

CVE-2026-9723 Google Plus One Bottom <= 0.0.2 - Cross-Site Request Forgery to Plugin Settings Update via Settings Page

The Google Plus One Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.2. This is due to missing or incorrect nonce validation on the googlePlusOneAdmin function. This makes it possible for unauthenticated attackers to modify the...

4.3CVSS0.00128EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/06/02 7:48 a.m.7 views

CVE-2026-9723

The Google Plus One Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.2. This is due to missing or incorrect nonce validation on the googlePlusOneAdmin function. This makes it possible for unauthenticated attackers to modify the...

4.3CVSS5.7AI score0.00128EPSS
Exploits0References5
EUVD
EUVDadded 2026/06/02 7:48 a.m.10 views

EUVD-2026-33890

The Google Plus One Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.2. This is due to missing or incorrect nonce validation on the googlePlusOneAdmin function. This makes it possible for unauthenticated attackers to modify the...

4.3CVSS5.7AI score0.00128EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/06/02 7:48 a.m.42 views

CVE-2025-5085 wp-nano-ad <= 1.31 - Authenticated (Administrator+) Stored Cross-Site Scripting via blogrole_link Parameter

The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blogrolelink’ parameter in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.5CVSS0.00201EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/06/02 7:48 a.m.10 views

CVE-2025-5085 wp-nano-ad <= 1.31 - Authenticated (Administrator+) Stored Cross-Site Scripting via blogrole_link Parameter

The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blogrolelink’ parameter in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.5CVSS6AI score0.00201EPSS
Exploits0References4
CVE
CVEadded 2026/06/02 7:48 a.m.13 views

CVE-2026-9723

CVE-2026-9723 affects the WordPress plugin Google Plus One Bottom (versions

4.3CVSS5.7AI score0.00128EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/06/02 7:48 a.m.9 views

CVE-2026-9723 Google Plus One Bottom <= 0.0.2 - Cross-Site Request Forgery to Plugin Settings Update via Settings Page

The Google Plus One Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.2. This is due to missing or incorrect nonce validation on the googlePlusOneAdmin function. This makes it possible for unauthenticated attackers to modify the...

4.3CVSS5.7AI score0.00128EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/06/02 7:48 a.m.7 views

CVE-2025-5085

The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blogrolelink’ parameter in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.5CVSS6AI score0.00201EPSS
Exploits0References5
Rows per page
Query Builder