Lucene search
K

6 matches found

NVD
NVD
added 2026/03/25 2:16 a.m.11 views

CVE-2026-4766

The Easy Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Gallery shortcode post meta field in all versions up to, and including, 1.5.3. This is due to insufficient input sanitization and output escaping on user-supplied gallery shortcode values. This makes ...

6.4CVSS0.00187EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/14 6:42 a.m.32 views

CVE-2026-0736 Chatbot for WordPress by Collect.chat ⚡️ <= 2.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta Field

The Chatbot for WordPress by Collect.chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'inpostheadscriptsynthheaderscript' post meta field in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping. This makes it possible fo...

6.4CVSS0.00255EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/02/14 6:42 a.m.3 views

CVE-2026-0736 Chatbot for WordPress by Collect.chat ⚡️ <= 2.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta Field

The Chatbot for WordPress by Collect.chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'inpostheadscriptsynthheaderscript' post meta field in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping. This makes it possible fo...

6.4CVSS5.7AI score0.00255EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/02/14 6:42 a.m.8 views

CVE-2026-0736

The Chatbot for WordPress by Collect.chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'inpostheadscriptsynthheaderscript' post meta field in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping. This makes it possible fo...

6.4CVSS5.7AI score0.00255EPSS
Exploits0References6
CVE
CVE
added 2026/02/14 6:42 a.m.25 views

CVE-2026-0736

CVE-2026-0736 describes a stored cross-site scripting vulnerability in the WordPress plugin “Chatbot for WordPress by Collect.chat” for versions up to 2.4.8. The root cause is insufficient input sanitization and output escaping in the post meta field _inpost_head_script[synth_header_script]. Expl...

6.4CVSS5.7AI score0.00255EPSS
Exploits0References6
WPVulnDB
WPVulnDB
added 2023/05/25 12:0 a.m.16 views

Google Map Shortcode <= 3.1.2 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin PoC Note: The...

5.4CVSS8.3AI score0.00444EPSS
Exploits2Affected Software1
Rows per page
Query Builder