Lucene search
K

20128 matches found

NVD
NVD
added 2026/02/07 9:16 a.m.11 views

CVE-2026-1643

The MP-Ukagaka plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if...

6.1CVSS0.00264EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/07 8:26 a.m.7 views

EUVD-2026-5737

The Wikiloops Track Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wikiloops shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.6AI score0.0019EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/07 8:26 a.m.25 views

CVE-2026-0555 Premmerce <= 1.3.20 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'premmerce_wizard_actions' AJAX Endpoint

The Premmerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premmercewizardactions' AJAX endpoint in all versions up to, and including, 1.3.20. This is due to missing capability checks and insufficient input sanitization and output escaping on the state parameter. Thi...

6.4CVSS0.00244EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/02/07 7:22 a.m.5 views

CVE-2026-1401

The Tune Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via CSV import in all versions up to, and including, 1.6.3. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.4CVSS5.6AI score0.00235EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/07 5:52 a.m.4 views

CVE-2025-12159

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btbbrawcontent shortcode in all versions up to, and including, 5.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.6AI score0.00205EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/07 5:52 a.m.3 views

CVE-2025-12159 Bold Page Builder <= 5.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btbbrawcontent shortcode in all versions up to, and including, 5.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.7AI score0.00205EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/07 5:52 a.m.4 views

EUVD-2025-206895

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Grid component in all versions up to, and including, 5.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access...

6.4CVSS5.6AI score0.00245EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/07 5:52 a.m.4 views

CVE-2025-12803

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin 'btbbtabs' shortcode in all versions up to, and including, 5.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.6AI score0.00245EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/07 12:0 a.m.7 views

PT-2026-6878

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin 'bt bb tabs' shortcode in all versions up to, and including, 5.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

6.4CVSS5.7AI score0.00245EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/07 12:0 a.m.10 views

PT-2026-6893

Name of the Vulnerable Software and Affected Versions Wonka Slide versions up to and including 1.3.3 Description The Wonka Slide plugin for WordPress is susceptible to Stored Cross-Site Scripting through the list class shortcode. Insufficient input sanitization and output escaping on user-supplie...

6.4CVSS5.7AI score0.0019EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/07 12:0 a.m.7 views

WordPress plugin Wonka Slide 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.4CVSS5.8AI score0.0019EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/06 4:41 p.m.4 views

CVE-2019-25301 thrsrossi Millhouse-Project 1.414 - 'content' Persistent Cross-Site Scripting

Millhouse-Project 1.414 contains a persistent cross-site scripting vulnerability in the comment submission functionality that allows attackers to inject malicious scripts. Attackers can post comments with embedded JavaScript through the 'content' parameter in addcommentsql.php to execute arbitrar...

6.4CVSS5.4AI score0.00217EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/06 1:30 p.m.7 views

CVE-2026-1654

The Peter's Date Countdown plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS5.6AI score0.00293EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/06 6:46 a.m.6 views

EUVD-2026-5615

The Docus – YouTube Video Playlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'docusplaylist' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.6AI score0.00235EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/02/06 5:13 a.m.162 views

Exploit for CVE-2025-66478

Vulnerable Mall Next.js Red/Blue Team Training Target Vul...

7AI score
Exploits111
OSV
OSV
added 2026/02/06 1:15 a.m.6 views

CVE-2026-1971

A vulnerability has been found in Edimax BR-6288ACL up to 1.12. Impacted is the function wizWISP24gmanual of the file wizWISP24gmanual.asp. Such manipulation of the argument manualssid leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public...

4.8CVSS3.9AI score0.00223EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.7 views

WordPress plugin Employee Directory 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.8AI score0.00235EPSS
Exploits0References5
CVE
CVE
added 2026/02/05 9:13 a.m.20 views

CVE-2026-1654

The Peter’s Date Countdown plugin for WordPress (versions ≤ 2.0.0) is affected by a Reflected Cross‑Site Scripting flaw exposed via the PHP_SELF server parameter. This allows unauthenticated attackers to inject scripts into pages that run when a user is tricked into performing an action (e.g., cl...

6.1CVSS5.6AI score0.00293EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/05 9:13 a.m.9 views

EUVD-2026-5549

The Peter's Date Countdown plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS5.6AI score0.00293EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/05 6:47 a.m.4 views

CVE-2026-1268 Dynamic Widget Content <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Content Field

The Dynamic Widget Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget content field in the Gutenberg editor sidebar in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes ...

6.4CVSS5.6AI score0.00288EPSS
Exploits0References4
Rows per page
Query Builder