Lucene search
K

1416 matches found

EUVD
EUVD
added 2026/04/22 9:31 a.m.6 views

EUVD-2026-24654

The Twittee Text Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute in all versions up to and including 1.0.8. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The ttttwitteetweeter...

6.4CVSS5.9AI score0.00288EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/22 9:31 a.m.5 views

EUVD-2026-24646

The Slider Bootstrap Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'category' and 'template' shortcode attributes in all versions up to and including 1.0.7. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attribute...

6.4CVSS5.9AI score0.00378EPSS
Exploits0References14
NVD
NVD
added 2026/04/22 9:16 a.m.5 views

CVE-2026-4076

The Slider Bootstrap Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'category' and 'template' shortcode attributes in all versions up to and including 1.0.7. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attribute...

6.4CVSS0.00378EPSS
Exploits0References13
NVD
NVD
added 2026/04/22 9:16 a.m.8 views

CVE-2026-4074

The Quran Live Multilanguage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cheikh' and 'lang' shortcode attributes in all versions up to, and including, 1.0.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Th...

6.4CVSS0.00378EPSS
Exploits0References13
Cvelist
Cvelist
added 2026/04/22 7:45 a.m.28 views

CVE-2026-4074 Quran Live Multilanguage <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Quran Live Multilanguage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cheikh' and 'lang' shortcode attributes in all versions up to, and including, 1.0.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Th...

6.4CVSS0.00378EPSS
Exploits0References13
CVE
CVE
added 2026/04/22 7:45 a.m.14 views

CVE-2026-4074

CVE-2026-4074 affects the WordPress plugin Quran Live Multilanguage (versions up to 1.0.3). The issue is a Stored XSS via the shortcodes cheikh and lang due to insufficient sanitization and direct echo into JavaScript context inside [removed] blocks from quran_live_render()/Render_Quran_Live::ren...

6.4CVSS5.9AI score0.00378EPSS
Exploits0References13
ATTACKERKB
ATTACKERKB
added 2026/04/22 7:45 a.m.4 views

CVE-2026-4074

The Quran Live Multilanguage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cheikh' and 'lang' shortcode attributes in all versions up to, and including, 1.0.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Th...

6.4CVSS5.7AI score0.00378EPSS
Exploits0References14
Vulnrichment
Vulnrichment
added 2026/04/22 7:45 a.m.3 views

CVE-2026-4074 Quran Live Multilanguage <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Quran Live Multilanguage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cheikh' and 'lang' shortcode attributes in all versions up to, and including, 1.0.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Th...

6.4CVSS5.9AI score0.00378EPSS
Exploits0References13
Vulnrichment
Vulnrichment
added 2026/04/22 7:45 a.m.3 views

CVE-2026-4125 WPMK Block <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The WPMK Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to and including 1.0.1. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Specifically, in the...

6.4CVSS5.9AI score0.00288EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/22 7:45 a.m.4 views

CVE-2026-4076

The Slider Bootstrap Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'category' and 'template' shortcode attributes in all versions up to and including 1.0.7. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attribute...

6.4CVSS5.9AI score0.00378EPSS
Exploits0References14
Cvelist
Cvelist
added 2026/04/22 7:45 a.m.27 views

CVE-2026-4082 ER Swiffy Insert <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The ER Swiffy Insert plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the swiffy shortcode in all versions up to and including 1.0.0. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes 'n', 'w', 'h'. These attributes are...

6.4CVSS0.00288EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/22 7:45 a.m.3 views

CVE-2026-4082

The ER Swiffy Insert plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the swiffy shortcode in all versions up to and including 1.0.0. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes 'n', 'w', 'h'. These attributes are...

6.4CVSS5.9AI score0.00288EPSS
Exploits0References6
CVE
CVE
added 2026/04/22 7:45 a.m.11 views

CVE-2026-4082

The CVE is for the WordPress plugin ER Swiffy Insert, affected in all versions up to 1.0.0. The vulnerability is a Stored Cross-Site Scripting flaw in the [swiffy] shortcode, caused by insufficient sanitization of user-supplied attributes (n, w, h) that are extracted and inserted into HTML output...

6.4CVSS5.9AI score0.00288EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.7 views

PT-2026-34280

Name of the Vulnerable Software and Affected Versions ER Swiffy Insert versions prior to 1.0.1 Description The ER Swiffy Insert plugin for WordPress contains a Stored Cross-Site Scripting issue via the 'swiffy' shortcode. The problem arises from insufficient input sanitization and output escaping...

6.4CVSS6AI score0.00288EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.5 views

PT-2026-34283

Name of the Vulnerable Software and Affected Versions Twittee Text Tweet versions prior to 1.0.9 Description Insufficient input sanitization and output escaping in the ttt twittee tweeter function allow authenticated attackers with Contributor-level access and above to inject arbitrary web script...

6.4CVSS5.9AI score0.00288EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.5 views

PT-2026-34278

Name of the Vulnerable Software and Affected Versions Quran Live Multilanguage plugin for WordPress versions prior to 1.0.4 Description Stored Cross-Site Scripting is possible due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The quran live render...

6.4CVSS6AI score0.00378EPSS
Exploits0References16
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.8 views

WordPress plugin ER Swiffy Insert 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.8AI score0.00288EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/04/19 11:18 p.m.5 views

WordPress Pz-LinkCard plugin <= 2.5.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Pz-LinkCard versions = 2.5.8.1...

6.4CVSS5.8AI score0.00235EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/19 3:26 a.m.4 views

CVE-2026-0868

The EMC – Easily Embed Calendly Scheduling Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's calendly shortcode in all versions up to, and including, 4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.9AI score0.00194EPSS
Exploits0References3
CVE
CVE
added 2026/04/17 10:27 p.m.15 views

CVE-2026-2434

The CVE-2026-2434 entry concerns the Pz-LinkCard WordPress plugin. A stored XSS vulnerability exists via the blogcard shortcode attributes in all versions up to and including 2.5.8.1, caused by insufficient input sanitization and output escaping. Exploitation requires authenticated access at Cont...

6.4CVSS5.9AI score0.00235EPSS
Exploits0References4
Rows per page
Query Builder