Lucene search
K

1416 matches found

Cvelist
Cvelist
added 2026/04/17 10:27 p.m.19 views

CVE-2026-2434 Pz-LinkCard <= 2.5.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Pz-LinkCard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blogcard' shortcode attributes in all versions up to, and including, 2.5.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00235EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/16 9:31 a.m.6 views

EUVD-2026-23209

The BetterDocs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'betterdocsfeedbackform' shortcode in all versions up to, and including, 4.3.8. This is due to insufficient input sanitization and output escaping on user supplied shortcode attributes. This makes it possible...

6.4CVSS5.9AI score0.00218EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/16 6:44 a.m.6 views

CVE-2026-3875

The BetterDocs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'betterdocsfeedbackform' shortcode in all versions up to, and including, 4.3.8. This is due to insufficient input sanitization and output escaping on user supplied shortcode attributes. This makes it possible...

6.4CVSS5.9AI score0.00218EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/16 6:44 a.m.3 views

CVE-2026-3875 BetterDocs <= 4.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The BetterDocs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'betterdocsfeedbackform' shortcode in all versions up to, and including, 4.3.8. This is due to insufficient input sanitization and output escaping on user supplied shortcode attributes. This makes it possible...

6.4CVSS5.9AI score0.00218EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/16 6:44 a.m.37 views

CVE-2026-3875 BetterDocs <= 4.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The BetterDocs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'betterdocsfeedbackform' shortcode in all versions up to, and including, 4.3.8. This is due to insufficient input sanitization and output escaping on user supplied shortcode attributes. This makes it possible...

6.4CVSS0.00218EPSS
Exploits0References2
CVE
CVE
added 2026/04/16 6:44 a.m.10 views

CVE-2026-3875

The BetterDocs WordPress plugin is vulnerable to Stored Cross-Site Scripting via the betterdocs_feedback_form shortcode attributes in all versions up to 4.3.8. The root cause is insufficient input sanitization and output escaping on user-supplied shortcode attributes, allowing authenticated attac...

6.4CVSS5.9AI score0.00218EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/04/16 3:21 a.m.8 views

WordPress BetterDocs plugin <= 4.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin BetterDocs versions = 4.3.8...

6.4CVSS5.8AI score0.00218EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/04/15 9:16 a.m.7 views

CVE-2026-3659

The WP Circliful plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the circliful shortcode and via multiple shortcode attributes of the circlifuldirect shortcode in all versions up to and including 1.2. This is due to insufficient input...

6.4CVSS0.00322EPSS
Exploits0References9
CVE
CVE
added 2026/04/15 8:28 a.m.18 views

CVE-2026-3659

The CVE covers the WP Circliful WordPress plugin (versions up to 1.2). The issue is Stored Cross-Site Scripting via the [circliful] shortcode id attribute and via multiple attributes of [circliful_direct], caused by insufficient input sanitization and lack of escaping when concatenating user-supp...

6.4CVSS5.9AI score0.00322EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/04/15 8:28 a.m.3 views

CVE-2026-3659 WP Circliful <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute

The WP Circliful plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the circliful shortcode and via multiple shortcode attributes of the circlifuldirect shortcode in all versions up to and including 1.2. This is due to insufficient input...

6.4CVSS5.9AI score0.00322EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/04/15 8:28 a.m.6 views

CVE-2026-3659

The WP Circliful plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the circliful shortcode and via multiple shortcode attributes of the circlifuldirect shortcode in all versions up to and including 1.2. This is due to insufficient input...

6.4CVSS5.9AI score0.00322EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.9 views

PT-2026-33022

The WP Circliful plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the circliful shortcode and via multiple shortcode attributes of the circliful direct shortcode in all versions up to and including 1.2. This is due to insufficient input...

6.4CVSS5.9AI score0.00322EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.12 views

WordPress plugin WP Circliful 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

6.4CVSS5.9AI score0.00322EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.8 views

WordPress plugin ShopLentor 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.6AI score0.00296EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/04/09 11:27 p.m.5 views

WordPress Download Manager plugin <= 3.3.52 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by zaim in WordPress Plugin Download Manager versions = 3.3.52...

6.4CVSS5.9AI score0.00302EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/04/09 6:30 a.m.5 views

EUVD-2026-20837

The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'markername' and 'filecolorlist' shortcode attribute of the osmmapv3 shortcode in all versions up to and including 6.1.15. This is due to insufficient input sanitization and output escaping. This mak...

6.4CVSS6.1AI score0.00239EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.7 views

WordPress plugin OSM – OpenStreetMap 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.7AI score0.00239EPSS
Exploits0References10
CVE
CVE
added 2026/04/08 8:23 a.m.5 views

CVE-2026-1396

The CVE-2026-1396 entry affects the WordPress plugin Magic Conversation For Gravity Forms. It reports a Stored Cross-Site Scripting vulnerability in the magic-conversation shortcode, caused by insufficient input sanitization and output escaping on user-supplied attributes. Affected versions are a...

6.4CVSS6.1AI score0.00236EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/08 6:43 a.m.21 views

CVE-2026-5506 Wavr <= 0.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Wavr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wave shortcode in all versions up to, and including, 0.2.6. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

6.4CVSS0.00188EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/08 6:43 a.m.19 views

CVE-2026-5508 WowPress <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The WowPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wowpress shortcode in all versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00234EPSS
Exploits0References3
Rows per page
Query Builder