Lucene search
K

1416 matches found

Vulnrichment
Vulnrichment
added 2026/04/08 6:43 a.m.3 views

CVE-2026-5508 WowPress <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The WowPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wowpress shortcode in all versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS6.1AI score0.00234EPSS
Exploits0References3
NVD
NVD
added 2026/04/08 5:16 a.m.8 views

CVE-2026-3513

The TableOn – WordPress Posts Table Filterable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tableonbutton' shortcode in all versions up to and including 1.0.4.4. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes...

6.4CVSS0.00264EPSS
Exploits0References6
CVE
CVE
added 2026/04/08 3:36 a.m.13 views

CVE-2026-3513

CVE-2026-3513 concerns the TableOn – WordPress Posts Table Filterable plugin (

6.4CVSS6.1AI score0.00264EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/08 3:36 a.m.17 views

CVE-2026-3513 TableOn – WordPress Posts Table Filterable <= 1.0.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute

The TableOn – WordPress Posts Table Filterable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tableonbutton' shortcode in all versions up to and including 1.0.4.4. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes...

6.4CVSS0.00264EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/08 3:36 a.m.7 views

CVE-2026-3513 TableOn – WordPress Posts Table Filterable <= 1.0.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute

The TableOn – WordPress Posts Table Filterable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tableonbutton' shortcode in all versions up to and including 1.0.4.4. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes...

6.4CVSS6.1AI score0.00264EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/04/08 3:29 a.m.7 views

WordPress Magic Conversation For Gravity Forms plugin <= 3.0.97 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by zaim in WordPress Plugin Magic Conversation For Gravity Forms versions = 3.0.97...

6.4CVSS5.9AI score0.00236EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.5 views

PT-2026-31101

The Sports Club Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'before' and 'after' attributes of the scm member data shortcode in all versions up to, and including, 1.12.9 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6.1AI score0.00181EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.8 views

PT-2026-31075

Name of the Vulnerable Software and Affected Versions TableOn – WordPress Posts Table Filterable plugin versions up to and including 1.0.4.4 Description The TableOn – WordPress Posts Table Filterable plugin is susceptible to Stored Cross-Site Scripting. This is due to insufficient input...

6.4CVSS5.9AI score0.00264EPSS
Exploits0References11
Patchstack
Patchstack
added 2026/04/07 11:50 p.m.5 views

WordPress Wavr plugin <= 0.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by zakaria in WordPress Plugin Wavr versions = 0.2.6...

6.4CVSS5.9AI score0.00188EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/07 11:23 p.m.5 views

WordPress WowPress plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by zakaria in WordPress Plugin WowPress versions = 1.0.0...

6.4CVSS5.9AI score0.00234EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:7 p.m.5 views

CVE-2026-4084

The fyyd podcast shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fyyd-podcast', 'fyyd-episode', and 'fyyd' shortcodes in all versions up to, and including, 0.3.1. This is due to insufficient input sanitization and output escaping on user-supplied shortcode...

6.4CVSS6AI score0.0025EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.4 views

CVE-2026-4086

The WP Random Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cat', 'nocat', and 'text' shortcode attributes of the 'wprandombutton' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on...

6.4CVSS6AI score0.00193EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/26 2:25 a.m.3 views

CVE-2026-4075 BWL Advanced FAQ Manager Lite <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sbox_id' Shortcode Attribute

The BWL Advanced FAQ Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bafsbox' shortcode in all versions up to and including 1.1.1. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes such as 'sboxid',...

6.4CVSS6AI score0.00204EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.6 views

WordPress plugin BWL Advanced FAQ Manager Lite 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.4CVSS5.7AI score0.00204EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.3 views

PT-2026-28200

The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sdc menu' shortcode in all versions up to, and including, 2.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes, specifically the 'text' a...

6.4CVSS6AI score0.00239EPSS
Exploits0References11
Patchstack
Patchstack
added 2026/03/23 7:17 p.m.6 views

WordPress WP NG Weather plugin <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP NG Weather versions = 1.0.9...

6.4CVSS5.8AI score0.00235EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 7:16 p.m.6 views

WordPress Tour & Activity Operator Plugin for TourCMS plugin <= 1.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Tour & Activity Operator Plugin for TourCMS versions = 1.7.0...

6.4CVSS5.8AI score0.00235EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 6:51 p.m.6 views

WordPress Ed's Font Awesome plugin <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by zakaria in WordPress Plugin Ed's Font Awesome versions = 2.0...

6.4CVSS5.8AI score0.00243EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 6:45 p.m.3 views

WordPress Ed's Social Share plugin <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by zakaria in WordPress Plugin Ed's Social Share versions = 2.0...

6.4CVSS5.8AI score0.00193EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 6:33 p.m.7 views

WordPress MinhNhut Link Gateway plugin <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by san6051 - PWC in WordPress Plugin MinhNhut Link Gateway versions = 3.6.1...

6.4CVSS5.8AI score0.00235EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder