CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1404 matches found

ATTACKERKB•added 2026/04/22 7:45 a.m.•1 views

CVE-2026-4082

The ER Swiffy Insert plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the swiffy shortcode in all versions up to and including 1.0.0. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes 'n', 'w', 'h'. These attributes are...

6.4CVSS5.9AI score0.00288EPSS

Exploits0References6

CNNVD•added 2026/04/22 12:0 a.m.•4 views

WordPress plugin ER Swiffy Insert 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.8AI score0.00288EPSS

Exploits0References1

Positive Technologies•added 2026/04/22 12:0 a.m.•4 views

PT-2026-34280

Name of the Vulnerable Software and Affected Versions ER Swiffy Insert versions prior to 1.0.1 Description The ER Swiffy Insert plugin for WordPress contains a Stored Cross-Site Scripting issue via the 'swiffy' shortcode. The problem arises from insufficient input sanitization and output escaping...

6.4CVSS6AI score0.00288EPSS

Exploits0References8

Positive Technologies•added 2026/04/22 12:0 a.m.•2 views

PT-2026-34283

Name of the Vulnerable Software and Affected Versions Twittee Text Tweet versions prior to 1.0.9 Description Insufficient input sanitization and output escaping in the ttt twittee tweeter function allow authenticated attackers with Contributor-level access and above to inject arbitrary web script...

6.4CVSS5.9AI score0.00288EPSS

Exploits0References8

Positive Technologies•added 2026/04/22 12:0 a.m.•1 views

PT-2026-34278

Name of the Vulnerable Software and Affected Versions Quran Live Multilanguage plugin for WordPress versions prior to 1.0.4 Description Stored Cross-Site Scripting is possible due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The quran live render...

6.4CVSS6AI score0.00378EPSS

Exploits0References16

Patchstack•added 2026/04/19 11:18 p.m.•2 views

WordPress Pz-LinkCard plugin <= 2.5.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Pz-LinkCard versions = 2.5.8.1...

6.4CVSS5.8AI score0.00235EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/04/19 3:26 a.m.•0 views

CVE-2026-0868

The EMC – Easily Embed Calendly Scheduling Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's calendly shortcode in all versions up to, and including, 4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.9AI score0.00194EPSS

Exploits0References3

Cvelist•added 2026/04/17 10:27 p.m.•17 views

CVE-2026-2434 Pz-LinkCard <= 2.5.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Pz-LinkCard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blogcard' shortcode attributes in all versions up to, and including, 2.5.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00235EPSS

Exploits0References4

CVE•added 2026/04/17 10:27 p.m.•10 views

CVE-2026-2434

The CVE-2026-2434 entry concerns the Pz-LinkCard WordPress plugin. A stored XSS vulnerability exists via the blogcard shortcode attributes in all versions up to and including 2.5.8.1, caused by insufficient input sanitization and output escaping. Exploitation requires authenticated access at Cont...

6.4CVSS5.9AI score0.00235EPSS

Exploits0References4

EUVD•added 2026/04/16 9:31 a.m.•2 views

EUVD-2026-23209

The BetterDocs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'betterdocsfeedbackform' shortcode in all versions up to, and including, 4.3.8. This is due to insufficient input sanitization and output escaping on user supplied shortcode attributes. This makes it possible...

6.4CVSS5.9AI score0.00218EPSS

Exploits0References3

CVE•added 2026/04/16 6:44 a.m.•8 views

CVE-2026-3875

The BetterDocs WordPress plugin is vulnerable to Stored Cross-Site Scripting via the betterdocs_feedback_form shortcode attributes in all versions up to 4.3.8. The root cause is insufficient input sanitization and output escaping on user-supplied shortcode attributes, allowing authenticated attac...

6.4CVSS5.9AI score0.00218EPSS

Exploits0References2

Cvelist•added 2026/04/16 6:44 a.m.•31 views

CVE-2026-3875 BetterDocs <= 4.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

6.4CVSS0.00218EPSS

Exploits0References2

ATTACKERKB•added 2026/04/16 6:44 a.m.•3 views

CVE-2026-3875

6.4CVSS5.9AI score0.00218EPSS

Exploits0References3

Vulnrichment•added 2026/04/16 6:44 a.m.•1 views

CVE-2026-3875 BetterDocs <= 4.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

6.4CVSS5.9AI score0.00218EPSS

Exploits0References2

Patchstack•added 2026/04/16 3:21 a.m.•5 views

WordPress BetterDocs plugin <= 4.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin BetterDocs versions = 4.3.8...

6.4CVSS5.8AI score0.00218EPSS

Exploits0References1Affected Software1

NVD•added 2026/04/15 9:16 a.m.•4 views

CVE-2026-3659

The WP Circliful plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the circliful shortcode and via multiple shortcode attributes of the circlifuldirect shortcode in all versions up to and including 1.2. This is due to insufficient input...

6.4CVSS0.00322EPSS

Exploits0References9

Vulnrichment•added 2026/04/15 8:28 a.m.•1 views

CVE-2026-3659 WP Circliful <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute

6.4CVSS5.9AI score0.00322EPSS

Exploits0References9

ATTACKERKB•added 2026/04/15 8:28 a.m.•3 views

CVE-2026-3659

6.4CVSS5.9AI score0.00322EPSS

Exploits0References10

CVE•added 2026/04/15 8:28 a.m.•12 views

CVE-2026-3659

The CVE covers the WP Circliful WordPress plugin (versions up to 1.2). The issue is Stored Cross-Site Scripting via the [circliful] shortcode id attribute and via multiple attributes of [circliful_direct], caused by insufficient input sanitization and lack of escaping when concatenating user-supp...

6.4CVSS5.9AI score0.00322EPSS

Exploits0References9

Positive Technologies•added 2026/04/15 12:0 a.m.•3 views

PT-2026-33022

The WP Circliful plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the circliful shortcode and via multiple shortcode attributes of the circliful direct shortcode in all versions up to and including 1.2. This is due to insufficient input...

6.4CVSS5.9AI score0.00322EPSS

Exploits0References11

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by