CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 5 days ago•5 views

EUVD-2026-38692

5.4CVSS5.8AI score0.00133EPSS

CVE•added 5 days ago•8 views

CVE-2026-8865

CVE-2026-8865 affects the Avalon23 Products Filter for WooCommerce WordPress plugin (

6.4CVSS6AI score0.00193EPSS

Exploits0References4

Cvelist•added 5 days ago•32 views

CVE-2026-8865 Avalon23 Products Filter for WooCommerce <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Avalon23 Products Filter for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'avalon23qr' shortcode in all versions up to, and including, 1.1.6. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes notab...

6.4CVSS0.00193EPSS

Exploits0References4

Positive Technologies•added 5 days ago•8 views

PT-2026-51666

Name of the Vulnerable Software and Affected Versions AI Share & Summarize versions prior to 2.0.4 Description Users with the Contributor role and above can perform Stored Cross-Site Scripting XSS attacks. This occurs because the plugin fails to sanitize and escape certain shortcode attributes,...

5.4CVSS5.8AI score0.00133EPSS

Exploits0References6

CVE•added 2026/06/18 6:50 a.m.•25 views

CVE-2026-12136

CVE-2026-12136 affects the WordPress plugin “Customize My Account for WooCommerce” up to version 4.3.6. The root cause is insufficient input sanitization and output escaping on shortcode attributes (min_height, min_width, max_height, max_width) used by sysbasics_user_avatar, which are concatenate...

6.4CVSS5.6AI score0.00193EPSS

Exploits0References5

NVD•added 2026/06/10 10:17 p.m.•10 views

CVE-2026-53742

Simple Link Directory through 9.0.4 echoes embed shortcode attributes into HTML data attributes without escaping in the embedder template. Attackers with contributor access can craft a shortcode attribute that injects an event handler executing in a viewer's browser...

5.4CVSS0.00141EPSS

Exploits0References2

Vulnrichment•added 2026/06/10 8:39 p.m.•8 views

CVE-2026-53742 Simple Link Directory through 9.0.4 Stored XSS via Embed Shortcode Attributes

5.4CVSS5.5AI score0.00141EPSS

Exploits0References2

RedhatCVE•added 2026/06/10 8:59 a.m.•10 views

CVE-2026-8883

The Global Body Mass Index Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gbmicalc' shortcode in versions up to, and including, 1.2. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes in the...

6.4CVSS5.7AI score0.00188EPSS

CNNVD•added 2026/06/10 12:0 a.m.•21 views

WordPress plugin Simple Link Directory 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.4CVSS5AI score0.00141EPSS

NVD•added 2026/06/09 5:16 a.m.•11 views

CVE-2026-8882

The WP ApplicantStack Jobs Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00181EPSS

Cvelist•added 2026/06/09 3:41 a.m.•32 views

CVE-2026-8895 kk blog card <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The kk blog card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'blog-card' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on the shortcode's 'href' and 'type' attributes, which are...

6.4CVSS0.00181EPSS

CVE•added 2026/06/09 3:41 a.m.•19 views

CVE-2026-8895

CVE-2026-8895 affects the WordPress plugin kk blog card up to version 1.3. The vulnerability is a Stored Cross-Site Scripting (Stored XSS) in the plugin’s blog-card shortcode, caused by insufficient sanitization and output escaping of the shortcode’s href and type attributes. These values are con...

Vulnrichment•added 2026/06/09 3:41 a.m.•8 views

CVE-2026-8895 kk blog card <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

Cvelist•added 2026/06/09 3:41 a.m.•30 views

CVE-2026-8882 WP ApplicantStack Jobs Display <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

6.4CVSS0.00181EPSS

Vulnrichment•added 2026/06/09 3:41 a.m.•10 views

CVE-2026-8882 WP ApplicantStack Jobs Display <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

EUVD•added 2026/06/09 3:41 a.m.•9 views

EUVD-2026-35311

CVE•added 2026/06/09 3:41 a.m.•17 views

CVE-2026-8882

CVE-2026-8882 affects the WP ApplicantStack Jobs Display WordPress plugin (versions up to 1.1.1). The vulnerability is a Stored Cross-Site Scripting via Shortcode Attributes caused by insufficient input sanitization and output escaping, exploitable by authenticated users with contributor-level ac...

CVE•added 2026/06/09 3:41 a.m.•17 views

CVE-2026-8880

The RomanCart Ecommerce WordPress plugin (

6.4CVSS5.7AI score0.00192EPSS