CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1386 matches found

RedhatCVE•added 2026/03/26 3:7 p.m.•2 views

CVE-2026-4084

The fyyd podcast shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fyyd-podcast', 'fyyd-episode', and 'fyyd' shortcodes in all versions up to, and including, 0.3.1. This is due to insufficient input sanitization and output escaping on user-supplied shortcode...

6.4CVSS6AI score0.00062EPSS

Exploits0References1

RedhatCVE•added 2026/03/26 3:6 p.m.•1 views

CVE-2026-4086

The WP Random Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cat', 'nocat', and 'text' shortcode attributes of the 'wprandombutton' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on...

6.4CVSS6AI score0.00048EPSS

Exploits0References1

Vulnrichment•added 2026/03/26 2:25 a.m.•2 views

CVE-2026-4075 BWL Advanced FAQ Manager Lite <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sbox_id' Shortcode Attribute

The BWL Advanced FAQ Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bafsbox' shortcode in all versions up to and including 1.1.1. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes such as 'sboxid',...

6.4CVSS6AI score0.00063EPSS

Exploits0References8

CNNVD•added 2026/03/26 12:0 a.m.•2 views

WordPress plugin BWL Advanced FAQ Manager Lite 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.4CVSS5.7AI score0.00063EPSS

Exploits0References8

Positive Technologies•added 2026/03/26 12:0 a.m.•1 views

PT-2026-28200

The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sdc menu' shortcode in all versions up to, and including, 2.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes, specifically the 'text' a...

6.4CVSS6AI score0.00084EPSS

Exploits0References11

Patchstack•added 2026/03/23 7:17 p.m.•5 views

WordPress WP NG Weather plugin <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP NG Weather versions = 1.0.9...

6.4CVSS5.8AI score0.00043EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/03/23 7:16 p.m.•4 views

WordPress Tour & Activity Operator Plugin for TourCMS plugin <= 1.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Tour & Activity Operator Plugin for TourCMS versions = 1.7.0...

6.4CVSS5.8AI score0.00043EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/03/23 6:51 p.m.•4 views

WordPress Ed's Font Awesome plugin <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by zakaria in WordPress Plugin Ed's Font Awesome versions = 2.0...

6.4CVSS5.8AI score0.00045EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/03/23 6:45 p.m.•2 views

WordPress Ed's Social Share plugin <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by zakaria in WordPress Plugin Ed's Social Share versions = 2.0...

6.4CVSS5.8AI score0.00045EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/03/23 6:33 p.m.•5 views

WordPress MinhNhut Link Gateway plugin <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by san6051 - PWC in WordPress Plugin MinhNhut Link Gateway versions = 3.6.1...

6.4CVSS5.8AI score0.00043EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/03/23 6:3 p.m.•3 views

WordPress Integration with Hubspot Forms plugin <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin Integration with Hubspot Forms versions = 1.2.2...

6.4CVSS5.8AI score0.00043EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/03/23 6:1 p.m.•4 views

WordPress Simple Football Scoreboard plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin Simple Football Scoreboard versions = 1.0...

6.4CVSS5.8AI score0.00043EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/03/23 4:34 p.m.•2 views

WordPress WP Games Embed plugin <= 0.1beta - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin WP Games Embed versions = 0.1beta...

6.4CVSS5.8AI score0.00084EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/03/22 10:10 p.m.•3 views

WordPress Scoreboard for HTML5 Games Lite plugin <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Scoreboard for HTML5 Games Lite versions = 1.2...

6.4CVSS5.8AI score0.00063EPSS

Exploits0References1Affected Software1

EUVD•added 2026/03/21 6:30 a.m.•3 views

EUVD-2026-14010

6.4CVSS6AI score0.00048EPSS

Exploits0References6

NVD•added 2026/03/21 4:17 a.m.•3 views

CVE-2026-4086

6.4CVSS0.00048EPSS

Exploits0References5

NVD•added 2026/03/21 4:17 a.m.•0 views

CVE-2026-4072

The WordPress PayPal Donation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'donate' shortcode in all versions up to, and including, 1.01. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes such as 'amount', 'email'...

6.4CVSS0.00048EPSS

Exploits0References5

Cvelist•added 2026/03/21 3:27 a.m.•19 views

CVE-2026-2501 Ed's Social Share <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Ed's Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's socialshare shortcode in all versions up to, and including, 2.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00045EPSS

Exploits0References4

Vulnrichment•added 2026/03/21 3:26 a.m.•2 views

CVE-2026-1908 Integration with Hubspot Forms <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Integration with Hubspot Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hubspotform' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS6AI score0.00043EPSS

Exploits0References3

Cvelist•added 2026/03/21 3:26 a.m.•30 views

CVE-2026-1908 Integration with Hubspot Forms <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

6.4CVSS0.00043EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by