CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/03/21 12:0 a.m.•2 views

PT-2026-26800

The WPFAQBlock– FAQ & Accordion Plugin For Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter of the 'wpfaqblock' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS6AI score0.00243EPSS

Positive Technologies•added 2026/03/21 12:0 a.m.•3 views

PT-2026-26817

The WP NG Weather plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ng-weather' shortcode in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS6AI score0.00235EPSS

Exploits0References4

Positive Technologies•added 2026/03/21 12:0 a.m.•2 views

PT-2026-26823

The Any Post Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aps slider shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on the 'post type' attribute. This makes it possible for authenticated...

6.4CVSS6AI score0.00236EPSS

Positive Technologies•added 2026/03/21 12:0 a.m.•5 views

PT-2026-26812

The Schema Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's itemscope shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS6AI score0.00156EPSS

Exploits0References3

CNNVD•added 2026/03/21 12:0 a.m.•8 views

WordPress plugin Scoreboard for HTML5 Games Lite 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.4CVSS5.7AI score0.00206EPSS

5.6CVSS6.2AI score0.00268EPSS

WordPress plugin ARForms 代码注入漏洞

Exploits0References2

6.4CVSS5.7AI score0.00156EPSS

WordPress plugin Schema Shortcode 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

Exploits0References2

6.4CVSS5.7AI score0.00201EPSS

WordPress plugin Paypal Shortcode 跨站脚本漏洞

Exploits0References7

6.4CVSS5.7AI score0.00193EPSS

WordPress plugin Sheets2Table 跨站脚本漏洞

CNNVD•added 2026/03/21 12:0 a.m.•3 views

WordPress plugin WP Games Embed 跨站脚本漏洞

6.4CVSS5.8AI score0.00235EPSS

Exploits0References9

CNNVD•added 2026/03/21 12:0 a.m.•2 views

WordPress plugin Ecover Builder For Dummies 跨站脚本漏洞

6.4CVSS5.8AI score0.00201EPSS

Exploits0References7

Positive Technologies•added 2026/03/21 12:0 a.m.•3 views

PT-2026-26862

The Sheets2Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titles' shortcode attribute in the sheets2table-render-table shortcode in all versions up to and including 0.4.1. This is due to insufficient input sanitization and output escaping. Specifically, the...

6.4CVSS6AI score0.00193EPSS

Exploits0References6

Positive Technologies•added 2026/03/21 12:0 a.m.•4 views

PT-2026-26839

The Ed's Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's eds font awesome shortcode in all versions up to, and including, 2.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS6AI score0.00243EPSS

CNNVD•added 2026/03/21 12:0 a.m.•3 views

WordPress plugin WordPress PayPal Donation 跨站脚本漏洞

6.4CVSS5.8AI score0.00193EPSS

CNNVD•added 2026/03/21 12:0 a.m.•3 views

WordPress plugin iVysilani Shortcode 跨站脚本漏洞

6.4CVSS5.7AI score0.00243EPSS

Exploits0References4

Positive Technologies•added 2026/03/21 12:0 a.m.•3 views

PT-2026-26796

The The Contact Form, Survey, Quiz & Popup Form Builder – ARForms plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.2. This is due to the software allowing users to execute an action that does not properly validate a value before running...

5.6CVSS6.2AI score0.00268EPSS

Exploits0References3

CVE•added 2026/03/20 11:25 p.m.•11 views

CVE-2026-4083

The CVE concerns the WordPress plugin Scoreboard for HTML5 Games Lite (up to version 1.2). The root cause is in the shortcode handling function sfhg_shortcode(), which allows arbitrary HTML attributes to be added to the rendered despite a small blacklist, because escaping is insufficient for eve...

6.4CVSS6AI score0.00206EPSS

Vulnrichment•added 2026/03/20 11:25 p.m.•2 views

CVE-2026-4083 Scoreboard for HTML5 Games Lite <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Scoreboard for HTML5 Games Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'scoreboard' shortcode in all versions up to, and including, 1.2. The shortcode function sfhgshortcode allows arbitrary HTML attributes to be added to the rendered element, with only a...

6.4CVSS6AI score0.00206EPSS

Cvelist•added 2026/03/20 11:25 p.m.•30 views

CVE-2026-4083 Scoreboard for HTML5 Games Lite <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

6.4CVSS0.00206EPSS