8961 matches found
CVE-2026-31916 WordPress Latest Post Shortcode plugin <= 14.2.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Latest Post Shortcode: from n/a through = 14.2.1...
CVE-2026-31916 WordPress Latest Post Shortcode plugin <= 14.2.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Latest Post Shortcode: from n/a through = 14.2.1...
CVE-2026-22191 Beghelli Sicuro24 SicuroWeb AngularJS Template Injection
Beghelli Sicuro24 SicuroWeb contains a template injection vulnerability that allows attackers to inject arbitrary AngularJS expressions by exploiting improper rendering of untrusted input in AngularJS template contexts. Attackers can inject malicious expressions that are compiled and executed by...
CVE-2026-22191 Beghelli Sicuro24 SicuroWeb AngularJS Template Injection
Beghelli Sicuro24 SicuroWeb contains a template injection vulnerability that allows attackers to inject arbitrary AngularJS expressions by exploiting improper rendering of untrusted input in AngularJS template contexts. Attackers can inject malicious expressions that are compiled and executed by...
CVE-2026-22191
Beghelli Sicuro24 SicuroWeb contains a template injection vulnerability that allows attackers to inject arbitrary AngularJS expressions by exploiting improper rendering of untrusted input in AngularJS template contexts. Attackers can inject malicious expressions that are compiled and executed by...
CVE-2026-22191
Beghelli Sicuro24 SicuroWeb is affected by an AngularJS 1.5.2-based template injection chain that can lead to arbitrary JavaScript execution in operator browser sessions. The root cause is improper handling of untrusted input in AngularJS template contexts, combined with an end-of-life AngularJS ...
PT-2026-25171
Missing Authorization vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Latest Post Shortcode: from n/a through = 14.2.1...
CVE-2026-3228
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the nxsfbembed shortcode in all versions up to, and including, 4.4.6. This is due to insufficient input sanitization and output escaping on the snapFB post meta value. This makes it...
CVE-2026-2358
The WP ULike plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wpulikelikersbox shortcode template attribute in all versions up to, and including, 5.0.1. This is due to the use of htmlentitydecode on shortcode attributes without subsequent output sanitization, which...
EUVD-2026-11090
The WP ULike plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wpulikelikersbox shortcode template attribute in all versions up to, and including, 5.0.1. This is due to the use of htmlentitydecode on shortcode attributes without subsequent output sanitization, which...
CVE-2026-2358
CVE-2026-2358 concerns the WordPress plugin WP ULike (
CVE-2026-2358 WP ULike <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attribute
The WP ULike plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wpulikelikersbox shortcode template attribute in all versions up to, and including, 5.0.1. This is due to the use of htmlentitydecode on shortcode attributes without subsequent output sanitization, which...
CVE-2026-2358 WP ULike <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attribute
The WP ULike plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wpulikelikersbox shortcode template attribute in all versions up to, and including, 5.0.1. This is due to the use of htmlentitydecode on shortcode attributes without subsequent output sanitization, which...
PT-2026-24577
The WP ULike plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wp ulike likers box shortcode template attribute in all versions up to, and including, 5.0.1. This is due to the use of html entity decode on shortcode attributes without subsequent output sanitization, which...
WordPress WP ULike plugin <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attribute vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Plugin WP ULike versions = 5.0.1...
EUVD-2026-10484
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the nxsfbembed shortcode in all versions up to, and including, 4.4.6. This is due to insufficient input sanitization and output escaping on the snapFB post meta value. This makes it...
CVE-2026-3228 NextScripts: Social Networks Auto-Poster <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'nxs_fbembed' Shortcode
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the nxsfbembed shortcode in all versions up to, and including, 4.4.6. This is due to insufficient input sanitization and output escaping on the snapFB post meta value. This makes it...
CVE-2026-3228
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the nxsfbembed shortcode in all versions up to, and including, 4.4.6. This is due to insufficient input sanitization and output escaping on the snapFB post meta value. This makes it...
CVE-2026-3228 NextScripts: Social Networks Auto-Poster <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'nxs_fbembed' Shortcode
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the nxsfbembed shortcode in all versions up to, and including, 4.4.6. This is due to insufficient input sanitization and output escaping on the snapFB post meta value. This makes it...
PT-2026-24201
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the nxs fbembed shortcode in all versions up to, and including, 4.4.6. This is due to insufficient input sanitization and output escaping on the snapFB post meta value. This makes it...