Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8961 matches found

CVE
CVEadded 2026/03/07 7:22 a.m.12 views

CVE-2026-1825

The CVE refers to CVE-2026-1825 for the WordPress Show YouTube video plugin (versions up to 1.1). The connected Wordfence report confirms a Stored Cross-Site Scripting vulnerability via the plugin’s shortcodes, exploitable by authenticated users with contributor-level access or higher. The descri...

6.4CVSS5.9AI score0.00191EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/03/07 7:22 a.m.4 views

CVE-2026-1825

The Show YouTube video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'syv' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.9AI score0.00191EPSS
Exploits0References4
CVE
CVEadded 2026/03/07 7:22 a.m.13 views

CVE-2026-1823

CVE-2026-1823 (Consensus Embed plugin, WordPress) is a stored XSS vulnerability affecting all versions up to 1.6, caused by insufficient input sanitization and output escaping on attributes used by the plugin’s consensus shortcode. The CVE description specifies that exploitation requires authenti...

6.4CVSS5.9AI score0.00193EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/03/07 7:22 a.m.3 views

CVE-2026-1823 Consensus Embed <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'src' Shortcode Attribute

The Consensus Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's consensus shortcode in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.9AI score0.00193EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/03/07 7:22 a.m.29 views

CVE-2026-1823 Consensus Embed <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'src' Shortcode Attribute

The Consensus Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's consensus shortcode in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00193EPSS
Exploits0References5
CVE
CVEadded 2026/03/07 7:22 a.m.12 views

CVE-2026-1805

CVE-2026-1805 concerns the DA Media GigList WordPress plugin. It is vulnerable to Stored Cross‑Site Scripting via the plugin’s shortcodes (damedia_giglist) in all versions up to and including 1.9.0 due to insufficient input sanitization and output escaping on user‑supplied attributes. Authenticat...

6.4CVSS5.9AI score0.00197EPSS
Exploits0References5
CVE
CVEadded 2026/03/07 7:22 a.m.12 views

CVE-2026-1574

CVE-2026-1574 concerns the WordPress plugin MyQtip – easy qTip2. Wordfence and CVE records describe a Stored Cross-Site Scripting flaw via the plugin’s myqtip shortcode in all versions up to and including 2.0.5. The vulnerability requires authentication at contributor level or higher and allows i...

6.4CVSS5.9AI score0.00159EPSS
Exploits0References2
CVE
CVEadded 2026/03/07 7:22 a.m.9 views

CVE-2026-1820

The CVE CVE-2026-1820 concerns the WordPress plugin Media Library Alt Text Editor, vulnerable to an authenticated Stored Cross-Site Scripting (XSS) via shortcode attributes (notably post_id and bvmalt_sc_div_update_alt_text) in versions up to 1.0.0. The issue arises from insufficient input saniti...

6.4CVSS5.9AI score0.00159EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/03/07 7:22 a.m.32 views

CVE-2026-1820 Media Library Alt Text Editor <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'post_id' Shortcode Attribute

The Media Library Alt Text Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bvmaltscdivupdatealttext' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

6.4CVSS0.00159EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/03/07 7:22 a.m.33 views

CVE-2026-1574 MyQtip – easy qTip2 <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The MyQtip – easy qTip2 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's myqtip shortcode in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00159EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/03/07 7:22 a.m.3 views

CVE-2026-1805

The DA Media GigList plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's damediagiglist shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.9AI score0.00197EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2026/03/07 7:22 a.m.3 views

CVE-2026-1574 MyQtip – easy qTip2 <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The MyQtip – easy qTip2 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's myqtip shortcode in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.9AI score0.00159EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/03/07 7:22 a.m.27 views

CVE-2026-1569 Wueen <= 0.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin's Shortcode

The Wueen plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wueen-blocket shortcode in all versions up to, and including, 0.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00159EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/03/07 7:22 a.m.3 views

CVE-2026-1569

The Wueen plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wueen-blocket shortcode in all versions up to, and including, 0.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.9AI score0.00159EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/03/07 7:22 a.m.2 views

CVE-2026-1569 Wueen <= 0.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin's Shortcode

The Wueen plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wueen-blocket shortcode in all versions up to, and including, 0.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.9AI score0.00159EPSS
Exploits0References2
CVE
CVEadded 2026/03/07 7:22 a.m.15 views

CVE-2026-1569

CVE-2026-1569 describes a stored XSS in the WordPress plugin Wueen (versions

6.4CVSS5.9AI score0.00159EPSS
Exploits0References2
EUVD
EUVDadded 2026/03/07 3:30 a.m.4 views

EUVD-2026-10098

The JS Archive List plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.1.7 via the 'included' shortcode attribute. This is due to the deserialization of untrusted input supplied via the 'included' parameter of the plugin's shortcode. This makes it...

7.5CVSS6AI score0.00418EPSS
Exploits0References7
Patchstack
Patchstackadded 2026/03/07 2:22 a.m.4 views

WordPress Infomaniak Connect for OpenID plugin <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Infomaniak Connect for OpenID versions = 1.0.2...

6.4CVSS5.8AI score0.00191EPSS
Exploits0References1Affected Software1
NVD
NVDadded 2026/03/07 2:16 a.m.3 views

CVE-2026-2020

The JS Archive List plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.1.7 via the 'included' shortcode attribute. This is due to the deserialization of untrusted input supplied via the 'included' parameter of the plugin's shortcode. This makes it...

7.5CVSS0.00418EPSS
Exploits0References6
Patchstack
Patchstackadded 2026/03/07 2:16 a.m.3 views

WordPress Show YouTube video plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Show YouTube video versions = 1.1...

6.4CVSS5.8AI score0.00191EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder