Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8961 matches found

NVD
NVDadded 2026/02/18 5:16 a.m.4 views

CVE-2025-6460

The Display During Conditional Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00227EPSS
Exploits0References3
NVD
NVDadded 2026/02/18 5:16 a.m.4 views

CVE-2025-13959

The Filestack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'filepicker' shortcode in all versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00181EPSS
Exploits0References3
CVE
CVEadded 2026/02/18 4:35 a.m.14 views

CVE-2025-6460

CVE-2025-6460 relates to the WordPress plugin Display During Conditional Shortcode. The vulnerability is a stored cross-site scripting (XSS) via the message parameter in all versions up to and including 1.2, enabling authenticated users with Contributor+ privileges to inject scripts that execute ...

6.4CVSS5.7AI score0.00227EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/02/18 4:35 a.m.27 views

CVE-2025-6460 Display During Conditional Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via message Parameter

The Display During Conditional Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00227EPSS
Exploits0References3
CVE
CVEadded 2026/02/18 4:35 a.m.15 views

CVE-2025-13959

CVE-2025-13959 affects the Filestack plugin for WordPress. It enables Stored Cross-Site Scripting via the plugin’s filepicker shortcode attributes in all versions up to and including 2.0.8. Authenticated attackers with contributor-level access can inject scripts that execute when users view the a...

6.4CVSS5.7AI score0.00181EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/02/18 4:35 a.m.25 views

CVE-2025-13959 Filestack <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Filestack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'filepicker' shortcode in all versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00181EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/02/18 4:35 a.m.4 views

CVE-2025-13959

The Filestack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'filepicker' shortcode in all versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.7AI score0.00181EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/02/18 4:35 a.m.4 views

CVE-2025-13959 Filestack <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Filestack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'filepicker' shortcode in all versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.7AI score0.00181EPSS
Exploits0References3
Patchstack
Patchstackadded 2026/02/18 12:43 a.m.6 views

WordPress Complianz | GDPR/CCPA Cookie Consent plugin <= 7.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Complianz versions = 7.4.3...

6.4CVSS5.5AI score0.00245EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded 2026/02/18 12:37 a.m.7 views

WordPress SiteOrigin Widgets Bundle plugin <= 1.70.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by bashu - KCSC in WordPress Plugin SiteOrigin Widgets Bundle versions = 1.70.4...

5.4CVSS5.5AI score0.00284EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded 2026/02/18 12:36 a.m.4 views

WordPress WP Event Aggregator plugin <= 1.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by WordFence in WordPress Plugin WP Event Aggregator versions = 1.8.7...

6.4CVSS5.5AI score0.0025EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded 2026/02/18 12:11 a.m.4 views

WordPress InteractiveCalculator for WordPress plugin <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin InteractiveCalculator for WordPress versions = 1.0.3...

6.4CVSS5.5AI score0.00235EPSS
Exploits0References1Affected Software1
CNNVD
CNNVDadded 2026/02/18 12:0 a.m.5 views

WordPress plugin Display During Conditional Shortcode 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

6.4CVSS5.7AI score0.00227EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/02/18 12:0 a.m.3 views

PT-2026-20221

The Popup Box – Easily Create WordPress Popups plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'iframeBox' shortcode in all versions up to, and including, 3.2.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

6.4CVSS5.7AI score0.0019EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/02/18 12:0 a.m.5 views

PT-2026-20365

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to unauthorized arbitrary shortcode execution in all versions up to, and including, 1.70.4. This is due to a missing capability check on the siteorigin widget preview widget action function which is registered via the wp ajax so...

5.4CVSS6AI score0.00284EPSS
Exploits0References7
Positive Technologies
Positive Technologiesadded 2026/02/18 12:0 a.m.4 views

PT-2026-20282

The Download Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'redirect to' parameter in all versions up to, and including, 3.3.46. This is due to insufficient input sanitization and output escaping on the 'redirect to' GET parameter in the login form shortcode...

6.1CVSS5.8AI score0.00264EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2026/02/18 12:0 a.m.7 views

PT-2026-20228

Name of the Vulnerable Software and Affected Versions Filestack plugin for WordPress versions prior to 2.0.9 Description The Filestack plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'filepicker' shortcode. Insufficient input sanitization and output escaping on...

6.4CVSS5.7AI score0.00181EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/02/18 12:0 a.m.3 views

PT-2026-20364

The WP Event Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp events' shortcode in all versions up to, and including, 1.8.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.7AI score0.0025EPSS
Exploits0References9
Positive Technologies
Positive Technologiesadded 2026/02/18 12:0 a.m.6 views

PT-2026-20422

The Advanced AJAX Product Filters plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.9.6 via deserialization of untrusted input in the shortcode check function within the Live Composer compatibility layer. This makes it possible for authenticated...

8.8CVSS6.1AI score0.0046EPSS
Exploits0References7
Patchstack
Patchstackadded 2026/02/17 11:23 p.m.6 views

WordPress Filestack plugin <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin Filestack versions = 2.0.8...

6.4CVSS5.5AI score0.00181EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder