CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/02/14 6:42 a.m.•4 views

CVE-2026-1988

7.5CVSS5.9AI score0.00765EPSS

Exploits0References6

Vulnrichment•added 2026/02/14 6:42 a.m.•3 views

CVE-2026-1988 Flexi Product Slider and Grid for WooCommerce <= 1.0.5 - Authenticated (Contributor+) Local File Inclusion via 'theme' Shortcode Attribute

7.5CVSS5.9AI score0.00765EPSS

CVE•added 2026/02/14 6:42 a.m.•15 views

CVE-2026-1988

CVE-2026-1988 : Local File Inclusion in the WordPress plugin Flexi Product Slider and Grid for WooCommerce (versions

7.5CVSS5.9AI score0.00765EPSS

Cvelist•added 2026/02/14 6:42 a.m.•25 views

CVE-2026-1915 Simple Plyr <= 0.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'poster' Shortcode Attribute

The Simple Plyr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'poster' parameter in the 'plyr' shortcode in all versions up to, and including, 0.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00219EPSS

ATTACKERKB•added 2026/02/14 6:42 a.m.•3 views

CVE-2026-1915

ATTACKERKB•added 2026/02/14 6:42 a.m.•2 views

CVE-2026-1187

The ZoomifyWP Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filename' parameter of the 'zoomify' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00245EPSS

Vulnrichment•added 2026/02/14 6:42 a.m.•2 views

CVE-2026-1187 ZoomifyWP Free <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'filename' Shortcode Attribute

6.4CVSS5.7AI score0.00245EPSS

Vulnrichment•added 2026/02/14 6:42 a.m.•1 views

CVE-2026-1915 Simple Plyr <= 0.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'poster' Shortcode Attribute

CVE•added 2026/02/14 6:42 a.m.•12 views

CVE-2026-1187

CVE-2026-1187 : ZoomifyWP Free (WordPress plugin)

6.4CVSS5.8AI score0.00245EPSS

Vulnrichment•added 2026/02/14 6:42 a.m.•4 views

CVE-2026-1910 UpMenu <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'upmenu-menu' Shortcode 'lang' Attribute

The UpMenu – Online ordering for restaurants plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lang' attribute of the 'upmenu-menu' shortcode in all versions up to, and including, 3.1. This is due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS5.7AI score0.00237EPSS

CVE•added 2026/02/14 6:42 a.m.•11 views

CVE-2026-1910

CVE-2026-1910 refers to a stored cross-site scripting flaw in UpMenu – Online ordering for restaurants (WordPress) versions ≤ 3.1. The vulnerability arises from insufficient sanitization and output escaping of user-supplied attributes in the upmenu-menu shortcode lang attribute, enabling authenti...

6.4CVSS5.8AI score0.00237EPSS

CVE•added 2026/02/14 6:42 a.m.•16 views

CVE-2026-1096

CVE-2026-1096 affects the Best-wp-google-map WordPress plugin (versions

6.4CVSS5.7AI score0.00245EPSS

Vulnrichment•added 2026/02/14 6:42 a.m.•5 views

CVE-2026-0559 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'stm_lms_courses_grid_display' Shortcode

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stmlmscoursesgriddisplay' shortcode in all versions up to, and including, 3.7.11 due to insufficient input sanitization and output escaping o...

6.4CVSS5.8AI score0.00199EPSS

Cvelist•added 2026/02/14 6:42 a.m.•29 views

CVE-2026-1096 Best-wp-google-map <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'latitude' Shortcode Attribute

The Best-wp-google-map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'latitude' and 'longitudinal' parameters of the 'googlemapview' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible f...

6.4CVSS0.00245EPSS

CVE•added 2026/02/14 6:42 a.m.•15 views

CVE-2026-1905

CVE-2026-1905 : WordFence and Patchstack document a stored cross-site scripting vulnerability in the WordPress Sphere Manager plugin. The issue arises from insufficient input sanitization and output escaping in the width attribute of the show_sphere_image shortcode, affecting versions up to and i...

6.4CVSS5.7AI score0.00237EPSS

Cvelist•added 2026/02/14 6:42 a.m.•31 views

CVE-2026-0557 WP Data Access <= 5.5.63 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpda_app' Shortcode

The WP Data Access plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdaapp' shortcode in all versions up to, and including, 5.5.63 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00219EPSS

ATTACKERKB•added 2026/02/14 6:42 a.m.•2 views

CVE-2026-0557

Vulnrichment•added 2026/02/14 6:42 a.m.•2 views

CVE-2026-0557 WP Data Access <= 5.5.63 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpda_app' Shortcode

Cvelist•added 2026/02/14 6:42 a.m.•26 views

CVE-2026-1939 Percent to Infograph <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Percent to Infograph plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the percenttograph shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.0026EPSS