CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/02/14 6:42 a.m.•3 views

CVE-2026-1939 Percent to Infograph <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Percent to Infograph plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the percenttograph shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.7AI score0.0026EPSS

Cvelist•added 2026/02/14 6:42 a.m.•22 views

CVE-2026-1903 Ravelry Designs Widget <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sb_ravelry_designs' Shortcode 'layout' Attribute

The Ravelry Designs Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'layout' attribute of the 'sbravelrydesigns' shortcode in all versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes...

6.4CVSS0.00245EPSS

ATTACKERKB•added 2026/02/14 6:42 a.m.•1 views

CVE-2026-1903

6.4CVSS5.8AI score0.00245EPSS

Exploits0References5

CVE•added 2026/02/14 6:42 a.m.•18 views

CVE-2026-1903

CVE-2026-1903 concerns the WordPress plugin Ravelry Designs Widget (versions up to 1.0.0). The vulnerability is a stored XSS via the shortcode attribute sb_ravelry_designs layout. Exploitation requires authenticated access at contributor level or higher, and would cause arbitrary scripts to run w...

6.4CVSS5.8AI score0.00245EPSS

Cvelist•added 2026/02/14 6:42 a.m.•26 views

CVE-2026-1901 QuestionPro Surveys <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The QuestionPro Surveys plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'questionpro' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00237EPSS

ATTACKERKB•added 2026/02/14 6:42 a.m.•4 views

CVE-2026-1901

6.4CVSS5.7AI score0.00237EPSS

Vulnrichment•added 2026/02/14 6:42 a.m.•2 views

CVE-2026-1901 QuestionPro Surveys <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

6.4CVSS5.7AI score0.00237EPSS

CVE•added 2026/02/14 6:42 a.m.•15 views

CVE-2026-1901

CVE-2026-1901 relates to the WordPress plugin QuestionPro Surveys (versions

6.4CVSS5.8AI score0.00237EPSS

NVD•added 2026/02/14 5:16 a.m.•9 views

CVE-2026-1904

The Simple Wp colorfull Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in the 'accordion' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00181EPSS

CVE•added 2026/02/14 4:35 a.m.•13 views

CVE-2026-1912

CVE-2026-1912 concerns the WordPress plugin Citations tools, affected in all versions up to 0.3.2. The vulnerability is a Stored Cross-Site Scripting (Stored XSS) via the shortcodes/ctdoi code attribute, caused by insufficient input sanitization and output escaping on user-supplied attributes. Ex...

6.4CVSS5.8AI score0.00152EPSS

Vulnrichment•added 2026/02/14 4:35 a.m.•4 views

CVE-2026-1912 Citations tools <= 0.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'code' Shortcode Attribute

The Citations tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code' parameter in the 'ctdoi' shortcode in all versions up to, and including, 0.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.7AI score0.00152EPSS

CVE•added 2026/02/14 4:35 a.m.•14 views

CVE-2026-1904

CVE-2026-1904 concerns the WordPress plugin Simple Wp colorfull Accordion (vulnerable through versions up to 1.0). The issue is a Stored Cross-Site Scripting (XSS) via the shortcodes’ title attribute in the accordion shortcode. Root cause: insufficient input sanitization and output escaping. Impa...

6.4CVSS5.7AI score0.00181EPSS

Cvelist•added 2026/02/14 4:35 a.m.•29 views

CVE-2026-1904 Simple Wp colorfull Accordion <= 1.0 - Authenticated (Contributor+) Cross-Site Scripting via 'title' Shortcode Attribute

6.4CVSS0.00181EPSS

Vulnrichment•added 2026/02/14 4:35 a.m.•3 views

CVE-2026-1904 Simple Wp colorfull Accordion <= 1.0 - Authenticated (Contributor+) Cross-Site Scripting via 'title' Shortcode Attribute

6.4CVSS5.7AI score0.00181EPSS

Positive Technologies•added 2026/02/14 12:0 a.m.•2 views

PT-2026-8071

The ZoomifyWP Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filename' parameter of the 'zoomify' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00245EPSS

Exploits0References5

6.4CVSS5.7AI score0.00219EPSS

WordPress plugin WP Data Access 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.6AI score0.00199EPSS

WordPress plugin MasterStudy LMS WordPress Plugin – for Online Courses and Education 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

6.4CVSS5.6AI score0.00245EPSS

WordPress plugin ZoomifyWP Free 跨站脚本漏洞

6.4CVSS5.7AI score0.00245EPSS

WordPress plugin Best-wp-google-map 跨站脚本漏洞