8961 matches found
CVE-2026-1853
The BuddyHolis ListSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'listsearch' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2026-1885
The Slideshow Wp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sswpid' attribute of the 'sswp-slide' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2026-1893
The Orbisius Random Name Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btnlabel' parameter in the 'orbisiusrandomnamegenerator' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it...
CVE-2026-1922
The The Events Calendar Shortcode & Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ecs-list-events shortcode message attribute in all versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping on user supplied...
CVE-2026-1885
The Slideshow Wp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sswpid' attribute of the 'sswp-slide' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2026-1826
The OpenPOS Lite – Point of Sale for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter of the orderqrcode shortcode in all versions up to, and including, 3.0 due to insufficient input sanitization and output escaping. This makes it possible fo...
CVE-2026-1827
The Flask Micro code-editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's codeflask shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2026-1853
The BuddyHolis ListSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'listsearch' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2026-1804
The WDES Responsive Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wdes-popup-title' shortcode in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2026-1827
CVE-2026-1827 — The IDE Micro code-editor WordPress plugin (flask-micro) versions ≤ 1.0.0 is vulnerable to Stored Cross-Site Scripting via the codeflask shortcode, due to insufficient input sanitization and output escaping on the shortcode attributes (notably the title attribute). Impact: authent...
CVE-2026-1827 IDE Micro code-editor <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute
The Flask Micro code-editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's codeflask shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2026-1827
The Flask Micro code-editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's codeflask shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2026-1826 OpenPOS Lite <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The OpenPOS Lite – Point of Sale for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter of the orderqrcode shortcode in all versions up to, and including, 3.0 due to insufficient input sanitization and output escaping. This makes it possible fo...
CVE-2026-1826
CVE-2026-1826 affects the WordPress plugin OpenPOS Lite – Point of Sale for WooCommerce (versions up to 3.0). The issue is a Stored Cross-Site Scripting via the short code attribute width on the order_qrcode shortcode, caused by insufficient input sanitization and output escaping. Exploitation re...
CVE-2026-1809 HTML Shortcodes <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The HTML Tag Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...
CVE-2026-1809
The CVE-2026-1809 entry concerns the WordPress HTML Shortcodes plugin (versions
CVE-2026-1853 BuddyHolis ListSearch <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'placeholder' Shortcode Attribute
The BuddyHolis ListSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'listsearch' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2026-1853
The BuddyHolis ListSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'listsearch' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2026-1853 BuddyHolis ListSearch <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'placeholder' Shortcode Attribute
The BuddyHolis ListSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'listsearch' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2026-1853
CVE-2026-1853 : The BuddyHolis ListSearch plugin for WordPress is vulnerable to a Stored Cross-Site Scripting (SXSS) via the plugin’s shortcodes. In versions up to and including 1.1, insufficient input sanitization and output escaping on user-supplied attributes enables an attacker with at least ...