CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Patchstack•added 2026/02/06 11:29 p.m.•6 views

WordPress Wonka Slide plugin <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Wonka Slide versions = 1.3.3...

6.4CVSS5.3AI score0.0019EPSS

Patchstack•added 2026/02/06 11:27 p.m.•3 views

WordPress Bold Page Builder plugin <= 5.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Bold Page Builder versions = 5.4.8...

6.4CVSS5.3AI score0.00205EPSS

Patchstack•added 2026/02/06 11:24 p.m.•4 views

WordPress Bold Builder plugin <= 5.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_tabs Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via btbbtabs Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Bold Page Builder versions = 5.5.1...

6.4CVSS5.3AI score0.00245EPSS

CVE•added 2026/02/06 7:24 a.m.•14 views

CVE-2026-1279

The CVE-2026-1279 entry concerns the WordPress Employee Directory plugin (versions up to and including 1.2.1). It describes Stored Cross-Site Scripting via the form_title parameter in the search_employee_directory shortcode, caused by insufficient input sanitization and output escaping. Authentic...

Cvelist•added 2026/02/06 7:24 a.m.•27 views

CVE-2026-1279 Employee Directory <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'form_title' Shortcode Attribute

The Employee Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'formtitle' parameter in the searchemployeedirectory shortcode in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for...

EUVD•added 2026/02/06 7:24 a.m.•4 views

EUVD-2026-5610

NVD•added 2026/02/06 7:16 a.m.•6 views

CVE-2026-1808

The Orange Confort+ accessibility toolbar for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' parameter of the ocplusbutton shortcode in all versions up to, and including, 0.7 due to insufficient input sanitization and output escaping. This makes it...

CVE•added 2026/02/06 6:46 a.m.•11 views

CVE-2026-1909

The WaveSurfer-WP WordPress plugin is affected by a Stored Cross-Site Scripting (XSS) flaw in all versions up to and including 2.8.3, caused by insufficient input sanitization and output escaping on the 'src' attribute of the audio shortcode. Authenticated attackers with Contributor-level access ...

Cvelist•added 2026/02/06 6:46 a.m.•25 views

CVE-2026-1909 WaveSurfer-WP <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'src' Shortcode Attribute

The WaveSurfer-WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's audio shortcode in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping on the 'src' attribute. This makes it possible for authenticated attackers,...

EUVD•added 2026/02/06 6:46 a.m.•4 views

EUVD-2026-5612

ATTACKERKB•added 2026/02/06 6:46 a.m.•4 views

CVE-2026-1909

ATTACKERKB•added 2026/02/06 6:46 a.m.•3 views

CVE-2026-1808

Cvelist•added 2026/02/06 6:46 a.m.•25 views

CVE-2026-1808 Orange Confort+ accessibility toolbar for WordPress <= 0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

Vulnrichment•added 2026/02/06 6:46 a.m.•2 views

CVE-2026-1808 Orange Confort+ accessibility toolbar for WordPress <= 0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

EUVD•added 2026/02/06 6:46 a.m.•4 views

EUVD-2026-5613

CVE•added 2026/02/06 6:46 a.m.•14 views

CVE-2026-1888

The Docus – YouTube Video Playlist plugin for WordPress is affected by a Stored Cross-Site Scripting vulnerability in all versions up to 1.0.6 due to insufficient input sanitization and output escaping on attributes of the docusplaylist shortcode. Authentication at Contributor level or higher is ...

EUVD•added 2026/02/06 6:46 a.m.•4 views

EUVD-2026-5615

The Docus – YouTube Video Playlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'docusplaylist' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

Cvelist•added 2026/02/06 6:46 a.m.•26 views

CVE-2026-1888 Docus <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

ATTACKERKB•added 2026/02/06 6:46 a.m.•4 views

CVE-2026-1888