CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

8962 matches found

Vulnrichment•added 2026/02/06 6:46 a.m.•2 views

CVE-2026-1888 Docus <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Docus – YouTube Video Playlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'docusplaylist' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.6AI score0.00235EPSS

Exploits0References4

NVD•added 2026/02/06 3:15 a.m.•5 views

CVE-2026-1228

The Timeline Block – Beautiful Timeline Builder for WordPress Vertical & Horizontal Timelines plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.3 via the tlgbshortcode function due to missing validation on a user controlled key. This...

4.3CVSS0.00178EPSS

Exploits0References2

CVE•added 2026/02/06 2:23 a.m.•12 views

CVE-2026-1228

The CVE-2026-1228 entry concerns the Timeline Block – Beautiful Timeline Builder for WordPress plugin for WordPress, affected up to version 1.3.3. The vulnerability is an Insecure Direct Object Reference in the tlgb_shortcode() function caused by missing validation of a user-controlled key, allow...

4.3CVSS5.4AI score0.00178EPSS

Exploits0References2

Cvelist•added 2026/02/06 2:23 a.m.•31 views

CVE-2026-1228 Timeline Block <= 1.3.3 - Insecure Direct Object Reference to Authenticated (Author+) Private Timeline Exposure via Shortcode Attribute

The Timeline Block – Beautiful Timeline Builder for WordPress Vertical & Horizontal Timelines plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.3 via the tlgbshortcode function due to missing validation on a user controlled key. This...

4.3CVSS0.00178EPSS

Exploits0References2

Vulnrichment•added 2026/02/06 2:23 a.m.•5 views

CVE-2026-1228 Timeline Block <= 1.3.3 - Insecure Direct Object Reference to Authenticated (Author+) Private Timeline Exposure via Shortcode Attribute

The Timeline Block – Beautiful Timeline Builder for WordPress Vertical & Horizontal Timelines plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.3 via the tlgbshortcode function due to missing validation on a user controlled key. This...

4.3CVSS5.4AI score0.00178EPSS

Exploits0References2

EUVD•added 2026/02/06 2:23 a.m.•4 views

EUVD-2026-5609

The Timeline Block – Beautiful Timeline Builder for WordPress Vertical & Horizontal Timelines plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.3 via the tlgbshortcode function due to missing validation on a user controlled key. This...

4.3CVSS5.4AI score0.00178EPSS

Exploits0References2

Patchstack•added 2026/02/06 12:38 a.m.•5 views

WordPress Docus plugin <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin Docus versions = 1.0.6...

6.4CVSS5.3AI score0.00235EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/02/06 12:37 a.m.•6 views

WordPress WaveSurfer-WP plugin <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'src' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'src' Shortcode Attribute vulnerability discovered by Ivan Cese in WordPress Plugin WaveSurfer-WP versions = 2.8.3...

6.4CVSS5.3AI score0.00235EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/02/06 12:35 a.m.•9 views

WordPress Orange Confort+ accessibility toolbar for WordPress plugin <= 0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Orange Comfort+ accessibility toolbar for WordPress versions = 0.7...

6.4CVSS5.3AI score0.00235EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/02/06 12:23 a.m.•3 views

WordPress Timeline Block plugin <= 1.3.3 - Insecure Direct Object Reference to Authenticated (Author+) Private Timeline Exposure via Shortcode Attribute vulnerability

Insecure Direct Object Reference to Authenticated Author+ Private Timeline Exposure via Shortcode Attribute vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin Timeline Block versions = 1.3.3...

4.3CVSS5.4AI score0.00178EPSS

Exploits0References1Affected Software1

CNNVD•added 2026/02/06 12:0 a.m.•4 views

WordPress plugin Tune Library 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.8AI score0.00235EPSS

Exploits0References5

CNNVD•added 2026/02/06 12:0 a.m.•4 views

WordPress plugin Employee Directory 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.8AI score0.00235EPSS

Exploits0References5

Positive Technologies•added 2026/02/06 12:0 a.m.•6 views

PT-2026-6680

Name of the Vulnerable Software and Affected Versions Orange Confort+ accessibility toolbar for WordPress plugin versions prior to 0.7 Description The Orange Confort+ accessibility toolbar for WordPress plugin is susceptible to Stored Cross-Site Scripting. This is due to insufficient input...

6.4CVSS5.7AI score0.00235EPSS

Exploits0References8

Positive Technologies•added 2026/02/06 12:0 a.m.•4 views

PT-2026-6682

Name of the Vulnerable Software and Affected Versions WaveSurfer-WP plugin for WordPress versions up to and including 2.8.3 Description The WaveSurfer-WP plugin for WordPress is susceptible to Stored Cross-Site Scripting through the plugin’s audio shortcode. This is due to inadequate input...

6.4CVSS5.7AI score0.00235EPSS

Exploits0References8

Positive Technologies•added 2026/02/06 12:0 a.m.•6 views

PT-2026-6686

Name of the Vulnerable Software and Affected Versions Employee Directory plugin for WordPress versions up to and including 1.2.1 Description The Employee Directory plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and output escapin...

6.4CVSS5.7AI score0.00235EPSS

Exploits0References10

Patchstack•added 2026/02/05 9:20 p.m.•6 views

WordPress JSM file_get_contents() Shortcode plugin < 2.7.1 - Contributor+ SSRF vulnerability

Contributor+ SSRF vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin JSM filegetcontents Shortcode versions 2.7.1...

8.8CVSS5.3AI score0.00694EPSS

Exploits2References1Affected Software1

Vulnrichment•added 2026/02/05 6:47 a.m.•3 views

CVE-2026-0867 Essential Widgets <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes

The Essential Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ew-author, ew-archive, ew-category, ew-page, and ew-menu shortcodes in all versions up to, and including, 3.0 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS5.6AI score0.00279EPSS

Exploits0References3

Positive Technologies•added 2026/02/05 12:0 a.m.•6 views

PT-2026-6024

Name of the Vulnerable Software and Affected Versions Essential Widgets plugin for WordPress versions up to and including 3.0 Description The Essential Widgets plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and output escaping on...

6.4CVSS5.7AI score0.00279EPSS

Exploits0References7

RedhatCVE•added 2026/02/04 7:28 p.m.•2 views

CVE-2026-24995

Missing Authorization vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Latest Post Shortcode: from n/a through = 14.2.0...

4.3CVSS5.3AI score0.00195EPSS

Exploits0References1

RedhatCVE•added 2026/02/04 7:28 p.m.•3 views

CVE-2026-24988

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brian Hogg The Events Calendar Shortcode & Block the-events-calendar-shortcode allows Stored XSS.This issue affects The Events Calendar Shortcode & Block: from n/a through = 3.1.1...

6.5CVSS5.3AI score0.00127EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by