Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8955 matches found

Positive Technologies
Positive Technologiesadded 2026/06/05 12:0 a.m.10 views

PT-2026-47064

Name of the Vulnerable Software and Affected Versions Alba Board versions prior to 2.1.4 Description The plugin fails to properly verify if a user is authorized to perform specific actions, leading to an authorization bypass. This allows authenticated attackers with subscriber-level access or...

4.3CVSS5.5AI score0.00248EPSS
Exploits0References11
Positive Technologies
Positive Technologiesadded 2026/06/05 12:0 a.m.12 views

PT-2026-47072

Name of the Vulnerable Software and Affected Versions Simple SEO Slideshow versions prior to 1.2.9 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping within shortcode attributes. Authenticated attackers with contributor-level access or higher...

6.4CVSS5.7AI score0.00197EPSS
Exploits0References8
Vulnrichment
Vulnrichmentadded 2026/06/02 5:28 p.m.6 views

CVE-2026-1829 Content Visibility for Divi Builder <= 4.02 - Authenticated (Contributor+) Remote Code Execution

The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.02 via the 'etpbtext' shortcode 'cvdbcontentvisibilitycheck' parameter. This makes it possible for authenticated attackers, with Contributor-level access and...

8.8CVSS6.1AI score0.00702EPSS
Exploits0References3
NVD
NVDadded 2026/06/02 9:16 a.m.11 views

CVE-2026-4081

The ZeM STL plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the zemstl shortcode in all versions up to and including 1.0. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes, specifically the 'url', 'color', and 'bgcolor'...

6.4CVSS0.00248EPSS
Exploits0References9
NVD
NVDadded 2026/06/02 9:16 a.m.12 views

CVE-2026-8885

The DeMomentSomTres Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'callout' shortcode in all versions up to, and including, 1.1.1. This is due to insufficient input sanitization and output escaping on the 'width' and 'align' shortcode attributes...

6.4CVSS0.00187EPSS
Exploits0References3
CVE
CVEadded 2026/06/02 7:48 a.m.12 views

CVE-2026-8885

The CVE-2026-8885 entry concerns the WordPress plugin DeMomentSomTres Shortcodes (versions

6.4CVSS6AI score0.00187EPSS
Exploits0References3
CVE
CVEadded 2026/06/02 7:48 a.m.11 views

CVE-2026-4080

The CVE concerns the WordPress Easy Cart plugin (versions ≤ 1.8). The vulnerability is Stored Cross-Site Scripting via the add_to_cart shortcode attributes, due to insufficient input sanitization and output escaping in ectp_add_to_cart(). Specifically, sanitize_text_field() is applied to shortcod...

6.4CVSS6AI score0.0025EPSS
Exploits0References15
Cvelist
Cvelistadded 2026/06/02 7:48 a.m.35 views

CVE-2026-4080 Easy Cart <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Easy Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'addtocart' shortcode in all versions up to and including 1.8. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Specifically, the ectpaddtocart function...

6.4CVSS0.0025EPSS
Exploits0References15
ATTACKERKB
ATTACKERKBadded 2026/06/02 7:48 a.m.6 views

CVE-2026-8885

The DeMomentSomTres Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'callout' shortcode in all versions up to, and including, 1.1.1. This is due to insufficient input sanitization and output escaping on the 'width' and 'align' shortcode attributes...

6.4CVSS6AI score0.00187EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/06/02 7:48 a.m.8 views

CVE-2026-4080

The Easy Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'addtocart' shortcode in all versions up to and including 1.8. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Specifically, the ectpaddtocart function...

6.4CVSS6AI score0.0025EPSS
Exploits0References16
EUVD
EUVDadded 2026/06/02 7:48 a.m.12 views

EUVD-2026-33893

The DeMomentSomTres Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'callout' shortcode in all versions up to, and including, 1.1.1. This is due to insufficient input sanitization and output escaping on the 'width' and 'align' shortcode attributes...

6.4CVSS6AI score0.00187EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/06/02 7:48 a.m.8 views

CVE-2026-4080 Easy Cart <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Easy Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'addtocart' shortcode in all versions up to and including 1.8. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Specifically, the ectpaddtocart function...

6.4CVSS6AI score0.0025EPSS
Exploits0References15
CVE
CVEadded 2026/06/02 7:48 a.m.13 views

CVE-2026-4081

The CVE concerns the ZeM STL plugin for WordPress, affected in all versions up to 1.0. The vulnerability is a Stored Cross-Site Scripting (XSS) via the [zemstl] shortcode caused by insufficient input sanitization and output escaping of user-supplied shortcode attributes, specifically 'url' , 'col...

6.4CVSS6AI score0.00248EPSS
Exploits0References9
Cvelist
Cvelistadded 2026/06/02 7:48 a.m.35 views

CVE-2026-4081 ZeM STL <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The ZeM STL plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the zemstl shortcode in all versions up to and including 1.0. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes, specifically the 'url', 'color', and 'bgcolor'...

6.4CVSS0.00248EPSS
Exploits0References9
ATTACKERKB
ATTACKERKBadded 2026/06/02 7:48 a.m.6 views

CVE-2026-4081

The ZeM STL plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the zemstl shortcode in all versions up to and including 1.0. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes, specifically the 'url', 'color', and 'bgcolor'...

6.4CVSS6AI score0.00248EPSS
Exploits0References10
EUVD
EUVDadded 2026/06/02 7:48 a.m.9 views

EUVD-2026-33885

The ZeM STL plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the zemstl shortcode in all versions up to and including 1.0. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes, specifically the 'url', 'color', and 'bgcolor'...

6.4CVSS6AI score0.00248EPSS
Exploits0References9
Vulnrichment
Vulnrichmentadded 2026/06/02 7:48 a.m.8 views

CVE-2026-4081 ZeM STL <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The ZeM STL plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the zemstl shortcode in all versions up to and including 1.0. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes, specifically the 'url', 'color', and 'bgcolor'...

6.4CVSS6AI score0.00248EPSS
Exploits0References9
Positive Technologies
Positive Technologiesadded 2026/06/02 12:0 a.m.8 views

PT-2026-45708

Name of the Vulnerable Software and Affected Versions ZeM STL plugin for WordPress versions prior to 1.1 Description Stored Cross-Site Scripting is possible via the zemstl shortcode due to insufficient input sanitization and output escaping of user-supplied attributes. Specifically, the url, colo...

6.4CVSS6AI score0.00248EPSS
Exploits0References13
Positive Technologies
Positive Technologiesadded 2026/06/02 12:0 a.m.9 views

PT-2026-45707

Name of the Vulnerable Software and Affected Versions Easy Cart versions prior to 1.9 Description The Easy Cart plugin for WordPress contains a Stored Cross-Site Scripting issue. Authenticated attackers with Contributor-level access or higher can inject arbitrary web scripts into pages. This occu...

6.4CVSS5.5AI score0.0025EPSS
Exploits0References19
Positive Technologies
Positive Technologiesadded 2026/06/02 12:0 a.m.9 views

PT-2026-45710

Name of the Vulnerable Software and Affected Versions DeMomentSomTres Shortcodes versions prior to 1.1.2 Description The DeMomentSomTres Shortcodes plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs because the st callout function fails to properly sanitize input and...

6.4CVSS6AI score0.00187EPSS
Exploits0References8
Rows per page
Query Builder