CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8957 matches found

Cvelist•added 2026/05/08 9:26 a.m.•28 views

CVE-2026-5341 NMR Strava activities <= 1.0.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The NMR Strava activities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stravanmrconnect shortcode in all versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00269EPSS

Exploits0References6

Vulnrichment•added 2026/05/08 9:26 a.m.•9 views

CVE-2026-5341 NMR Strava activities <= 1.0.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

6.4CVSS6AI score0.00269EPSS

Exploits0References6

ATTACKERKB•added 2026/05/08 9:26 a.m.•2 views

CVE-2026-7650

The E2Pdf – Export Pdf Tool for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute of the e2pdf-download shortcode in all versions up to, and including, 1.32.17. This is due to insufficient input sanitization and output escaping on the shortcode...

6.4CVSS6AI score0.00244EPSS

Exploits0References7

CVE•added 2026/05/08 9:26 a.m.•14 views

CVE-2026-7650

The E2Pdf – Export Pdf Tool for WordPress plugin for WordPress is affected by a Stored Cross-Site Scripting (XSS) flaw in the e2pdf-download shortcode’s id attribute. Versions up to and including 1.32.17 are vulnerable due to insufficient input sanitization and output escaping of the shortcode at...

6.4CVSS6AI score0.00244EPSS

Exploits0References6

Cvelist•added 2026/05/08 9:26 a.m.•52 views

CVE-2026-7650 E2Pdf – Export Pdf Tool for WordPress <= 1.32.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute

6.4CVSS0.00244EPSS

Exploits0References6

Positive Technologies•added 2026/05/08 12:0 a.m.•7 views

PT-2026-38903

Name of the Vulnerable Software and Affected Versions NMR Strava activities plugin for WordPress versions prior to 1.0.15 Description Insufficient input sanitization and output escaping on user supplied attributes in the strava nmr connect shortcode allow authenticated attackers with...

6.4CVSS6AI score0.00269EPSS

Exploits0References9

RedhatCVE•added 2026/05/06 2:21 p.m.•6 views

CVE-2026-5505

The WP-Clippy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's clippy shortcode in all versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS6AI score0.00188EPSS

Exploits0References1

NVD•added 2026/05/06 8:16 a.m.•6 views

CVE-2026-6672

The Affiliate Program Suite — SliceWP Affiliates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 1.2.7. This is due to insufficient input sanitization and output escaping on user-supplied attributes in the...

6.4CVSS0.00152EPSS

Exploits0References2

EUVD•added 2026/05/06 6:47 a.m.•1 views

EUVD-2026-27538

6.4CVSS6AI score0.00152EPSS

Exploits0References2

ATTACKERKB•added 2026/05/06 6:47 a.m.•4 views

CVE-2026-6672

6.4CVSS6AI score0.00152EPSS

Exploits0References3

CVE•added 2026/05/06 6:47 a.m.•7 views

CVE-2026-6672

The CVE concerns the WordPress plugin SliceWP Affiliates (Affiliate Program Suite). A Stored Cross‑Site Scripting (Stored XSS) vulnerability exists in all versions up to 1.2.7 due to insufficient input sanitization and output escaping in the slicewp_affiliate_url shortcode attributes. Exploitatio...

6.4CVSS6AI score0.00152EPSS

Exploits0References2

Positive Technologies•added 2026/05/06 12:0 a.m.•5 views

PT-2026-37350

6.4CVSS6AI score0.00152EPSS

Exploits0References3

EUVD•added 2026/05/05 9:31 a.m.•5 views

EUVD-2026-27241

The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the embedformaction function in all versions up to, and including, 5.1.4. This makes it possible for authenticated attackers, with Contributor-level acce...

4.3CVSS5.9AI score0.00202EPSS

Exploits0References7

EUVD•added 2026/05/05 3:31 a.m.•4 views

EUVD-2026-27195

6.4CVSS6AI score0.00188EPSS

Exploits0References6

NVD•added 2026/05/05 3:16 a.m.•6 views

CVE-2026-5505

6.4CVSS0.00188EPSS

Exploits0References5

NVD•added 2026/05/05 3:15 a.m.•16 views

CVE-2026-4730

The Charts Ninja: Create Beautiful Graphs & Charts and Easily Add Them to Your Website plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'chartid' shortcode attribute in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. Th...

6.4CVSS0.00188EPSS

Exploits0References4

NVD•added 2026/05/05 3:15 a.m.•5 views

CVE-2026-5247

The Schedule Post Changes With PublishPress Future plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wrapper' attribute of the futureaction shortcode in all versions up to, and including, 4.10.0. This is due to insufficient input sanitization on the wrapper attribute. The...

5.5CVSS0.00201EPSS

Exploits0References4

Cvelist•added 2026/05/05 2:26 a.m.•33 views

CVE-2026-5505 WP-Clippy <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

6.4CVSS0.00188EPSS

Exploits0References5

ATTACKERKB•added 2026/05/05 2:26 a.m.•1 views

CVE-2026-5505

6.4CVSS6AI score0.00188EPSS

Exploits0References6

Vulnrichment•added 2026/05/05 2:26 a.m.•6 views

CVE-2026-5505 WP-Clippy <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes