CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/04/22 9:27 a.m.•2 views

CVE-2026-1913 Gallagher Website Design <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'prefix' Shortcode Attribute

6.4CVSS5.9AI score0.00254EPSS

NVD•added 2026/04/22 9:16 a.m.•8 views

CVE-2026-6246

The Simple Random Posts Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'containerrightwidth' attribute of the 'simplerandomposts' shortcode in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS0.00232EPSS

NVD•added 2026/04/22 9:16 a.m.•6 views

CVE-2026-5748

The Text Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ts shortcode in all versions up to, and including, 0.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

6.4CVSS0.00227EPSS

NVD•added 2026/04/22 9:16 a.m.•1 views

CVE-2026-5767

The SlideShowPro SC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's slideShowProSC shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00227EPSS

NVD•added 2026/04/22 9:16 a.m.•2 views

CVE-2026-4125

The WPMK Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to and including 1.0.1. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Specifically, in the...

NVD•added 2026/04/22 9:16 a.m.•1 views

CVE-2026-4126

The Table Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.0 via the 'tablemanager' shortcode. The shortcode handler tablemanagerrendertableshortcode takes a user-controlled table attribute, applies only sanitizekey for...

4.3CVSS0.00312EPSS

Exploits0References7

NVD•added 2026/04/22 9:16 a.m.•2 views

CVE-2026-4085

The Easy Social Photos Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wrapperclass' shortcode attribute of the 'my-instagram-feed' shortcode in all versions up to, and including, 3.1.2. This is due to insufficient input sanitization and output escaping on user...

NVD•added 2026/04/22 9:16 a.m.•1 views

CVE-2026-4082

NVD•added 2026/04/22 9:16 a.m.•3 views

CVE-2026-4089

The Twittee Text Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute in all versions up to and including 1.0.8. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The ttttwitteetweeter...

NVD•added 2026/04/22 9:16 a.m.•2 views

CVE-2026-4076

The Slider Bootstrap Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'category' and 'template' shortcode attributes in all versions up to and including 1.0.7. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attribute...

6.4CVSS0.00378EPSS

Exploits0References13

NVD•added 2026/04/22 9:16 a.m.•0 views

CVE-2026-4088

6.4CVSS0.00354EPSS

Exploits0References9

NVD•added 2026/04/22 9:16 a.m.•3 views

CVE-2026-4074

The Quran Live Multilanguage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cheikh' and 'lang' shortcode attributes in all versions up to, and including, 1.0.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Th...

6.4CVSS0.00378EPSS

Exploits0References13

Cvelist•added 2026/04/22 7:45 a.m.•28 views

CVE-2026-4353 CI HUB Connector <= 1.2.106 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute

The CI HUB Connector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute of the cihubmetadata shortcode in all versions up to, and including, 1.2.106 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

6.4CVSS0.00245EPSS

Vulnrichment•added 2026/04/22 7:45 a.m.•2 views

CVE-2026-4353 CI HUB Connector <= 1.2.106 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute

6.4CVSS5.9AI score0.00245EPSS

CVE•added 2026/04/22 7:45 a.m.•4 views

CVE-2026-4353

CVE-2026-4353 impacts the CI HUB Connector plugin for WordPress (versions

6.4CVSS5.9AI score0.00245EPSS

Vulnrichment•added 2026/04/22 7:45 a.m.•0 views

CVE-2026-6236 Posts map <= 0.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'name' Shortcode Attribute

The Posts map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' shortcode attribute in all versions up to, and including, 0.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

6.4CVSS5.9AI score0.00235EPSS

CVE•added 2026/04/22 7:45 a.m.•6 views

CVE-2026-6236

CVE-2026-6236 affects the WordPress plugin Posts map (versions up to and including 0.1.3). The root cause is insufficient input sanitization and output escaping for the 'name' shortcode attribute , leading to Stored Cross-Site Scripting. The vulnerability requires authenticated access at contribu...

6.4CVSS5.9AI score0.00235EPSS