CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

8961 matches found

EUVD•added 2026/04/16 9:31 a.m.•2 views

EUVD-2026-23209

The BetterDocs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'betterdocsfeedbackform' shortcode in all versions up to, and including, 4.3.8. This is due to insufficient input sanitization and output escaping on user supplied shortcode attributes. This makes it possible...

6.4CVSS5.9AI score0.00218EPSS

Exploits0References3

EUVD•added 2026/04/16 9:31 a.m.•3 views

EUVD-2025-209491

The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'putwpgm' shortcode in all versions up to, and including, 4.8.7. This is due to insufficient input sanitization and output escaping on...

6.4CVSS5.9AI score0.00267EPSS

Exploits0References3

NVD•added 2026/04/16 7:16 a.m.•2 views

CVE-2026-3876

The Prismatic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'prismaticencoded' pseudo-shortcode in all versions up to, and including, 3.7.3. This is due to insufficient input sanitization and output escaping on user-supplied attributes within the 'prismaticdecode'...

7.2CVSS0.00274EPSS

Exploits0References2

NVD•added 2026/04/16 7:16 a.m.•2 views

CVE-2025-13364

The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'putwpgm' shortcode in all versions up to, and including, 4.8.7. This is due to insufficient input sanitization and output escaping on...

6.4CVSS0.00267EPSS

Exploits0References2

Cvelist•added 2026/04/16 6:44 a.m.•25 views

CVE-2026-3876 Prismatic <= 3.7.3 - Unauthenticated Stored Cross-Site Scripting via 'prismatic_encoded' Pseudo-Shortcode

The Prismatic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'prismaticencoded' pseudo-shortcode in all versions up to, and including, 3.7.3. This is due to insufficient input sanitization and output escaping on user-supplied attributes within the 'prismaticdecode'...

7.2CVSS0.00274EPSS

Exploits0References2

CVE•added 2026/04/16 6:44 a.m.•8 views

CVE-2026-3876

The CVE-2026-3876 entry describes a Stored XSS in the Prismatic plugin for WordPress, affecting all versions up to 3.7.3. Root cause: insufficient input sanitization and output escaping in the prismatic_decode function for the prismatic_encoded pseudo-shortcode, enabling unauthenticated attackers...

7.2CVSS5.9AI score0.00274EPSS

Exploits0References2

Vulnrichment•added 2026/04/16 6:44 a.m.•1 views

CVE-2026-3876 Prismatic <= 3.7.3 - Unauthenticated Stored Cross-Site Scripting via 'prismatic_encoded' Pseudo-Shortcode

The Prismatic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'prismaticencoded' pseudo-shortcode in all versions up to, and including, 3.7.3. This is due to insufficient input sanitization and output escaping on user-supplied attributes within the 'prismaticdecode'...

7.2CVSS5.9AI score0.00274EPSS

Exploits0References2

ATTACKERKB•added 2026/04/16 6:44 a.m.•2 views

CVE-2025-13364

The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'putwpgm' shortcode in all versions up to, and including, 4.8.7. This is due to insufficient input sanitization and output escaping on...

6.4CVSS5.9AI score0.00267EPSS

Exploits0References3

CVE•added 2026/04/16 6:44 a.m.•13 views

CVE-2025-13364

CVE-2025-13364 affects the WordPress plugin “WP Maps – Store Locator, Google Maps, OpenStreetMap, Mapbox, Listing, Directory & Filters” up to version 4.8.7. The issue is a Stored Cross-Site Scripting (stored‑XSS) flaw caused by insufficient input sanitization and output escaping on user‑supplied ...

6.4CVSS5.9AI score0.00267EPSS

Exploits0References2

Vulnrichment•added 2026/04/16 6:44 a.m.•3 views

CVE-2025-13364 WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters <= 4.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'put_wpgm' Shortcode

The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'putwpgm' shortcode in all versions up to, and including, 4.8.7. This is due to insufficient input sanitization and output escaping on...

6.4CVSS5.9AI score0.00267EPSS

Exploits0References2

Cvelist•added 2026/04/16 6:44 a.m.•33 views

CVE-2025-13364 WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters <= 4.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'put_wpgm' Shortcode

The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'putwpgm' shortcode in all versions up to, and including, 4.8.7. This is due to insufficient input sanitization and output escaping on...

6.4CVSS0.00267EPSS

Exploits0References2

Cvelist•added 2026/04/16 6:44 a.m.•31 views

CVE-2026-3875 BetterDocs <= 4.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The BetterDocs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'betterdocsfeedbackform' shortcode in all versions up to, and including, 4.3.8. This is due to insufficient input sanitization and output escaping on user supplied shortcode attributes. This makes it possible...

6.4CVSS0.00218EPSS

Exploits0References2

ATTACKERKB•added 2026/04/16 6:44 a.m.•4 views

CVE-2026-3875

The BetterDocs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'betterdocsfeedbackform' shortcode in all versions up to, and including, 4.3.8. This is due to insufficient input sanitization and output escaping on user supplied shortcode attributes. This makes it possible...

6.4CVSS5.9AI score0.00218EPSS

Exploits0References3

CVE•added 2026/04/16 6:44 a.m.•8 views

CVE-2026-3875

The BetterDocs WordPress plugin is vulnerable to Stored Cross-Site Scripting via the betterdocs_feedback_form shortcode attributes in all versions up to 4.3.8. The root cause is insufficient input sanitization and output escaping on user-supplied shortcode attributes, allowing authenticated attac...

6.4CVSS5.9AI score0.00218EPSS

Exploits0References2

Vulnrichment•added 2026/04/16 6:44 a.m.•1 views

CVE-2026-3875 BetterDocs <= 4.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The BetterDocs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'betterdocsfeedbackform' shortcode in all versions up to, and including, 4.3.8. This is due to insufficient input sanitization and output escaping on user supplied shortcode attributes. This makes it possible...

6.4CVSS5.9AI score0.00218EPSS

Exploits0References2

NVD•added 2026/04/16 4:17 a.m.•0 views

CVE-2026-4032

The CodeColorer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter in 'cc' comment shortcode in versions up to, and including, 0.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.00232EPSS

Exploits0References2

Cvelist•added 2026/04/16 3:36 a.m.•27 views

CVE-2026-4032 CodeColorer <= 0.10.1 - Unauthenticated Stored Cross-Site Scripting via 'class' attribute in 'cc' Comment Shortcode

The CodeColorer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter in 'cc' comment shortcode in versions up to, and including, 0.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.00232EPSS

Exploits0References2

ATTACKERKB•added 2026/04/16 3:36 a.m.•3 views

CVE-2026-4032

The CodeColorer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter in 'cc' comment shortcode in versions up to, and including, 0.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS5.9AI score0.00232EPSS

Exploits0References3

CVE•added 2026/04/16 3:36 a.m.•7 views

CVE-2026-4032

CodeColorer for WordPress is affected by a stored cross-site scripting vulnerability in the cc shortcode’s class attribute, affecting versions up to and including 0.10.1 due to insufficient input sanitization and output escaping. Exploitation requires comments to be enabled on the target post and...

6.1CVSS5.9AI score0.00232EPSS

Exploits0References2

Vulnrichment•added 2026/04/16 3:36 a.m.•1 views

CVE-2026-4032 CodeColorer <= 0.10.1 - Unauthenticated Stored Cross-Site Scripting via 'class' attribute in 'cc' Comment Shortcode

The CodeColorer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter in 'cc' comment shortcode in versions up to, and including, 0.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS5.9AI score0.00232EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by