CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8961 matches found

EUVD•added 2026/04/16 3:31 a.m.•1 views

EUVD-2026-23159

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'subox' shortcode in all versions up to, and including, 7.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.9AI score0.0026EPSS

Exploits0References3

Patchstack•added 2026/04/16 3:21 a.m.•5 views

WordPress BetterDocs plugin <= 4.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin BetterDocs versions = 4.3.8...

6.4CVSS5.8AI score0.00218EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/04/16 3:20 a.m.•2 views

WordPress Email Encoder - Protect Email Addresses and Phone Numbers plugin <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via eeb_mailto Shortcode vulnerability

WordPress Email Encoder - Protect Email Addresses and Phone Numbers plugin = 2.4.4 - Authenticated Contributor+ Stored Cross-Site Scripting via eebmailto Shortcode vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Email Encoder Bundle versions = 2.4.4...

6.4CVSS5.8AI score0.00257EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/04/16 2:25 a.m.•32 views

CVE-2026-3885 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_box Shortcode

6.4CVSS0.0026EPSS

Exploits0References2

ATTACKERKB•added 2026/04/16 2:25 a.m.•2 views

CVE-2026-3885

6.4CVSS5.9AI score0.0026EPSS

Exploits0References3

Vulnrichment•added 2026/04/16 2:25 a.m.•0 views

CVE-2026-3885 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_box Shortcode

6.4CVSS5.9AI score0.0026EPSS

Exploits0References2

CVE•added 2026/04/16 2:25 a.m.•7 views

CVE-2026-3885

The CVE concerns the WordPress plugin WP Shortcodes Plugin – Shortcodes Ultimate . It reports a Stored Cross-Site Scripting (XSS) flaw via the 'su_box' shortcode in all versions up to and including 7.4.9 , caused by insufficient input sanitization and output escaping of user-supplied attributes. ...

6.4CVSS5.9AI score0.0026EPSS

Exploits0References2

NVD•added 2026/04/16 2:16 a.m.•3 views

CVE-2026-3299

The WP YouTube Lyte plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lyte' shortcode in all versions up to, and including, 1.7.29 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00214EPSS

Exploits0References2

Cvelist•added 2026/04/16 1:24 a.m.•23 views

CVE-2026-3299 WP YouTube Lyte <= 1.7.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via lyte Shortcode

6.4CVSS0.00214EPSS

Exploits0References2

EUVD•added 2026/04/16 1:24 a.m.•2 views

EUVD-2026-23139

6.4CVSS5.9AI score0.00214EPSS

Exploits0References2

ATTACKERKB•added 2026/04/16 1:24 a.m.•2 views

CVE-2026-3299

6.4CVSS5.9AI score0.00214EPSS

Exploits0References3

CVE•added 2026/04/16 1:24 a.m.•9 views

CVE-2026-3299

The WP YouTube Lyte WordPress plugin (versions

6.4CVSS5.9AI score0.00214EPSS

Exploits0References2

Patchstack•added 2026/04/16 12:47 a.m.•3 views

WordPress WP Maps - Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin <= 4.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'put_wpgm' Shortcode vulnerability

WordPress WP Maps - Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin = 4.8.7 - Authenticated Contributor+ Stored Cross-Site Scripting via 'putwpgm' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Maps versions = 4.8.7...

6.4CVSS5.8AI score0.00267EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/04/16 12:0 a.m.•0 views

PT-2026-33246

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su box' shortcode in all versions up to, and including, 7.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.9AI score0.0026EPSS

Exploits0References2

Positive Technologies•added 2026/04/16 12:0 a.m.•0 views

PT-2026-33253

The CodeColorer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter in 'cc' comment shortcode in versions up to, and including, 0.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS5.9AI score0.00232EPSS

Exploits0References3

Positive Technologies•added 2026/04/16 12:0 a.m.•7 views

PT-2026-33278

Name of the Vulnerable Software and Affected Versions Prismatic versions prior to 3.7.4 Description The Prismatic plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs due to insufficient input sanitization and output escaping on user-supplied attributes within the...

7.2CVSS5.3AI score0.00274EPSS

Exploits0References6

Positive Technologies•added 2026/04/16 12:0 a.m.•4 views

PT-2026-33277

The BetterDocs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'betterdocs feedback form' shortcode in all versions up to, and including, 4.3.8. This is due to insufficient input sanitization and output escaping on user supplied shortcode attributes. This makes it possib...

6.4CVSS5.9AI score0.00218EPSS

Exploits0References3

Positive Technologies•added 2026/04/16 12:0 a.m.•2 views

PT-2026-33199

Name of the Vulnerable Software and Affected Versions WP YouTube Lyte versions prior to 1.7.30 Description The WP YouTube Lyte plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs due to insufficient input sanitization and output escaping on user supplied attributes with...

6.4CVSS6AI score0.00214EPSS

Exploits0References6

Positive Technologies•added 2026/04/16 12:0 a.m.•2 views

PT-2026-33322

The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eeb mailto' shortcode in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.9AI score0.00257EPSS

Exploits0References6

Patchstack•added 2026/04/15 11:8 p.m.•2 views

WordPress WP Shortcodes Plugin - Shortcodes Ultimate plugin <= 7.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_box Shortcode vulnerability

WordPress WP Shortcodes Plugin - Shortcodes Ultimate plugin = 7.4.9 - Authenticated Contributor+ Stored Cross-Site Scripting via subox Shortcode vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Shortcodes Ultimate versions = 7.4.9...

6.4CVSS5.8AI score0.0026EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by