CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE-2026-7662 ePaperFlip Publisher <= 1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'publicationid' Shortcode Attribute

The ePaperFlip Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'publicationid' attribute of the epaperflipembed shortcode in all versions up to, and including, 1. This is due to insufficient input sanitization and output escaping on the shortcode attribute whic...

CVE•added 2026/06/09 3:41 a.m.•13 views

CVE-2026-7662

CVE-2026-7662 describes a Stored Cross-Site Scripting vulnerability in the WordPress plugin ePaperFlip Publisher (versions

CVE-2026-8880 RomanCart Ecommerce <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The RomanCart Ecommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blclass' attribute and other attributes of the romancartbutton shortcode in versions up to, and including, 2.0.8. This is due to insufficient input sanitization and output escaping on user supplied...

Cvelist•added 2026/06/09 3:41 a.m.•29 views

CVE-2026-8880 RomanCart Ecommerce <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

6.4CVSS0.00198EPSS

EUVD•added 2026/06/09 3:41 a.m.•8 views

EUVD-2026-35305

CVE•added 2026/06/09 3:41 a.m.•11 views

CVE-2026-8880

The RomanCart Ecommerce WordPress plugin (

6.4CVSS5.7AI score0.00235EPSS

CVE-2026-10024 TinyMCE shortcode Addon <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'btnrel' Shortcode Attribute

The TinyMCE shortcode Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'btnrel' Shortcode Attribute in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

Cvelist•added 2026/06/09 3:41 a.m.•30 views

CVE-2026-10024 TinyMCE shortcode Addon <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'btnrel' Shortcode Attribute

6.4CVSS0.00235EPSS

CVE•added 2026/06/09 3:41 a.m.•12 views

CVE-2026-10024

CVE-2026-10024 affects the TinyMCE shortcode Addon for WordPress (versions

6.4CVSS5.7AI score0.00235EPSS

EUVD•added 2026/06/09 3:41 a.m.•6 views

EUVD-2026-35303

6.4CVSS5.7AI score0.00235EPSS

6.4CVSS5.7AI score0.00193EPSS

CVE-2026-8883 Global Body Mass Index Calculator <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Global Body Mass Index Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gbmicalc' shortcode in versions up to, and including, 1.2. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes in the...

Cvelist•added 2026/06/09 3:41 a.m.•27 views

CVE-2026-8883 Global Body Mass Index Calculator <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

6.4CVSS0.00193EPSS

EUVD•added 2026/06/09 3:41 a.m.•7 views

EUVD-2026-35299

6.4CVSS5.7AI score0.00193EPSS

CVE•added 2026/06/09 3:41 a.m.•11 views

CVE-2026-8883

The CVE-2026-8883 entry concerns the WordPress plugin Global Body Mass Index Calculator, affected in versions up to 1.2. The vulnerability is a Stored Cross-Site Scripting issue via the gbmicalc shortcode attributes, caused by insufficient input sanitization and output escaping in GBMI_Calc_Widge...

6.4CVSS5.7AI score0.00193EPSS

Cvelist•added 2026/06/09 3:41 a.m.•29 views

CVE-2026-8841 Extra Settings for RocketChat <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Extra Settings for RocketChat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rocketchat' shortcode's 'title' attribute in versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping in the rxstgshortcode function, which...

6.4CVSS0.00187EPSS

6.4CVSS5.7AI score0.00187EPSS

CVE-2026-8841 Extra Settings for RocketChat <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

CVE•added 2026/06/09 3:41 a.m.•11 views

CVE-2026-8841

CVE-2026-8841 affects the WordPress plugin Extra Settings for RocketChat (versions ≤ 0.1). The vulnerability is a Stored Cross-Site Scripting via the rocketchat shortcode’s title attribute caused by insufficient input sanitization/output escaping in the rxstg_shortcode() function, which directly ...

6.4CVSS5.7AI score0.00187EPSS

CNNVD•added 2026/06/09 12:0 a.m.•6 views

WordPress plugin TinyMCE shortcode Addon 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.2AI score0.00235EPSS

Exploits0References1

Positive Technologies•added 2026/06/09 12:0 a.m.•9 views

PT-2026-47673

Name of the Vulnerable Software and Affected Versions Extra Settings for RocketChat versions prior to 0.2 Description The Extra Settings for RocketChat plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs because the rxstg shortcode function fails to properly sanitize...

6.4CVSS5.5AI score0.00187EPSS

Exploits0References6

Positive Technologies•added 2026/06/09 12:0 a.m.•7 views

PT-2026-47674

The RomanCart Ecommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blclass' attribute and other attributes of the romancart button shortcode in versions up to, and including, 2.0.8. This is due to insufficient input sanitization and output escaping on user supplied...