Lucene search
K

2100 matches found

Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.7 views

PT-2026-31072

The Blubrry PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'powerpress' and 'podcast' shortcodes in versions up to, and including, 11.15.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS6.1AI score0.00205EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.6 views

WordPress plugin WP Blockade 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.5CVSS6.1AI score0.00342EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/04/05 10:55 a.m.7 views

CVE-2026-0738

The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sucarousel shortcode in all versions up to, and including, 7.4.8. This is due to insufficient input sanitization and output escaping in the 'suslidelink' attachment meta field...

6.4CVSS6.1AI score0.00346EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/05 10:55 a.m.9 views

CVE-2026-0737

The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.4.7. This is due to insufficient input sanitization and output escaping in the 'src' attribute of the sulightbox shortcode. This makes it possib...

6.4CVSS6.1AI score0.0034EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/04 9:30 a.m.5 views

EUVD-2026-18977

The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sucarousel shortcode in all versions up to, and including, 7.4.8. This is due to insufficient input sanitization and output escaping in the 'suslidelink' attachment meta field...

6.4CVSS6.1AI score0.00346EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/04 9:30 a.m.4 views

EUVD-2026-18975

The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.4.7. This is due to insufficient input sanitization and output escaping in the 'src' attribute of the sulightbox shortcode. This makes it possib...

6.4CVSS6.1AI score0.0034EPSS
Exploits0References4
NVD
NVD
added 2026/04/04 8:16 a.m.8 views

CVE-2026-0738

The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sucarousel shortcode in all versions up to, and including, 7.4.8. This is due to insufficient input sanitization and output escaping in the 'suslidelink' attachment meta field...

6.4CVSS0.00346EPSS
Exploits0References3
NVD
NVD
added 2026/04/04 8:16 a.m.4 views

CVE-2026-0737

The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.4.7. This is due to insufficient input sanitization and output escaping in the 'src' attribute of the sulightbox shortcode. This makes it possib...

6.4CVSS0.0034EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/04 7:41 a.m.23 views

CVE-2026-0737 Shortcodes Ultimate <= 7.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'su_lightbox' Shortcode

The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.4.7. This is due to insufficient input sanitization and output escaping in the 'src' attribute of the sulightbox shortcode. This makes it possib...

6.4CVSS0.0034EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/04 7:41 a.m.2 views

CVE-2026-0737 Shortcodes Ultimate <= 7.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'su_lightbox' Shortcode

The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.4.7. This is due to insufficient input sanitization and output escaping in the 'src' attribute of the sulightbox shortcode. This makes it possib...

6.4CVSS6.1AI score0.0034EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/04 7:41 a.m.1 views

CVE-2026-0737

The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.4.7. This is due to insufficient input sanitization and output escaping in the 'src' attribute of the sulightbox shortcode. This makes it possib...

6.4CVSS6.1AI score0.0034EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/04 7:41 a.m.3 views

CVE-2026-0738

The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sucarousel shortcode in all versions up to, and including, 7.4.8. This is due to insufficient input sanitization and output escaping in the 'suslidelink' attachment meta field...

6.4CVSS6.1AI score0.00346EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/04 7:41 a.m.2 views

CVE-2026-0738 Shortcodes Ultimate <= 7.4.8 - authenticated (Contributor+) Stored Cross-Site Scripting via 'su_carousel' Shortcode

The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sucarousel shortcode in all versions up to, and including, 7.4.8. This is due to insufficient input sanitization and output escaping in the 'suslidelink' attachment meta field...

6.4CVSS6.1AI score0.00346EPSS
Exploits0References3
CVE
CVE
added 2026/04/04 7:41 a.m.17 views

CVE-2026-0737

CVE-2026-0737 affects the WP Shortcodes Plugin - Shortcodes Ultimate for WordPress. All versions up to and including 7.4.7 are vulnerable to Stored Cross-Site Scripting via the su_lightbox shortcode, caused by insufficient input sanitization and output escaping in the src attribute. Authenticated...

6.4CVSS6.1AI score0.0034EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/04 7:41 a.m.23 views

CVE-2026-0738 Shortcodes Ultimate <= 7.4.8 - authenticated (Contributor+) Stored Cross-Site Scripting via 'su_carousel' Shortcode

The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sucarousel shortcode in all versions up to, and including, 7.4.8. This is due to insufficient input sanitization and output escaping in the 'suslidelink' attachment meta field...

6.4CVSS0.00346EPSS
Exploits0References3
CVE
CVE
added 2026/04/04 7:41 a.m.17 views

CVE-2026-0738

CVE-2026-0738 affects the WordPress plugin Shortcodes Ultimate (WP Shortcodes Plugin). The vulnerability is a Stored Cross-Site Scripting (XSS) via the su_carousel shortcode, up to version 7.4.8 inclusive. Root cause: insufficient input sanitization and output escaping in the su_slide_link attach...

6.4CVSS6.1AI score0.00346EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/04 12:0 a.m.5 views

PT-2026-30310

The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.4.7. This is due to insufficient input sanitization and output escaping in the 'src' attribute of the su lightbox shortcode. This makes it...

6.4CVSS6.1AI score0.0034EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/04 12:0 a.m.5 views

PT-2026-30311

The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the su carousel shortcode in all versions up to, and including, 7.4.8. This is due to insufficient input sanitization and output escaping in the 'su slide link' attachment meta...

6.4CVSS6.1AI score0.00346EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/04 12:0 a.m.9 views

WordPress plugin Shortcodes Ultimate 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.7AI score0.0034EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/04 12:0 a.m.7 views

WordPress plugin Shortcodes Ultimate 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.7AI score0.00346EPSS
Exploits0References3
Rows per page
Query Builder