Lucene search
K

2098 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.12 views

CVE-2026-6549

The Logo Manager For Enamad plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' attribute of the vcenamadnamad, vcenamadshamed, and vcenamadcustom shortcodes in all versions up to, and including, 0.7.4 due to insufficient input sanitization and output escaping on use...

6.4CVSS5.7AI score0.00245EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.9 views

CVE-2026-2988

The Blubrry PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'powerpress' and 'podcast' shortcodes in versions up to, and including, 11.15.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.7AI score0.00205EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.9 views

CVE-2026-4078

The ITERAS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes iteras-ordering, iteras-signup, iteras-paywall-login, iteras-selfservice in all versions up to and including 1.8.2. This is due to insufficient input sanitization and output escaping in the...

6.4CVSS5.5AI score0.00257EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.10 views

CVE-2026-8701

The GNTT Post Title Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0 via the title-ticker-slide, title-ticker-fade, and title-ticker-typing shortcodes. This is due to insufficient input sanitization and output escaping on shortcode attributes notably border,...

6.4CVSS5.8AI score0.00187EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.7 views

CVE-2026-3017

The Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.12 via deserialization of untrusted input in the importshortcodes function. This makes it possible for authenticate...

7.2CVSS5.9AI score0.00527EPSS
Exploits0References1
NVD
NVD
added 2026/06/02 9:16 a.m.17 views

CVE-2026-8885

The DeMomentSomTres Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'callout' shortcode in all versions up to, and including, 1.1.1. This is due to insufficient input sanitization and output escaping on the 'width' and 'align' shortcode attributes...

6.4CVSS0.00181EPSS
Exploits0References3
CVE
CVE
added 2026/06/02 7:48 a.m.15 views

CVE-2026-8885

The CVE-2026-8885 entry concerns the WordPress plugin DeMomentSomTres Shortcodes (versions

6.4CVSS6AI score0.00181EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/02 7:48 a.m.7 views

CVE-2026-8885

The DeMomentSomTres Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'callout' shortcode in all versions up to, and including, 1.1.1. This is due to insufficient input sanitization and output escaping on the 'width' and 'align' shortcode attributes...

6.4CVSS6AI score0.00181EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/02 7:48 a.m.8 views

CVE-2026-8885 DeMomentSomTres Shortcodes <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The DeMomentSomTres Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'callout' shortcode in all versions up to, and including, 1.1.1. This is due to insufficient input sanitization and output escaping on the 'width' and 'align' shortcode attributes...

6.4CVSS6AI score0.00181EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/02 7:48 a.m.37 views

CVE-2026-8885 DeMomentSomTres Shortcodes <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The DeMomentSomTres Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'callout' shortcode in all versions up to, and including, 1.1.1. This is due to insufficient input sanitization and output escaping on the 'width' and 'align' shortcode attributes...

6.4CVSS0.00181EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/06/01 7:44 p.m.13 views

WordPress DeMomentSomTres Shortcodes plugin <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin DeMomentSomTres Shortcodes versions = 1.1.1...

6.4CVSS5.8AI score0.00181EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/27 7:16 a.m.20 views

CVE-2026-8701

The GNTT Post Title Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0 via the title-ticker-slide, title-ticker-fade, and title-ticker-typing shortcodes. This is due to insufficient input sanitization and output escaping on shortcode attributes notably border,...

6.4CVSS0.00187EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/27 5:31 a.m.8 views

CVE-2026-8844 Responsive Check <= 0.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Responsive Check plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rspcheck' shortcode in versions up to, and including, 0.0.3. This is due to insufficient input sanitization and output escaping on the 'url' and 'button' shortcode attributes in the rspccheckshortcode...

6.4CVSS6AI score0.00204EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/27 5:31 a.m.7 views

CVE-2026-9200

The Query Shortcode plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.2.1 via the shortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary .php files on the...

7.5CVSS6.4AI score0.00495EPSS
Exploits0References5
NVD
NVD
added 2026/05/21 5:16 a.m.24 views

CVE-2026-1543

The Avada Fusion Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in all versions up to, and including, 3.15.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level...

6.4CVSS0.00337EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/21 4:28 a.m.50 views

CVE-2026-1543 Avada (Fusion) Builder <= 3.15.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple Shortcodes

The Avada Fusion Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in all versions up to, and including, 3.15.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level...

6.4CVSS0.00337EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/21 4:28 a.m.11 views

CVE-2026-1543 Avada (Fusion) Builder <= 3.15.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple Shortcodes

The Avada Fusion Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in all versions up to, and including, 3.15.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level...

6.4CVSS6AI score0.00337EPSS
Exploits0References3
CVE
CVE
added 2026/05/21 4:28 a.m.27 views

CVE-2026-1543

CVE-2026-1543 concerns the Avada (Fusion) Builder WordPress plugin. All versions up to and including 3.15.2 are affected by a Stored Cross-Site Scripting (XSS) flaw due to insufficient input sanitization and output escaping. The vulnerability can be exploited by an authenticated attacker with Sub...

6.4CVSS6AI score0.00337EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.15 views

PT-2026-42394

The Avada Fusion Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in all versions up to, and including, 3.15.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level...

6.4CVSS6AI score0.00337EPSS
Exploits0References4
NVD
NVD
added 2026/05/20 2:16 a.m.14 views

CVE-2026-6549

The Logo Manager For Enamad plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' attribute of the vcenamadnamad, vcenamadshamed, and vcenamadcustom shortcodes in all versions up to, and including, 0.7.4 due to insufficient input sanitization and output escaping on use...

6.4CVSS0.00245EPSS
Exploits0References4
Rows per page
Query Builder