CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

57 matches found

RedhatCVE•added 2026/03/26 3:8 p.m.•2 views

CVE-2026-2121

The Weaver Show Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'addclass' parameter in all versions up to, and including, 1.8.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

4.4CVSS6AI score0.0005EPSS

Exploits0References1

Patchstack•added 2026/03/23 7:11 p.m.•3 views

WordPress Weaver Show Posts plugin <= 1.8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Additional Classes to Wrap Posts' Widget Setting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'Additional Classes to Wrap Posts' Widget Setting vulnerability discovered by Muqsith Barru - TCC in WordPress Plugin Weaver Show Posts versions = 1.8.1...

4.4CVSS5.8AI score0.0005EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/03/23 4:31 p.m.•5 views

WordPress Show Posts list plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Show Posts list versions = 1.1.0...

6.4CVSS5.8AI score0.00105EPSS

Exploits0References1Affected Software1

EUVD•added 2026/03/21 6:30 a.m.•0 views

EUVD-2026-14146

The Show Posts list – Easy designs, filters and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'posttype' shortcode attribute in the 'swiftpost-list' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on...

6.4CVSS6AI score0.00105EPSS

Exploits0References10

EUVD•added 2026/03/21 6:30 a.m.•0 views

EUVD-2026-14151

4.4CVSS6AI score0.0005EPSS

Exploits0References7

NVD•added 2026/03/21 4:17 a.m.•2 views

CVE-2026-4022

6.4CVSS0.00105EPSS

Exploits0References9

NVD•added 2026/03/21 4:16 a.m.•0 views

CVE-2026-2121

4.4CVSS0.0005EPSS

Exploits0References6

CVE•added 2026/03/21 3:27 a.m.•8 views

CVE-2026-4022

The CVE-2026-4022 entry concerns the WordPress plugin Show Posts list – Easy designs, filters and more. It is vulnerable to Stored Cross-Site Scripting via the post_type attribute in the swiftpost-list shortcode in all versions up to and including 1.1.0, caused by insufficient input sanitization ...

6.4CVSS6AI score0.00105EPSS

Exploits0References9

ATTACKERKB•added 2026/03/21 3:27 a.m.•3 views

CVE-2026-4022

6.4CVSS6AI score0.00105EPSS

Exploits0References10

Cvelist•added 2026/03/21 3:27 a.m.•22 views

CVE-2026-4022 Show Posts list <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4CVSS0.00105EPSS

Exploits0References9

CVE•added 2026/03/21 3:27 a.m.•4 views

CVE-2026-2121

The CVE-2026-2121 issue affects the Weaver Show Posts WordPress plugin (all versions up to 1.8.1). It permits Stored Cross-Site Scripting via the add_class parameter due to insufficient input sanitization and output escaping of user attributes. Authenticated attackers with Administrator-level acc...

4.4CVSS6AI score0.0005EPSS

Exploits0References6

Vulnrichment•added 2026/03/21 3:27 a.m.•1 views

CVE-2026-2121 Weaver Show Posts <= 1.8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Additional Classes to Wrap Posts' Widget Setting

4.4CVSS6AI score0.0005EPSS

Exploits0References6

ATTACKERKB•added 2026/03/21 3:27 a.m.•0 views

CVE-2026-2121

4.4CVSS6AI score0.0005EPSS

Exploits0References7

Cvelist•added 2026/03/21 3:27 a.m.•27 views

CVE-2026-2121 Weaver Show Posts <= 1.8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Additional Classes to Wrap Posts' Widget Setting

4.4CVSS0.0005EPSS

Exploits0References6

CNNVD•added 2026/03/21 12:0 a.m.•3 views

WordPress plugin Show Posts list 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.8AI score0.00105EPSS

Exploits0References9

CNNVD•added 2026/03/21 12:0 a.m.•3 views

WordPress plugin Weaver Show Posts 跨站脚本漏洞

4.4CVSS5.7AI score0.0005EPSS

Exploits0References6

Positive Technologies•added 2026/03/21 12:0 a.m.•2 views

PT-2026-26869

The Show Posts list – Easy designs, filters and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'post type' shortcode attribute in the 'swiftpost-list' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping o...

6.4CVSS6AI score0.00105EPSS

Exploits0References10

Positive Technologies•added 2026/03/21 12:0 a.m.•2 views

PT-2026-26828

The Weaver Show Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'add class' parameter in all versions up to, and including, 1.8.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

4.4CVSS6AI score0.0005EPSS

Exploits0References7

EUVD•added 2025/10/03 8:7 p.m.•6 views

EUVD-2023-23659

Malicious code in bioql PyPI...

6.4CVSS6.6AI score0.00121EPSS

Exploits2References2

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-17229

Malicious code in bioql PyPI...

5.3CVSS6.5AI score0.00302EPSS

Exploits0References4