Lucene search
K

1118322 matches found

CVE
CVE
added 5 hours ago4 views

CVE-2026-57379

The CVE-2026-57379 entry is for the WordPress FormyChat plugin (WPPOOL FormyChat social-contact-form) with a stored XSS in versions up to 2.15.3 due to improper input neutralization during web page generation. Affected product: FormyChat plugin (

7.1CVSS6.1AI score
Exploits0References1
CVE
CVE
added 5 hours ago3 views

CVE-2026-57368

CVE-2026-57368 concerns the NooTheme Jobmonster WordPress theme (noo-jobmonster) with a reflected Cross-Site Scripting (XSS) vulnerability described as caused by improper neutralization of input during web page generation. Affected version range is Jobmonster up to and including 4.8.5. The vulner...

7.1CVSS6.1AI score
Exploits0References1
CVE
CVE
added 5 hours ago2 views

CVE-2026-57383

CVE-2026-57383 affects the WordPress plugin JobSearch (wp-jobsearch) up to version 3.2.9 . The vulnerability is a Stored XSS due to improper neutralization of input during web page generation . Impact details are limited to the XSS outcome stated; the connected documents do not provide exploitati...

7.1CVSS6.1AI score
Exploits0References1
CVE
CVE
added 5 hours ago5 views

CVE-2026-57365

The CVE-2026-57365 entry concerns the WordPress plugin “reCAPTCHA (v2 & v3) for Asgaros Forum” (versions ≤ 1.1.0). According to the provided documents, the vulnerability is a DOM-based Cross-Site Scripting (XSS) issue caused by improper neutralization of input during web page generation. The affe...

6.5CVSS6.1AI score
Exploits0References1
CVE
CVE
added 5 hours ago8 views

CVE-2026-57363

The CVE-2026-57363 entry documents a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress ChatBot plugin, affecting versions up to 8.3.7. The issue arises from improper neutralization of input during web page generation, enabling XSS when data is rendered. Affected component: the Chat...

7.1CVSS6.1AI score
Exploits0References1
CVE
CVE
added 5 hours ago2 views

CVE-2026-57381

The CVE describes a Reflected Cross-Site Scripting vulnerability in the WordPress PropertyHive plugin (PropertyHive) for versions

7.1CVSS6.1AI score
Exploits0References1
CVE
CVE
added 5 hours ago3 views

CVE-2026-57369

CVE-2026-57369 is a reflected Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Themify Builder (versions up to and including 7.7.4). The issue arises from improper neutralization of user input during web page generation, enabling an attacker to inject script via crafted input that...

7.1CVSS6.1AI score
Exploits0References1
CVE
CVE
added 5 hours ago2 views

CVE-2026-57380

The CVE-2026-57380 entry concerns WordPress Extensions for Leaflet Map (extensions-leaflet-map) with versions up to and including 5.1. It describes an improper neutralization of user input during web page generation, enabling DOM-based cross-site scripting (XSS). Affected component: the Extension...

7.1CVSS6.1AI score
Exploits0References1
CVE
CVE
added 5 hours ago4 views

CVE-2026-57388

CVE-2026-57388 describes a Stored XSS vulnerability in Themefic Hydra Booking (WordPress Hydra Booking plugin, hydra-booking) affecting versions up to and including 1.1.44. The root cause is improper neutralization of input during web page generation. Impact is cross-site scripting with low to mo...

7.1CVSS6.1AI score
Exploits0References1
CVE
CVE
added 5 hours ago5 views

CVE-2026-57387

CVE-2026-57387 is a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin picu (versions up to and including 3.5.1). The issue arises from improper neutralization of input during web page generation, enabling an attacker to inject malicious scripts that are stored and later rend...

7.1CVSS6.1AI score
Exploits0References1
NCSC
NCSC
added 6 hours ago4 views

Vulnerabilities are being addressed in the Progress MOVEit Transfer process.

Progress has addressed vulnerabilities in MOVEit Transfer, specifically in the Custom Reports module and the Ad Hoc module. These vulnerabilities affect multiple versions of MOVEit Transfer, including 25.0.0 to 25.0.7, 25.1.0 to 25.1.3, and 26.0.0 just before 26.0.1. One vulnerability in the Cust...

8CVSS6AI score0.00442EPSS
Exploits0References1
CVE
CVE
added 6 hours ago6 views

CVE-2026-57829

The CVE concerns the Joomla extension Helix Ultimate (vulnerable component: the Helix Ultimate plugin) with an unauthenticated stored XSS in versions prior to 2.2.7. According to the shared metrics, the vulnerability has a CVSS 4.0 base score of 8.7 (HIGH) with network access, low attack complexi...

8.7CVSS6.1AI score
Exploits1References1
Nuclei
Nuclei
added 9 hours ago47 views

Popup by Supsystic <1.10.5 - Cross-Site scripting

WordPress Popup by Supsystic before 1.10.5 did not sanitize the tab parameter of its options page before outputting it in an attribute, leading to a reflected cross-site scripting issue. id: CVE-2021-24275 info: name: Popup by Supsystic 1.10.5 - Cross-Site scripting author: dhiyaneshDK severity:...

6.1CVSS6.3AI score0.18165EPSS
Exploits5References5
Nuclei
Nuclei
added 9 hours ago71 views

Adobe Coldfusion <=8.0.1 - Cross-Site Scripting

Adobe ColdFusion Server 8.0.1 and earlier contain multiple cross-site scripting vulnerabilities which allow remote attackers to inject arbitrary web script or HTML via 1 the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to 2 wizards/common/logintowizard.cfm, 3...

4.3CVSS6.2AI score0.1614EPSS
Exploits2References5
Nuclei
Nuclei
added 9 hours ago68 views

Devalcms 1.4a - Cross-Site Scripting

Devalcms 1.4a contains a cross-site scripting vulnerability in the currentpath parameter of the index.php file. id: CVE-2008-6982 info: name: Devalcms 1.4a - Cross-Site Scripting author: arafatansari severity: medium description: | Devalcms 1.4a contains a cross-site scripting vulnerability in th...

4.3CVSS6AI score0.05735EPSS
Exploits1References5
Nuclei
Nuclei
added 9 hours ago24 views

WP Planet <= 0.1 - Cross-Site Scripting

A cross-site scripting vulnerability in rss.class/scripts/magpiedebug.php in the WP-Planet plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter. id: CVE-2014-4592 info: name: WP Planet = 0.1 - Cross-Site Scripting author:...

6.1CVSS6.5AI score0.03884EPSS
Exploits2References4
Nuclei
Nuclei
added 9 hours ago83 views

WordPress Plugin MF Gig Calendar 0.9.2 - Cross-Site Scripting

A cross-site scripting vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page. id: CVE-2012-4242 info: name: WordPress Plugin MF Gig Calendar 0.9.2 - Cross-Site Scripting author:...

4.3CVSS6.2AI score0.08857EPSS
Exploits3References4
Nuclei
Nuclei
added 9 hours ago45 views

2 Click Socialmedia Buttons < 0.34 - Cross-Site Scripting

A cross-site scripting vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter. id: CVE-2012-4273 info: name: 2 Click Socialmedia Buttons 0.34 - Cross-Site Scripti...

4.3CVSS6.2AI score0.0578EPSS
Exploits1References5
Nuclei
Nuclei
added 9 hours ago28 views

WordPress Plugin Traffic Analyzer - 'aoid' Cross-Site Scripting

A cross-site scripting vulnerability in js/taloaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter." id: CVE-2013-3526 info: name: WordPress Plugin Traffic Analyzer - 'aoid'...

4.3CVSS6.2AI score0.13939EPSS
Exploits1References5
Nuclei
Nuclei
added 9 hours ago62 views

WordPress Plugin All-in-One Event Calendar 1.4 - Cross-Site Scripting

Multiple cross-site scripting vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 title parameter to app/view/agenda-widget-form.php; 2 args, 3 title, 4 beforetitle, or 5 aftertitle parameter to...

4.3CVSS6.2AI score0.08946EPSS
Exploits2References3
Rows per page
Query Builder