Lucene search
+L

367 matches found

CVE
CVE
added 2026/04/04 7:41 a.m.20 views

CVE-2026-0738

CVE-2026-0738 affects the WordPress plugin Shortcodes Ultimate (WP Shortcodes Plugin). The vulnerability is a Stored Cross-Site Scripting (XSS) via the su_carousel shortcode, up to version 7.4.8 inclusive. Root cause: insufficient input sanitization and output escaping in the su_slide_link attach...

6.4CVSS6.1AI score0.00346EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/04 12:0 a.m.13 views

WordPress plugin Shortcodes Ultimate 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.7AI score0.00346EPSS
Exploits0References3
Spring Security Advisories
Spring Security Advisories
added 2026/03/24 12:0 a.m.31 views

This Week in Spring - March 24th, 2026

Hi, Spring fans! Welcome to yet another rip-roarin' installment of This Week in Spring. As usual, we've got a ton to look into, so let's dive right in! Happy 22nd birthday to Spring Framework, released this day 22 years ago! and of course, next week, 1 April 2026, marks 12 years since Spring Boot...

5.8AI score
Exploits0
Cvelist
Cvelist
added 2026/02/11 8:26 a.m.26 views

CVE-2026-1885 Slideshow Wp <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sswp-slide' Shortcode 'sswpid' Attribute

The Slideshow Wp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sswpid' attribute of the 'sswp-slide' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.0024EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/11 8:26 a.m.3 views

CVE-2026-1885

The Slideshow Wp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sswpid' attribute of the 'sswp-slide' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.8AI score0.0024EPSS
Exploits0References4
CVE
CVE
added 2026/02/11 8:26 a.m.15 views

CVE-2026-1885

The CVE-2026-1885 issue affects the WordPress Slideshow Wp plugin (versions up to 1.1). It is a Stored Cross-Site Scripting (XSS) vulnerability via the sswpid attribute of the sswp-slide shortcode, caused by insufficient input sanitization/output escaping. Exploitation requires authenticated acce...

6.4CVSS5.8AI score0.0024EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/11 8:26 a.m.2 views

CVE-2026-1885 Slideshow Wp <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sswp-slide' Shortcode 'sswpid' Attribute

The Slideshow Wp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sswpid' attribute of the 'sswp-slide' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.8AI score0.0024EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.11 views

WordPress plugin Slideshow Wp 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.7AI score0.0024EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/08 1:3 p.m.8 views

CVE-2026-1613

The Wonka Slide plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's listclass shortcode in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.6AI score0.0019EPSS
Exploits0References1
NVD
NVD
added 2026/02/07 9:16 a.m.8 views

CVE-2026-1613

The Wonka Slide plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's listclass shortcode in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.0019EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/07 8:26 a.m.7 views

CVE-2026-1613

The Wonka Slide plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's listclass shortcode in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.6AI score0.0019EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/07 8:26 a.m.28 views

CVE-2026-1613 Wonka Slide <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Wonka Slide plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's listclass shortcode in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.0019EPSS
Exploits0References2
CVE
CVE
added 2026/02/07 8:26 a.m.21 views

CVE-2026-1613

The Wonka Slide plugin for WordPress is affected by a Stored Cross-Site Scripting vulnerability via the plugin's list_class shortcode, impacting versions up to and including 1.3.3. The issue stems from insufficient input sanitization and output escaping on user-supplied attributes, allowing authe...

6.4CVSS5.6AI score0.0019EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/07 8:26 a.m.3 views

CVE-2026-1613 Wonka Slide <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Wonka Slide plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's listclass shortcode in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.8AI score0.0019EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/07 12:0 a.m.8 views

WordPress plugin Wonka Slide 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.4CVSS5.8AI score0.0019EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/07 12:0 a.m.13 views

PT-2026-6893

Name of the Vulnerable Software and Affected Versions Wonka Slide versions up to and including 1.3.3 Description The Wonka Slide plugin for WordPress is susceptible to Stored Cross-Site Scripting through the list class shortcode. Insufficient input sanitization and output escaping on user-supplie...

6.4CVSS5.7AI score0.0019EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/02/06 11:29 p.m.8 views

WordPress Wonka Slide plugin <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Wonka Slide versions = 1.3.3...

6.4CVSS5.3AI score0.0019EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 12:36 p.m.6 views

CVE-2023-49373

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery CSRF via /admin/slide/delete...

8.8CVSS7.3AI score0.00391EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/08 3:14 a.m.6 views

CVE-2025-30996

Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Sidepane WordPress Theme, Themify Themify Newsy, Themify Themify Folo, Themify Themify Edmin, Themify Bloggie, Themify Photobox, Themify Wigi, Themify Rezo, Themify Slide allows Upload a Web Shell to a Web Server.Thi...

9.9CVSS8.4AI score0.00437EPSS
Exploits0References1
NVD
NVD
added 2026/01/06 9:15 p.m.10 views

CVE-2025-30996

Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Sidepane WordPress Theme, Themify Themify Newsy, Themify Themify Folo, Themify Themify Edmin, Themify Bloggie, Themify Photobox, Themify Wigi, Themify Rezo, Themify Slide allows Upload a Web Shell to a Web Server.Thi...

9.9CVSS0.00437EPSS
Exploits0References9
Rows per page
Query Builder