CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

918 matches found

CP Image Store with Slideshow <= 1.0.67 - SQL Injection

The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the orderingby query parameter before using it in a SQL statement in pages where the codepeople-image-store is embed, allowing unauthenticated users to perform an SQL injection attack. id: CVE-2022-1692...

9.8CVSS7.3AI score0.1036EPSS

Exploits2References3

Nuclei•added yesterday•9 views

Skitter Slideshow <= 2.5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Skitter Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping. id: CVE-2025-28906 info: name: Skitter Slideshow = 2.5.2 - Authenticated Administrator+ Stored Cross-Site...

5.9CVSS7.2AI score0.00496EPSS

Exploits0References3

NVD•added last week•10 views

CVE-2026-2021

The Slideshow Gallery LITE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alwaysauto' shortcode attribute in all versions up to, and including, 1.8.5. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible...

6.4CVSS0.00205EPSS

Exploits0References6

EUVD•added last week•11 views

EUVD-2026-37868

6.4CVSS5.6AI score0.00205EPSS

Exploits0References6

Cvelist•added last week•21 views

CVE-2026-2021 Slideshow Gallery LITE <= 1.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'alwaysauto' Shortcode Attribute

6.4CVSS0.00205EPSS

Exploits0References6

ATTACKERKB•added last week•6 views

CVE-2026-2021

6.4CVSS5.5AI score0.00205EPSS

Exploits0References7

CVE•added last week•16 views

CVE-2026-2021

The CVE concerns the WordPress Slideshow Gallery LITE plugin (versions

6.4CVSS5.5AI score0.00205EPSS

Exploits0References6

Patchstack•added 2026/06/17 8:0 p.m.•7 views

WordPress Slideshow Gallery LITE plugin <= 1.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Slideshow Gallery versions = 1.8.5...

6.4CVSS5.2AI score0.00205EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/06/07 12:43 a.m.•10 views

CVE-2026-8900

The Simple SEO Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

6.4CVSS5.7AI score0.00192EPSS

Exploits0References1

CNNVD•added 2026/06/06 12:0 a.m.•7 views

WordPress plugin Simple SEO Slideshow 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.2AI score0.00192EPSS

Exploits0References6

Vulnrichment•added 2026/06/05 11:28 p.m.•10 views

CVE-2026-8900 Simple SEO Slideshow <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

6.4CVSS5.7AI score0.00192EPSS

Exploits0References5

CVE•added 2026/06/05 11:28 p.m.•21 views

CVE-2026-8900

The CVE-2026-8900 entry concerns the WordPress plugin Simple SEO Slideshow (versions up to and including 1.2.8). The vulnerability is a Stored Cross-Site Scripting (XSS) via shortcode attributes , caused by insufficient input sanitization and output escaping. An authenticated attacker with contri...

6.4CVSS5.7AI score0.00192EPSS

Exploits0References5

RedhatCVE•added 2026/06/05 7:24 p.m.•8 views

CVE-2026-8873

The Content Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level acces...

6.4CVSS5.7AI score0.00187EPSS

Exploits0References1

Patchstack•added 2026/06/05 10:52 a.m.•5 views

WordPress Simple SEO Slideshow plugin <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Simple SEO Slideshow versions = 1.2.8...

6.4CVSS5.4AI score0.00192EPSS

Exploits0References1Affected Software1

NVD•added 2026/05/27 7:16 a.m.•22 views

CVE-2026-8873

6.4CVSS0.00187EPSS

Exploits0References3

Cvelist•added 2026/05/27 5:31 a.m.•29 views

CVE-2026-8873 Content Slideshow <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

6.4CVSS0.00187EPSS

Exploits0References3

CVE•added 2026/05/27 5:31 a.m.•13 views

CVE-2026-8873

The CVE-2026-8873 entry concerns the Content Slideshow WordPress plugin (versions up to 2.4.1). The vulnerability is a Stored Cross-Site Scripting (XSS) via Shortcode Attributes caused by insufficient input sanitization and output escaping. Attackers with contributor-level access and above can in...

6.4CVSS6AI score0.00187EPSS

Exploits0References3

EUVD•added 2026/05/27 5:31 a.m.•8 views

EUVD-2026-32080

6.4CVSS6AI score0.00187EPSS

Exploits0References3

ATTACKERKB•added 2026/05/27 5:31 a.m.•5 views

CVE-2026-8873

6AI score0.00187EPSS

Exploits0References4

Vulnrichment•added 2026/05/27 5:31 a.m.•8 views

CVE-2026-8873 Content Slideshow <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes