Lucene search
+L

63 matches found

NVD
NVD
added 2026/07/02 12:17 p.m.7 views

CVE-2026-57764

Contributor Cross Site Scripting XSS in Surbma | Yoast SEO Breadcrumb Shortcode = 1.2 versions...

6.5CVSS0.00139EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:16 a.m.32 views

CVE-2026-57764 WordPress Surbma | Yoast SEO Breadcrumb Shortcode plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting XSS in Surbma | Yoast SEO Breadcrumb Shortcode = 1.2 versions...

6.5CVSS0.00139EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:16 a.m.10 views

CVE-2026-57764

Contributor Cross Site Scripting XSS in Surbma | Yoast SEO Breadcrumb Shortcode = 1.2 versions...

6.5CVSS5.8AI score0.00139EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 11:16 a.m.29 views

CVE-2026-57764

CVE-2026-57764 : Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Surbma | Yoast SEO Breadcrumb Shortcode, affecting versions

6.5CVSS5.8AI score0.00139EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/02 9:21 a.m.9 views

WordPress Surbma | Yoast SEO Breadcrumb Shortcode plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Surbma | Yoast SEO Breadcrumb Shortcode versions = 1.2...

6.5CVSS5.8AI score0.00139EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.14 views

PT-2026-55051

Name of the Vulnerable Software and Affected Versions Surbma | Yoast SEO Breadcrumb Shortcode versions prior to 1.3 Description Cross Site Scripting XSS allows an attacker with contributor privileges to execute malicious scripts in the browser of other users. XSS is a security flaw where an...

6.5CVSS6AI score0.00139EPSS
Exploits0References4
CVE
CVE
added 2026/06/27 6:50 a.m.18 views

CVE-2026-11597

The CVE concerns the WordPress plugin “Surbma | Infusionsoft Shortcode” for versions up to 2.0.1. It enables Stored Cross-Site Scripting via the infusionsoft-form shortcode by unsafely handling user-supplied account and id attributes in surbma_infusionsoft_shortcode_shortcode(), which are concate...

6.4CVSS5.9AI score0.00193EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.9 views

CVE-2026-1607

The Surbma | Booking.com Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's surbma-bookingcom shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...

6.4CVSS5.7AI score0.00152EPSS
Exploits0References1
NVD
NVD
added 2026/04/14 4:17 a.m.4 views

CVE-2026-1607

The Surbma | Booking.com Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's surbma-bookingcom shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...

6.4CVSS0.00152EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/14 3:37 a.m.31 views

CVE-2026-1607 Surbma | Booking.com <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Surbma | Booking.com Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's surbma-bookingcom shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...

6.4CVSS0.00152EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/14 3:37 a.m.2 views

CVE-2026-1607

The Surbma | Booking.com Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's surbma-bookingcom shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...

6.4CVSS5.9AI score0.00152EPSS
Exploits0References3
CVE
CVE
added 2026/04/14 3:37 a.m.12 views

CVE-2026-1607

CVE-2026-1607 affects the Surbma | Booking.com Shortcode plugin for WordPress, up to version 2.1. The flaw arises from insufficient input sanitization and output escaping on user-supplied attributes of the surbma-bookingcom shortcode, enabling an authenticated attacker with contributor-level acce...

6.4CVSS5.9AI score0.00152EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/14 3:37 a.m.2 views

CVE-2026-1607 Surbma | Booking.com <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Surbma | Booking.com Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's surbma-bookingcom shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...

6.4CVSS5.9AI score0.00152EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/04/14 3:37 a.m.5 views

WordPress Surbma | Booking.com plugin <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Surbma | Booking.com Shortcode versions = 2.1...

6.4CVSS5.8AI score0.00152EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.8 views

WordPress plugin Surbma | Booking.com Shortcode 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.7AI score0.00152EPSS
Exploits0References2
NVD
NVD
added 2025/11/21 8:15 a.m.18 views

CVE-2025-11800

The Surbma | MiniCRM Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the 'minicrm' shortcode in all versions up to, and including, 2.0. This is due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00166EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/21 7:31 a.m.5 views

EUVD-2025-198412

The Surbma | MiniCRM Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the 'minicrm' shortcode in all versions up to, and including, 2.0. This is due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS4.7AI score0.00166EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/11/20 10:35 p.m.6 views

WordPress Surbma | MiniCRM Shortcode plugin <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Surbma | MiniCRM Shortcode versions = 2.0...

6.4CVSS5.8AI score0.00166EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-25068

Malicious code in bioql PyPI...

6.4CVSS6.5AI score0.00226EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.22 views

EUVD-2023-27977

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00361EPSS
Exploits0References1
Rows per page
Query Builder