CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

Vulnrichment•added 2026/01/24 8:26 a.m.•2 views

CVE-2026-1098 CM CSS Columns <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tag' Shortcode Attribute

The CM CSS Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' shortcode attribute in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS6AI score0.00052EPSS

Exploits0References3

ATTACKERKB•added 2026/01/24 8:26 a.m.•1 views

CVE-2026-1098

6.4CVSS6AI score0.00052EPSS

Exploits0References4

CVE•added 2026/01/24 8:26 a.m.•11 views

CVE-2026-1098

CVE-2026-1098 refers to the WordPress plugin CM CSS Columns, affected in versions up to and including 1.2.1. The vulnerability is a Stored Cross-Site Scripting (XSS) via the shortcodes attribute ‘tag’, caused by insufficient input sanitization and output escaping on user-supplied attributes. Expl...

6.4CVSS5.8AI score0.00052EPSS

Exploits0References3

Cvelist•added 2026/01/24 8:26 a.m.•30 views

CVE-2026-1098 CM CSS Columns <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tag' Shortcode Attribute

6.4CVSS0.00052EPSS

Exploits0References3

Patchstack•added 2026/01/24 5:52 a.m.•4 views

WordPress CM CSS Columns plugin <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tag' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'tag' Shortcode Attribute vulnerability discovered by theviper17y in WordPress Plugin CM CSS Columns versions = 1.2.1...

6.4CVSS5.4AI score0.00052EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/01/24 12:0 a.m.•5 views

PT-2026-4596

6.4CVSS5.8AI score0.00052EPSS

Exploits0References4

Cvelist•added 2025/10/03 11:17 a.m.•4 views

CVE-2025-9129 Flexi <= 4.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via flexi-form-tag Shortcode

The Flexi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin for WordPress's flexi-form-tag shortcode in all versions up to, and including, 4.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00032EPSS

Exploits0References3

Vulnrichment•added 2025/10/03 11:17 a.m.•2 views

CVE-2025-9129 Flexi <= 4.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via flexi-form-tag Shortcode

6.4CVSS4.7AI score0.00032EPSS

Exploits0References3

Positive Technologies•added 2024/06/12 12:0 a.m.•2 views

PT-2024-35406 · WordPress · Download Manager Pro

Name of the Vulnerable Software and Affected Versions: Download Manager Pro plugin for WordPress versions up to, and including, 3.2.92 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in certain shortcodes, including wpdm user...

6.4CVSS7.2AI score0.00759EPSS

Exploits0References19

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by