203 matches found
WordPress OneTone theme <= 3.0.6 – Unauthenticated Stored XSS
includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress has multiple stored XSS issues. id: CVE-2019-17231 info: name: WordPress OneTone theme = 3.0.6 – Unauthenticated Stored XSS author: daffainfo severity: medium description: | includes/theme-functions.php in the OneTone...
CVE-2026-5305
The CVE-2026-5305 issue affects the WordPress plugins Email Address Encoder (free) prior to 1.0.25 and Email Encoder Premium prior to 0.3.12. The root cause is improper handling of email replacement, which can allow unauthenticated attackers to perform Stored XSS. Impact per sources is high (CVE-...
CVE-2026-8071
The CVE-2026-8071 entries (NVD, CVE List, EUVD/ENISA, and VulnEnrichment) document a stored XSS vulnerability in the Anti-Spam by CleanTalk WordPress plugin. Affected: the plugin before version 6.79; Root cause: improper sanitization of content inside a custom shortcode used in the plugin’s email...
CVE-2026-7052
The CVE concerns the HT Contact Form – Drag & Drop Form Builder for WordPress plugin. A Stored Cross-Site Scripting (XSS) vulnerability exists in the file_upload parameter for all versions up to 2.8.2 due to insufficient input sanitization and output escaping. Exploitation requires the Store Subm...
CVE-2026-5324
The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce verification for unauthenticated form submissions, insufficient handling of FileUpload fields when ...
CVE-2026-5110 Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Single Product Field Inside Repeater
The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping in the SingleProduct field when used inside a Repeater field. When SingleProduct fields are...
PT-2026-36594
The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce verification for unauthenticated form submissions, insufficient handling of FileUpload fields when ...
WordPress Vagaro Booking Widget plugin <= 0.3 - Unauthenticated Stored Cross-Site Scripting via 'vagaro_code' vulnerability
Unauthenticated Stored Cross-Site Scripting via 'vagarocode' vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Vagaro Booking Widget versions = 0.3...
CVE-2025-15386
The Responsive Lightbox & Gallery WordPress plugin before 2.6.1 is vulnerable to an Unauthenticated Stored-XSS attack due to flawed regex replacement rules that can be abused by posting a comment with a malicious link when lightbox for comments are enabled and then approved...
WordPress PixelYourSite plugin <= 11.2.0 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - cyberdogzmarketing.com | krei.dev | ogbuilders.io in WordPress Plugin PixelYourSite – Your smart PIXEL TAG Manager versions = 11.2.0...
WordPress Customer Reviews for WooCommerce plugin <= 5.97.0 - Unauthenticated Stored Cross-Site Scripting via media[].href Parameter vulnerability
Unauthenticated Stored Cross-Site Scripting via media.href Parameter vulnerability discovered by type5afe in WordPress Plugin Customer Reviews for WooCommerce versions = 5.97.0...
CVE-2020-12132
Fifthplay S.A.M.I before 2019.3HP2 allows unauthenticated stored XSS via a POST request...
PT-2025-51810
The HTML Forms – Simple WordPress Forms Plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to and including 1.6.0 due to insufficient sanitization of fabricated file upload field metadata before displaying it in the WordPress admin dashboard. This...
CVE-2025-12499
CVE-2025-12499 affects the WordPress plugin Rich Shortcodes for Google Reviews (
EUVD-2020-13413
Malware in sbrugna...
EUVD-2021-11569
Malware in sbrugna...
EUVD-2021-11263
Malware in sbrugna...
EUVD-2019-7655
Malware in sbrugna...
EUVD-2017-8010
Malware in sbrugna...
EUVD-2019-4891
Malware in sbrugna...