Lucene search
K

114 matches found

Nuclei
Nuclei
added 17 hours ago24 views

Site Reviews < 7.2.5 - Unauthenticated Stored XSS

Site Reviews WordPress plugin before 7.2.5 contains a stored cross-site scripting caused by improper sanitization and escaping of review fields, letting unauthenticated users execute malicious scripts, exploit requires no authentication. id: CVE-2025-1232 info: name: Site Reviews 7.2.5 -...

8.8CVSS7.1AI score0.01856EPSS
Exploits1References3
NVD
NVD
added 3 days ago8 views

CVE-2026-57625

Unauthenticated Cross Site Scripting XSS in Admin and Site Enhancements ASE Pro = 8.8.5 versions...

9.6CVSS0.00269EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-57675 WordPress WP Photo Album Plus plugin <= 9.2.02.004 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in WP Photo Album Plus = 9.2.02.004 versions...

7.1CVSS0.00191EPSS
Exploits0References1
CVE
CVE
added 3 days ago9 views

CVE-2026-57361

The CVE-2026-57361 entry affects the WordPress Survey Maker plugin ≤ 5.2.2.5, describing an unauthenticated Cross-Site Scripting (XSS) vulnerability. The provided documents specify the vulnerable software and vulnerability type, but do not include technical details about the root cause, impact sp...

7.1CVSS5.8AI score0.00191EPSS
Exploits0References1
CVE
CVE
added 3 days ago10 views

CVE-2026-57349

CVE-2026-57349 affects the WordPress plugin WPeMatico RSS Feed Fetcher (versions

7.1CVSS5.8AI score0.00191EPSS
Exploits0References1
CVE
CVE
added 6 days ago13 views

CVE-2026-57333

CVE-2026-57333 describes an unauthenticated reflected Cross Site Scripting (XSS) vulnerability in the WordPress plugin Link Whisper Free , affecting versions up to and including 0.9.4 . The connected sources consistently identify it as a reflected XSS issue in the Free plugin; no root-cause detai...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.32 views

CVE-2026-56044 WordPress Blog2Social plugin <= 8.9.2 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Blog2Social = 8.9.2 versions...

7.1CVSS0.0018EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.4 views

EUVD-2026-39704

Unauthenticated Cross Site Scripting XSS in Customer Reviews for WooCommerce = 5.110.1 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 5:33 a.m.15 views

CVE-2026-9643

WP Meta SEO for WordPress insert(). This allows injection of arbitrary scripts that execute when an administrator visits the 404 & Redirects admin page (/wp-admin/admin.php?page=metaseo_broken_link). Exploitation details are not provided beyond the generic flow; no fixes, mitigations, or exploita...

7.2CVSS6AI score0.00241EPSS
Exploits0References6
NVD
NVD
added 2026/06/17 2:17 p.m.7 views

CVE-2025-69140

Unauthenticated Cross Site Scripting XSS in SweetDate Core 1.1.5 versions...

7.1CVSS0.0018EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:50 a.m.9 views

CVE-2026-22328

CVE-2026-22328 corresponds to a reflected XSS in WordPress Theme Auto Repair &lt;= 22.6, described as unauthenticated in the Initial description and reflected XSS in the product detail. CVSS shows Network attack vector, no privileges required, low impact to confidentiality/integrity/availability,...

7.1CVSS5.1AI score0.00244EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:17 p.m.15 views

CVE-2026-48966

Unauthenticated Cross Site Scripting XSS in Funnel Builder by FunnelKit = 3.15.0.2 versions...

7.1CVSS0.00175EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:17 p.m.24 views

CVE-2025-68840 WordPress iRobots.txt SEO plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in iRobots.txt SEO = 1.1.2 versions...

7.1CVSS0.00175EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.9 views

PT-2026-49444

Unauthenticated Cross Site Scripting XSS in AutomatorWP = 5.6.7 versions...

7.2CVSS5.1AI score0.00195EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/05 1:24 p.m.38 views

CVE-2026-50231 Lyrion Music Server 9.2.0 Unauthenticated Stored XSS via server.log

Lyrion Music Server 9.2.0 contains an unauthenticated stored cross-site scripting vulnerability in the log viewer that allows attackers to inject malicious scripts by exploiting unescaped template variables. Attackers can inject XSS payloads through search, lines, and path query parameters or by...

7.2CVSS0.00183EPSS
Exploits2References2
NVD
NVD
added 2026/05/02 9:16 a.m.9 views

CVE-2026-5324

The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce verification for unauthenticated form submissions, insufficient handling of FileUpload fields when ...

7.2CVSS0.00401EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/02 8:27 a.m.3 views

CVE-2026-5324

The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce verification for unauthenticated form submissions, insufficient handling of FileUpload fields when ...

7.2CVSS6AI score0.00401EPSS
Exploits0References9
Patchstack
Patchstack
added 2026/05/01 9:31 a.m.5 views

WordPress Marijuana Age Verify plugin <= 1.5.5 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Marijuana Age Verify versions = 1.5.5...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/12 8:57 p.m.10 views

GO-2026-4669 SiYuan has a SVG Sanitizer Bypass via Whitespace in `javascript:` URI — Unauthenticated XSS in github.com/siyuan-note/siyuan/kernel

SiYuan has a SVG Sanitizer Bypass via Whitespace in javascript: URI — Unauthenticated XSS in github.com/siyuan-note/siyuan/kernel...

6.4CVSS5.8AI score0.00505EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/10 8:58 p.m.26 views

CVE-2026-31809 SiYuan has a SVG Sanitizer Bypass via Whitespace in `javascript:` URI — Unauthenticated XSS

SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer SanitizeSVG checks href attributes for the javascript: prefix using strings.HasPrefix. However, inserting ASCII tab , newline , or carriage return characters inside the javascript: string bypasses this prefi...

6.4CVSS0.00505EPSS
Exploits1References1
Rows per page
Query Builder