Lucene search
K

6446 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:9 p.m.7 views

CVE-2026-1908

The Integration with Hubspot Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hubspotform' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS6AI score0.00235EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:8 p.m.5 views

CVE-2026-2121

The Weaver Show Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'addclass' parameter in all versions up to, and including, 1.8.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

4.4CVSS6AI score0.00203EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:4 p.m.5 views

CVE-2026-3045

The Appointment Booking Calendar — Simply Schedule Appointments plugin for WordPress is vulnerable to unauthorized access of sensitive data in all versions up to and including 1.6.9.29. This is due to two compounding weaknesses: 1 a non-user-bound publicnonce is exposed to unauthenticated users...

7.5CVSS5.8AI score0.0029EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.10 views

WordPress plugin Shared Files 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.8CVSS5.8AI score0.0043EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.9 views

WordPress plugin Trendustry 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.1CVSS5.8AI score0.00512EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/24 6:31 a.m.4 views

EUVD-2026-14735

The WP DSGVO Tools GDPR plugin for WordPress is vulnerable to unauthorized account destruction in all versions up to, and including, 3.1.38. This is due to the super-unsubscribe AJAX action accepting a processnow parameter from unauthenticated users, which bypasses the intended email-confirmation...

9.1CVSS5.8AI score0.00431EPSS
Exploits0References8
CVE
CVE
added 2026/03/23 11:58 p.m.13 views

CVE-2026-33290

WPGraphQL (WordPress) before 2.10.0 has an authorization flaw in updateComment that lets authenticated low-privileged users (including roles with zero capabilities) alter their own comment’s moderation status (e.g., APPROVE) without moderate_comments permission. Details from the CVE show owner-ba...

4.3CVSS5.8AI score0.00177EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/21 6:30 a.m.5 views

EUVD-2026-13994

The fyyd podcast shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fyyd-podcast', 'fyyd-episode', and 'fyyd' shortcodes in all versions up to, and including, 0.3.1. This is due to insufficient input sanitization and output escaping on user-supplied shortcode...

6.4CVSS6AI score0.0025EPSS
Exploits0References14
EUVD
EUVD
added 2026/03/21 6:30 a.m.4 views

EUVD-2026-13984

The Build App Online plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.23. This is due to the plugin registering the 'build-app-online-update-vendor-product' AJAX action via wpajaxnopriv without proper authentication checks, capability verificatio...

5.3CVSS5.9AI score0.00305EPSS
Exploits0References8
EUVD
EUVD
added 2026/03/21 6:30 a.m.11 views

EUVD-2026-13985

The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'uipsaveglobalsettings' function in all versions up to, and including, 3.5.09. This makes it possible for...

4.3CVSS5.9AI score0.00192EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/21 6:30 a.m.3 views

EUVD-2026-13996

The WPFAQBlock– FAQ & Accordion Plugin For Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter of the 'wpfaqblock' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS6AI score0.00243EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/21 3:26 a.m.29 views

CVE-2026-3347 Multi Functional Flexi Lightbox <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting via 'message' Parameter

The Multi Functional Flexi Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the arvlbmessage parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This is due to the arvlboptionsval sanitize callback returning...

5.5CVSS0.0026EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.5 views

PT-2026-26873

The Ecover Builder For Dummies plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the 'ecover' shortcode in all versions up to and including 1.0. This is due to insufficient input sanitization and output escaping on the user-supplied 'id' shortcode...

6.4CVSS6AI score0.00201EPSS
Exploits0References8
Patchstack
Patchstack
added 2026/03/20 8:55 p.m.7 views

WordPress Image Alt Text Manager plugin <= 1.8.2 - Authenticated (Author+) Stored Cross-Site Scripting via Post Title vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Post Title vulnerability discovered by WordFence in WordPress Plugin Alt Manager versions = 1.8.2...

6.4CVSS5.8AI score0.00193EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 7:37 p.m.7 views

The Query Monitor plugin for WordPress has Reflected Cross-Site Scripting via Request URI

Impact The Query Monitor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'REQUESTURI' parameter in all versions up to, and including, 3.20.3 due to insufficient output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

7.2CVSS5.9AI score0.00302EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/19 8:7 a.m.28 views

CVE-2025-50001 WordPress tagDiv Composer plugin <= 5.4.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Composer td-composer allows Reflected XSS.This issue affects tagDiv Composer: from n/a through = 5.4.2...

7.1CVSS0.00145EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/18 6:31 a.m.5 views

EUVD-2026-12764

The Subscriptions for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpssfwadmincancelsusbcription function in all versions up to, and including, 1.9.2. This is due to the function being hooked to the init action withou...

5.3CVSS5.9AI score0.00307EPSS
Exploits0References7
EUVD
EUVD
added 2026/03/13 9:31 p.m.3 views

EUVD-2026-11786

The Social Icons Widget & Block by WPZOOM plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check in the addmenuitem method hooked to adminmenu in all versions up to, and including, 4.5.8. This is due to the method performing wpinsertpost and...

4.3CVSS5.7AI score0.00207EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.8 views

PT-2026-25161

The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form settings in all versions up to, and including, 5.4.5.0. This is due to insufficient capability checks on the form settings save handler and insufficient input sanitization of the fcontent fie...

6.4CVSS6AI score0.00235EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/03/12 11:0 a.m.211 views

Exploit for Authentication Bypass Using an Alternate Path or Channel in Really-Simple-Plugins Really_Simple_Security

CVE-2024-10924 — WordPress Auth Bypass Toolkit Really Sim...

9.8CVSS5.6AI score0.81722EPSS
Exploits21
Rows per page
Query Builder