Lucene search
K

83788 matches found

EUVD
EUVD
added 2026/06/09 3:41 a.m.10 views

EUVD-2026-35315

The FastPicker, an order picker and order management system oms for WooCommerce on steroids plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the settingsPage function. This makes i...

4.3CVSS5.4AI score0.00124EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/09 3:41 a.m.11 views

EUVD-2026-35314

The jQuery Hover Footnotes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the jqFootnotesoptionssubpanel function. This makes it possible for unauthenticated attackers to update th...

4.3CVSS5.5AI score0.00145EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/09 3:41 a.m.10 views

EUVD-2026-35316

The Product Filter Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via 'argsfilterFormArray' Parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS5.7AI score0.00205EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 3:41 a.m.8 views

CVE-2026-10553 jQuery Hover Footnotes <= 1.4 - Cross-Site Request Forgery to Plugin Settings Update

The jQuery Hover Footnotes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the jqFootnotesoptionssubpanel function. This makes it possible for unauthenticated attackers to update th...

4.3CVSS5.5AI score0.00145EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/09 3:41 a.m.33 views

CVE-2026-8910 WP Emoticon Rating <= 1.0.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting via 'emo_settings' Parameter

The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web...

6.1CVSS0.0012EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/06/09 3:41 a.m.7 views

CVE-2026-8910 WP Emoticon Rating <= 1.0.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting via 'emo_settings' Parameter

The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web...

6.1CVSS5.4AI score0.0012EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/09 3:41 a.m.11 views

EUVD-2026-35313

The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web...

6.1CVSS5.4AI score0.0012EPSS
Exploits0References7
CVE
CVE
added 2026/06/09 3:41 a.m.20 views

CVE-2026-8910

The CVE refers to the WordPress plugin WP Emoticon Rating (versions

6.1CVSS5.4AI score0.0012EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/06/09 3:41 a.m.10 views

CVE-2026-8882 WP ApplicantStack Jobs Display <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The WP ApplicantStack Jobs Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.7AI score0.00181EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 3:41 a.m.15 views

CVE-2026-10738

The CVE concerns the WordPress plugin jQuery Hover Footnotes, vulnerable in all versions up to 1.4. The root cause is insufficient input sanitization and output escaping in the Footnote Qualifier using a {{...}} syntax, enabling Stored XSS for authenticated users with author-level access and abov...

6.4CVSS5.7AI score0.00253EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/09 3:41 a.m.30 views

CVE-2026-10738 jQuery Hover Footnotes <= 1.4 - Authenticated (Author+) Stored Cross-Site Scripting via Footnote Qualifier ('{{...}}' Syntax)

The jQuery Hover Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Footnote Qualifier '...' Syntax in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00253EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/09 3:41 a.m.31 views

CVE-2026-8882 WP ApplicantStack Jobs Display <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The WP ApplicantStack Jobs Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00181EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/09 3:41 a.m.10 views

EUVD-2026-35309

The ePaperFlip Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'publicationid' attribute of the epaperflipembed shortcode in all versions up to, and including, 1. This is due to insufficient input sanitization and output escaping on the shortcode attribute whic...

6.4CVSS5.7AI score0.00192EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 3:41 a.m.7 views

CVE-2026-8977 WP GDPR Cookie Consent <= 1.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'ninja_gdpr_ajax_actions' AJAX Action

The WP GDPR Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ninjagdprajaxactions' AJAX action in versions up to, and including, 1.0.0. This is due to missing capability and nonce checks on the handleAjaxCalls function, combined with insufficient input...

6.4CVSS5.7AI score0.00188EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/09 3:41 a.m.9 views

EUVD-2026-35310

The WP GDPR Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ninjagdprajaxactions' AJAX action in versions up to, and including, 1.0.0. This is due to missing capability and nonce checks on the handleAjaxCalls function, combined with insufficient input...

6.4CVSS5.7AI score0.00188EPSS
Exploits0References5
CVE
CVE
added 2026/06/09 3:41 a.m.20 views

CVE-2026-8977

The WP GDPR Cookie Consent plugin for WordPress (versions up to and including 1.0.0) is vulnerable to Stored Cross-Site Scripting via the ninja_gdpr_ajax_actions AJAX action. The root cause is multi-fold: missing capability and nonce checks in handleAjaxCalls(), insufficient input sanitization of...

6.4CVSS5.7AI score0.00188EPSS
Exploits0References5
CVE
CVE
added 2026/06/09 3:41 a.m.20 views

CVE-2026-7662

CVE-2026-7662 describes a Stored Cross-Site Scripting vulnerability in the WordPress plugin ePaperFlip Publisher (versions

6.4CVSS5.7AI score0.00192EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/09 3:41 a.m.30 views

CVE-2026-7662 ePaperFlip Publisher <= 1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'publicationid' Shortcode Attribute

The ePaperFlip Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'publicationid' attribute of the epaperflipembed shortcode in all versions up to, and including, 1. This is due to insufficient input sanitization and output escaping on the shortcode attribute whic...

6.4CVSS0.00192EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 3:41 a.m.11 views

CVE-2026-8902 AJAX Report Comments <= 2.0.4 - Cross-Site Request Forgery to Settings Update

The AJAX Report Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to missing or incorrect nonce validation on the rcoptionspage function. This makes it possible for unauthenticated attackers to modify plugin settings...

4.3CVSS5.4AI score0.00124EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 3:41 a.m.20 views

CVE-2026-8902

CVE-2026-8902 affects the WordPress plugin “AJAX Report Comments” (versions ≤ 2.0.4). The vulnerability stems from missing or incorrect nonce validation on the rc_options_page function, enabling Cross‑Site Request Forgery. This allows unauthenticated attackers to forge requests and modify plugin ...

4.3CVSS5.4AI score0.00124EPSS
Exploits0References3
Rows per page
Query Builder