Lucene search
K

83789 matches found

EUVD
EUVD
added 2026/06/09 3:41 a.m.11 views

EUVD-2026-35299

The Global Body Mass Index Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gbmicalc' shortcode in versions up to, and including, 1.2. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes in the...

6.4CVSS5.7AI score0.00188EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/09 3:41 a.m.8 views

CVE-2026-8883 Global Body Mass Index Calculator <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Global Body Mass Index Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gbmicalc' shortcode in versions up to, and including, 1.2. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes in the...

6.4CVSS5.7AI score0.00188EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/09 3:41 a.m.7 views

CVE-2026-8940 WP Meta Sort Posts <= 0.9 - Cross-Site Request Forgery to Plugin Settings Update

The WP Meta Sort Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9. This is due to missing or incorrect nonce validation on the top-level included script in msp-options.php. This makes it possible for unauthenticated attackers to chan...

4.3CVSS5.4AI score0.00128EPSS
Exploits0References5
CVE
CVE
added 2026/06/09 3:41 a.m.19 views

CVE-2026-8883

The CVE-2026-8883 entry concerns the WordPress plugin Global Body Mass Index Calculator, affected in versions up to 1.2. The vulnerability is a Stored Cross-Site Scripting issue via the gbmicalc shortcode attributes, caused by insufficient input sanitization and output escaping in GBMI_Calc_Widge...

6.4CVSS5.7AI score0.00188EPSS
Exploits0References5
CVE
CVE
added 2026/06/09 3:41 a.m.21 views

CVE-2026-8940

The CVE-2026-8940 entry concerns WordPress plugin WP Meta Sort Posts (versions

4.3CVSS5.4AI score0.00128EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/09 3:41 a.m.34 views

CVE-2026-8940 WP Meta Sort Posts <= 0.9 - Cross-Site Request Forgery to Plugin Settings Update

The WP Meta Sort Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9. This is due to missing or incorrect nonce validation on the top-level included script in msp-options.php. This makes it possible for unauthenticated attackers to chan...

4.3CVSS0.00128EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/09 3:41 a.m.32 views

CVE-2026-8841 Extra Settings for RocketChat <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Extra Settings for RocketChat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rocketchat' shortcode's 'title' attribute in versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping in the rxstgshortcode function, which...

6.4CVSS0.00181EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/09 3:41 a.m.9 views

EUVD-2026-35298

The Extra Settings for RocketChat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rocketchat' shortcode's 'title' attribute in versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping in the rxstgshortcode function, which...

6.4CVSS5.7AI score0.00181EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 3:41 a.m.19 views

CVE-2026-8841

CVE-2026-8841 affects the WordPress plugin Extra Settings for RocketChat (versions ≤ 0.1). The vulnerability is a Stored Cross-Site Scripting via the rocketchat shortcode’s title attribute caused by insufficient input sanitization/output escaping in the rxstg_shortcode() function, which directly ...

6.4CVSS5.7AI score0.00181EPSS
Exploits0References3
NVD
NVD
added 2026/06/09 3:16 a.m.11 views

CVE-2026-7556

The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment text in all versions up to, and including, 7.5.49.7212 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS0.00241EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/09 2:28 a.m.36 views

CVE-2026-5714 Enable Media Replace <= 4.1.8 - Authenticated (Author+) Stored Cross-Site Scripting via 'location_dir' Parameter

The Enable Media Replace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘locationdir’ parameter in all versions up to, and including, 4.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...

6.4CVSS0.00181EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/09 2:28 a.m.10 views

EUVD-2026-35293

The Enable Media Replace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘locationdir’ parameter in all versions up to, and including, 4.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...

6.4CVSS5.7AI score0.00181EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/09 2:28 a.m.38 views

CVE-2026-7556 FV Flowplayer Video Player <= 7.5.49.7212 - Unauthenticated Stored Cross-Site Scripting via Comment Text

The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment text in all versions up to, and including, 7.5.49.7212 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS0.00241EPSS
Exploits0References6
CVE
CVE
added 2026/06/09 2:28 a.m.24 views

CVE-2026-7556

The FV Flowplayer Video Player plugin for WordPress is affected by a Stored Cross-Site Scripting (XSS) vulnerability in all versions up to 7.5.49.7212. The issue arises from insufficient input sanitization and output escaping in comment text, allowing unauthenticated attackers to inject web scrip...

7.2CVSS5.7AI score0.00241EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/09 2:28 a.m.6 views

CVE-2026-7556 FV Flowplayer Video Player <= 7.5.49.7212 - Unauthenticated Stored Cross-Site Scripting via Comment Text

The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment text in all versions up to, and including, 7.5.49.7212 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS5.7AI score0.00241EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/09 2:28 a.m.10 views

CVE-2026-5714

The Enable Media Replace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘locationdir’ parameter in all versions up to, and including, 4.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...

6.4CVSS5.7AI score0.00181EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/09 2:28 a.m.11 views

EUVD-2026-35292

The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment text in all versions up to, and including, 7.5.49.7212 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS5.7AI score0.00241EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/09 2:28 a.m.10 views

CVE-2026-7556

The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment text in all versions up to, and including, 7.5.49.7212 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS5.7AI score0.00241EPSS
Exploits0References7
CVE
CVE
added 2026/06/09 2:28 a.m.23 views

CVE-2026-5714

The CVE-2026-5714 entry concerns the WordPress Enable Media Replace plugin. A stored cross-site scripting vulnerability exists via the location_dir parameter in all versions up to 4.1.8, caused by insufficient input sanitization and output escaping. This allows authenticated attackers with Author...

6.4CVSS5.7AI score0.00181EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 2:28 a.m.7 views

CVE-2026-5714 Enable Media Replace <= 4.1.8 - Authenticated (Author+) Stored Cross-Site Scripting via 'location_dir' Parameter

The Enable Media Replace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘locationdir’ parameter in all versions up to, and including, 4.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...

6.4CVSS5.7AI score0.00181EPSS
Exploits0References3
Rows per page
Query Builder