Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

263203 matches found

Vulnrichment
Vulnrichmentadded 2026/06/09 3:41 a.m.5 views

CVE-2026-10553 jQuery Hover Footnotes <= 1.4 - Cross-Site Request Forgery to Plugin Settings Update

The jQuery Hover Footnotes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the jqFootnotesoptionssubpanel function. This makes it possible for unauthenticated attackers to update th...

4.3CVSS5.5AI score0.00145EPSS
Exploits0References4
EUVD
EUVDadded 2026/06/09 3:41 a.m.7 views

EUVD-2026-35316

The Product Filter Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via 'argsfilterFormArray' Parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS5.7AI score0.00205EPSS
Exploits0References2
CVE
CVEadded 2026/06/09 3:41 a.m.16 views

CVE-2026-8904

The CVE-2026-8904 entry concerns the WordPress plugin FastPicker, up to version 1.0.2. The underlying issue is missing or incorrect nonce validation in the settingsPage function, enabling Cross-Site Request Forgery. This allows unauthenticated attackers to modify plugin settings (e.g., webhook in...

4.3CVSS5.4AI score0.00124EPSS
Exploits0References3
CVE
CVEadded 2026/06/09 3:41 a.m.14 views

CVE-2026-11603

CVE-2026-11603 affects the WordPress plugin Product Filter Widget for Elementor , vulnerable in all versions up to 1.0.6. The root cause is reflected Cross-Site Scripting via the args[filterFormArray] parameter, due to insufficient input sanitization and output escaping. The endpoint is registere...

6.1CVSS5.7AI score0.00205EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/06/09 3:41 a.m.29 views

CVE-2026-10738 jQuery Hover Footnotes <= 1.4 - Authenticated (Author+) Stored Cross-Site Scripting via Footnote Qualifier ('{{...}}' Syntax)

The jQuery Hover Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Footnote Qualifier '...' Syntax in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00261EPSS
Exploits0References5
CVE
CVEadded 2026/06/09 3:41 a.m.11 views

CVE-2026-10738

The CVE concerns the WordPress plugin jQuery Hover Footnotes, vulnerable in all versions up to 1.4. The root cause is insufficient input sanitization and output escaping in the Footnote Qualifier using a {{...}} syntax, enabling Stored XSS for authenticated users with author-level access and abov...

6.4CVSS5.7AI score0.00261EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/06/09 3:41 a.m.6 views

CVE-2026-8882 WP ApplicantStack Jobs Display <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The WP ApplicantStack Jobs Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.7AI score0.00187EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/06/09 3:41 a.m.28 views

CVE-2026-8882 WP ApplicantStack Jobs Display <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The WP ApplicantStack Jobs Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00187EPSS
Exploits0References3
EUVD
EUVDadded 2026/06/09 3:41 a.m.6 views

EUVD-2026-35312

The jQuery Hover Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Footnote Qualifier '...' Syntax in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.7AI score0.00261EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/06/09 3:41 a.m.31 views

CVE-2026-8910 WP Emoticon Rating <= 1.0.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting via 'emo_settings' Parameter

The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web...

6.1CVSS0.0012EPSS
Exploits0References7
EUVD
EUVDadded 2026/06/09 3:41 a.m.9 views

EUVD-2026-35313

The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web...

6.1CVSS5.4AI score0.0012EPSS
Exploits0References7
Vulnrichment
Vulnrichmentadded 2026/06/09 3:41 a.m.6 views

CVE-2026-8910 WP Emoticon Rating <= 1.0.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting via 'emo_settings' Parameter

The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web...

6.1CVSS5.4AI score0.0012EPSS
Exploits0References7
CVE
CVEadded 2026/06/09 3:41 a.m.13 views

CVE-2026-8910

The CVE refers to the WordPress plugin WP Emoticon Rating (versions

6.1CVSS5.4AI score0.0012EPSS
Exploits0References7
Vulnrichment
Vulnrichmentadded 2026/06/09 3:41 a.m.6 views

CVE-2026-8977 WP GDPR Cookie Consent <= 1.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'ninja_gdpr_ajax_actions' AJAX Action

The WP GDPR Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ninjagdprajaxactions' AJAX action in versions up to, and including, 1.0.0. This is due to missing capability and nonce checks on the handleAjaxCalls function, combined with insufficient input...

6.4CVSS5.7AI score0.00193EPSS
Exploits0References5
CVE
CVEadded 2026/06/09 3:41 a.m.14 views

CVE-2026-7662

CVE-2026-7662 describes a Stored Cross-Site Scripting vulnerability in the WordPress plugin ePaperFlip Publisher (versions

6.4CVSS5.7AI score0.00198EPSS
Exploits0References3
CVE
CVEadded 2026/06/09 3:41 a.m.13 views

CVE-2026-8977

The WP GDPR Cookie Consent plugin for WordPress (versions up to and including 1.0.0) is vulnerable to Stored Cross-Site Scripting via the ninja_gdpr_ajax_actions AJAX action. The root cause is multi-fold: missing capability and nonce checks in handleAjaxCalls(), insufficient input sanitization of...

6.4CVSS5.7AI score0.00193EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/06/09 3:41 a.m.28 views

CVE-2026-7662 ePaperFlip Publisher <= 1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'publicationid' Shortcode Attribute

The ePaperFlip Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'publicationid' attribute of the epaperflipembed shortcode in all versions up to, and including, 1. This is due to insufficient input sanitization and output escaping on the shortcode attribute whic...

6.4CVSS0.00198EPSS
Exploits0References3
EUVD
EUVDadded 2026/06/09 3:41 a.m.7 views

EUVD-2026-35309

The ePaperFlip Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'publicationid' attribute of the epaperflipembed shortcode in all versions up to, and including, 1. This is due to insufficient input sanitization and output escaping on the shortcode attribute whic...

6.4CVSS5.7AI score0.00198EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/06/09 3:41 a.m.30 views

CVE-2026-8977 WP GDPR Cookie Consent <= 1.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'ninja_gdpr_ajax_actions' AJAX Action

The WP GDPR Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ninjagdprajaxactions' AJAX action in versions up to, and including, 1.0.0. This is due to missing capability and nonce checks on the handleAjaxCalls function, combined with insufficient input...

6.4CVSS0.00193EPSS
Exploits0References5
EUVD
EUVDadded 2026/06/09 3:41 a.m.5 views

EUVD-2026-35310

The WP GDPR Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ninjagdprajaxactions' AJAX action in versions up to, and including, 1.0.0. This is due to missing capability and nonce checks on the handleAjaxCalls function, combined with insufficient input...

6.4CVSS5.7AI score0.00193EPSS
Exploits0References5
Rows per page
Query Builder