Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

264249 matches found

EUVD
EUVDadded 2026/05/27 5:31 a.m.12 views

EUVD-2026-32088

The Responsive Check plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rspcheck' shortcode in versions up to, and including, 0.0.3. This is due to insufficient input sanitization and output escaping on the 'url' and 'button' shortcode attributes in the rspccheckshortcode...

6.4CVSS6AI score0.00204EPSS
Exploits0References4
CVE
CVEadded 2026/05/27 5:31 a.m.18 views

CVE-2026-8844

CVE-2026-8844 affects the WordPress plugin Responsive Check (Real-time version) up to 0.0.3. The vulnerability stems from the rspc_check_shortcode() function: the shortcode attributes url and button are echoed into iframe src attributes without proper escaping (esc_attr/esc_url), causing stored X...

6.4CVSS6AI score0.00204EPSS
Exploits0References4
EUVD
EUVDadded 2026/05/27 5:31 a.m.10 views

EUVD-2026-32089

The Dideo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dideo' shortcode in version 1.0. This is due to insufficient input sanitization and output escaping on the 'id' shortcode attribute, which is interpolated directly into an HTML iframe 'src' attribute...

6.4CVSS6AI score0.00198EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/05/27 5:31 a.m.8 views

CVE-2026-8844

The Responsive Check plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rspcheck' shortcode in versions up to, and including, 0.0.3. This is due to insufficient input sanitization and output escaping on the 'url' and 'button' shortcode attributes in the rspccheckshortcode...

6AI score0.00204EPSS
Exploits0References5
CVE
CVEadded 2026/05/27 5:31 a.m.22 views

CVE-2026-8847

The CVE-2026-8847 entry concerns the WordPress Dideo plugin (version 1.0) with a Stored XSS flaw in the dideo shortcode. The root cause is insufficient input sanitization and output escaping on the id attribute, which is inserted into an iframe src without escaping in the dideo() handler. Attacke...

6.4CVSS6AI score0.00198EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/05/27 5:31 a.m.8 views

CVE-2026-8844 Responsive Check <= 0.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Responsive Check plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rspcheck' shortcode in versions up to, and including, 0.0.3. This is due to insufficient input sanitization and output escaping on the 'url' and 'button' shortcode attributes in the rspccheckshortcode...

6.4CVSS6AI score0.00204EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/05/27 5:31 a.m.9 views

CVE-2026-8847 Dideo <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Dideo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dideo' shortcode in version 1.0. This is due to insufficient input sanitization and output escaping on the 'id' shortcode attribute, which is interpolated directly into an HTML iframe 'src' attribute...

6.4CVSS6AI score0.00198EPSS
Exploits0References3
EUVD
EUVDadded 2026/05/27 5:31 a.m.7 views

EUVD-2026-32086

The WP Promoter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetstats function in versions up to, and including, 1.3. The function is hooked to both the wpajaxwpp-resetstats and wpajaxnoprivwpp-resetstats actions and contains n...

5.3CVSS5.8AI score0.00268EPSS
Exploits0References3
EUVD
EUVDadded 2026/05/27 5:31 a.m.11 views

EUVD-2026-32085

The Old Posts Highlighter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the OPHoptions function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS5.7AI score0.00128EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/05/27 5:31 a.m.10 views

CVE-2026-8707

The NS Product icon badge plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

6AI score0.00211EPSS
Exploits0References6
Cvelist
Cvelistadded 2026/05/27 5:31 a.m.33 views

CVE-2026-9014 WP Promoter <= 1.3 - Missing Authorization to Unauthenticated Statistics Reset via wpp-reset_stats AJAX Action

The WP Promoter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetstats function in versions up to, and including, 1.3. The function is hooked to both the wpajaxwpp-resetstats and wpajaxnoprivwpp-resetstats actions and contains n...

5.3CVSS0.00268EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/05/27 5:31 a.m.32 views

CVE-2026-7614 Old Posts Highlighter <= 1.0.3 - Cross-Site Request Forgery to Settings Update

The Old Posts Highlighter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the OPHoptions function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS0.00128EPSS
Exploits0References5
CVE
CVEadded 2026/05/27 5:31 a.m.21 views

CVE-2026-8707

The NS Product icon badge plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF in all versions up to 1.2.4 due to insufficient input sanitization and output escaping. Affected: WordPress plugin NS Product icon badge; vulnerable component: code handling user input/outp...

6.1CVSS6AI score0.00211EPSS
Exploits0References5
EUVD
EUVDadded 2026/05/27 5:31 a.m.10 views

EUVD-2026-32087

The NS Product icon badge plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

6.1CVSS6AI score0.00211EPSS
Exploits0References5
CVE
CVEadded 2026/05/27 5:31 a.m.17 views

CVE-2026-9014

The CVE describes a vulnerability in the WordPress WP Promoter plugin (versions

5.3CVSS5.8AI score0.00268EPSS
Exploits0References3
CVE
CVEadded 2026/05/27 5:31 a.m.23 views

CVE-2026-7614

CVE-2026-7614 affects the WordPress plugin Old Posts Highlighter up to version 1.0.3. The root cause is missing or incorrect nonce validation on the OPH_options function, enabling Cross-Site Request Forgery. This allows unauthenticated attackers to update the plugin’s configuration by deceiving a...

4.3CVSS5.7AI score0.00128EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/05/27 5:31 a.m.31 views

CVE-2026-8707 NS Product icon badge <= 1.2.4 - Reflected Cross-Site Scripting via PHP_SELF

The NS Product icon badge plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

6.1CVSS0.00211EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/05/27 5:31 a.m.9 views

CVE-2026-7614

The Old Posts Highlighter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the OPHoptions function. This makes it possible for unauthenticated attackers to update the plugin's...

5.7AI score0.00128EPSS
Exploits0References6
ATTACKERKB
ATTACKERKBadded 2026/05/27 5:31 a.m.9 views

CVE-2026-9014

The WP Promoter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetstats function in versions up to, and including, 1.3. The function is hooked to both the wpajaxwpp-resetstats and wpajaxnoprivwpp-resetstats actions and contains n...

5.3CVSS5.8AI score0.00268EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/05/27 5:31 a.m.11 views

CVE-2026-8707 NS Product icon badge <= 1.2.4 - Reflected Cross-Site Scripting via PHP_SELF

The NS Product icon badge plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

6.1CVSS6AI score0.00211EPSS
Exploits0References5
Rows per page
Query Builder