Lucene search
K

264251 matches found

EUVD
EUVD
added 2026/05/27 5:31 a.m.10 views

EUVD-2026-32075

The My Email Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'subject' shortcode attribute in the 'my-email' shortcode in all versions up to, and including, 0.91 due to insufficient input sanitization and output escaping. This makes it possible for authenticate...

6.4CVSS6AI score0.00187EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/27 5:31 a.m.8 views

CVE-2026-8871

The Formidable Kinetic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'kineticlink' shortcode in versions up to, and including, 1.1.01. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes notably 'window', 'class', an...

6AI score0.00187EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/27 5:31 a.m.9 views

CVE-2026-8048

The My Email Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'subject' shortcode attribute in the 'my-email' shortcode in all versions up to, and including, 0.91 due to insufficient input sanitization and output escaping. This makes it possible for authenticate...

6AI score0.00187EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/27 5:31 a.m.33 views

CVE-2026-8048 My Email Shortcode <= 0.91 - [Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')]

The My Email Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'subject' shortcode attribute in the 'my-email' shortcode in all versions up to, and including, 0.91 due to insufficient input sanitization and output escaping. This makes it possible for authenticate...

6.4CVSS0.00187EPSS
Exploits0References3
CVE
CVE
added 2026/05/27 5:31 a.m.18 views

CVE-2026-8871

The CVE-2026-8871 entry concerns the WordPress plugin Formidable Kinetic . It is vulnerable to a Stored Cross-Site Scripting (XSS) via the shortcodes using the attribute set of the kinetic_link shortcode, in versions up to and including 1.1.01. The root cause is insufficient input sanitization an...

6.4CVSS6AI score0.00187EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/27 5:31 a.m.12 views

EUVD-2026-32076

The Formidable Kinetic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'kineticlink' shortcode in versions up to, and including, 1.1.01. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes notably 'window', 'class', an...

6.4CVSS6AI score0.00187EPSS
Exploits0References3
CVE
CVE
added 2026/05/27 5:31 a.m.15 views

CVE-2026-8048

The CVE-2026-8048 entry concerns the WordPress plugin My Email Shortcode. Affected: plugin versions up to and including 0.91. Vulnerability: Stored Cross-Site Scripting via the subject attribute of the my-email shortcode, caused by insufficient input sanitization and output escaping. Impact: auth...

6.4CVSS6AI score0.00187EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/27 5:31 a.m.11 views

CVE-2026-8048 My Email Shortcode <= 0.91 - [Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')]

The My Email Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'subject' shortcode attribute in the 'my-email' shortcode in all versions up to, and including, 0.91 due to insufficient input sanitization and output escaping. This makes it possible for authenticate...

6.4CVSS6AI score0.00187EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/27 5:31 a.m.12 views

EUVD-2026-32074

The Animate Your Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animation-set' shortcode in versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes in the...

6.4CVSS6AI score0.00193EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/27 5:31 a.m.7 views

CVE-2026-8872 Animate Your Content <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Animate Your Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animation-set' shortcode in versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes in the...

6.4CVSS6AI score0.00193EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/27 5:31 a.m.33 views

CVE-2026-8871 Formidable Kinetic <= 1.1.01 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Formidable Kinetic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'kineticlink' shortcode in versions up to, and including, 1.1.01. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes notably 'window', 'class', an...

6.4CVSS0.00187EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/27 5:31 a.m.29 views

CVE-2026-8903 Two-factor authentication (formerly IP Vault) <= 2.1 - Cross-Site Request Forgery to Settings Update

The Two-factor authentication formerly IP Vault plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing or incorrect nonce validation on the ipvsavechanges function. This makes it possible for unauthenticated attackers to...

4.3CVSS0.00139EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/27 5:31 a.m.30 views

CVE-2026-8911 WP AutoBuzz <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'googleAccount' Parameter

The WP AutoBuzz plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web script...

6.1CVSS0.00145EPSS
Exploits0References4
CVE
CVE
added 2026/05/27 5:31 a.m.19 views

CVE-2026-8869

CVE-2026-8869 : The WordPress plugin Mutual Funds Data (versions &lt;= 1.2.1) is vulnerable to Stored Cross-Site Scripting via the shortcodes’ title attribute. The root cause is insufficient input sanitization and output escaping in the mfd_shortcode() function, where the user-supplied title is c...

6.4CVSS6AI score0.00235EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/27 5:31 a.m.29 views

CVE-2026-8869 Mutual Funds Data <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute

The Mutual Funds Data plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' shortcode attribute in versions up to, and including, 1.2.1. This is due to insufficient input sanitization and output escaping on the user supplied 'title' attribute in the mfdshortcode...

6.4CVSS0.00235EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/27 5:31 a.m.10 views

EUVD-2026-32073

The Two-factor authentication formerly IP Vault plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing or incorrect nonce validation on the ipvsavechanges function. This makes it possible for unauthenticated attackers to...

4.3CVSS5.7AI score0.00139EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/27 5:31 a.m.7 views

CVE-2026-8869

The Mutual Funds Data plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' shortcode attribute in versions up to, and including, 1.2.1. This is due to insufficient input sanitization and output escaping on the user supplied 'title' attribute in the mfdshortcode...

6AI score0.00235EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/27 5:31 a.m.11 views

CVE-2026-8911 WP AutoBuzz <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'googleAccount' Parameter

The WP AutoBuzz plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web script...

6.1CVSS5.7AI score0.00145EPSS
Exploits0References4
CVE
CVE
added 2026/05/27 5:31 a.m.19 views

CVE-2026-8911

CVE-2026-8911 affects the WordPress plugin WP AutoBuzz (versions &lt;= 1.1.1). The root cause is missing/incorrect nonce validation, enabling CSRF that can update settings and write unsanitized data via update_option, leading to a stored XSS via the googleAccount parameter and bypassing DISALLOW_...

6.1CVSS5.7AI score0.00145EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/27 5:31 a.m.19 views

EUVD-2026-32071

The WP AutoBuzz plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web script...

6.1CVSS5.7AI score0.00145EPSS
Exploits0References4
Rows per page
Query Builder