Lucene search
K

264251 matches found

Vulnrichment
Vulnrichment
added 2026/05/27 5:31 a.m.11 views

CVE-2026-8903 Two-factor authentication (formerly IP Vault) <= 2.1 - Cross-Site Request Forgery to Settings Update

The Two-factor authentication formerly IP Vault plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing or incorrect nonce validation on the ipvsavechanges function. This makes it possible for unauthenticated attackers to...

4.3CVSS5.7AI score0.00139EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/27 5:31 a.m.9 views

CVE-2026-8869 Mutual Funds Data <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute

The Mutual Funds Data plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' shortcode attribute in versions up to, and including, 1.2.1. This is due to insufficient input sanitization and output escaping on the user supplied 'title' attribute in the mfdshortcode...

6.4CVSS6AI score0.00235EPSS
Exploits0References3
CVE
CVE
added 2026/05/27 5:31 a.m.18 views

CVE-2026-8903

The CVE concerns the WordPress plugin “Two-factor authentication (formerly IP Vault)” up to version 2.1. It is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation in ipv_save_changes. This allows unauthenticated attackers to modify the plugin’s firewall and two-f...

4.3CVSS5.7AI score0.00139EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/27 5:31 a.m.6 views

CVE-2026-8866

The jQuery googleslides plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'googleslides' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes userid, albumid, authkey, imgmax,...

6AI score0.00235EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/27 5:31 a.m.32 views

CVE-2026-8898 Events In City <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Events In City plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'org-events' shortcode in versions up to, and including, 3.0. This is due to insufficient input sanitization and output escaping on user supplied attributes such as 'organizerid', 'width', 'height',...

6.4CVSS0.00235EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/27 5:31 a.m.7 views

EUVD-2026-32070

The Events In City plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'org-events' shortcode in versions up to, and including, 3.0. This is due to insufficient input sanitization and output escaping on user supplied attributes such as 'organizerid', 'width', 'height',...

6.4CVSS6AI score0.00235EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/27 5:31 a.m.30 views

CVE-2026-8866 jQuery googleslides <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The jQuery googleslides plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'googleslides' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes userid, albumid, authkey, imgmax,...

6.4CVSS0.00235EPSS
Exploits0References3
CVE
CVE
added 2026/05/27 5:31 a.m.19 views

CVE-2026-8866

The CVE-2026-8866 entry concerns the jQuery googleslides plugin for WordPress (versions up to 1.3). The vulnerability is a Stored Cross-Site Scripting flaw in the googleslides_handler() function, caused by insufficient input sanitization and output escaping of shortcode attributes (userid, albumi...

6.4CVSS6AI score0.00235EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/27 5:31 a.m.10 views

EUVD-2026-32069

The jQuery googleslides plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'googleslides' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes userid, albumid, authkey, imgmax,...

6.4CVSS6AI score0.00235EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/27 5:31 a.m.7 views

CVE-2026-8866 jQuery googleslides <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The jQuery googleslides plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'googleslides' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes userid, albumid, authkey, imgmax,...

6.4CVSS6AI score0.00235EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/27 5:31 a.m.10 views

CVE-2026-8898 Events In City <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Events In City plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'org-events' shortcode in versions up to, and including, 3.0. This is due to insufficient input sanitization and output escaping on user supplied attributes such as 'organizerid', 'width', 'height',...

6.4CVSS6AI score0.00235EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/27 5:31 a.m.12 views

EUVD-2026-32068

The GoStats for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the gostatsmanage function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS5.7AI score0.0014EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/27 5:31 a.m.9 views

EUVD-2026-32066

The GNTT Post Title Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0 via the title-ticker-slide, title-ticker-fade, and title-ticker-typing shortcodes. This is due to insufficient input sanitization and output escaping on shortcode attributes notably border,...

6.4CVSS6AI score0.00187EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/27 5:31 a.m.7 views

CVE-2026-8943

The GoStats for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the gostatsmanage function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS5.7AI score0.0014EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/27 5:31 a.m.29 views

CVE-2026-8701 GNTT Post Title Ticker <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The GNTT Post Title Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0 via the title-ticker-slide, title-ticker-fade, and title-ticker-typing shortcodes. This is due to insufficient input sanitization and output escaping on shortcode attributes notably border,...

6.4CVSS0.00187EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/27 5:31 a.m.8 views

CVE-2026-8941

The CDN Linker lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the ossdloffoptions function. This makes it possible for unauthenticated attackers to update the plugin's settings ...

4.3CVSS5.7AI score0.0014EPSS
Exploits0References4
CVE
CVE
added 2026/05/27 5:31 a.m.18 views

CVE-2026-8941

The CVE concerns the WordPress plugin CDN Linker lite (

4.3CVSS5.7AI score0.0014EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/27 5:31 a.m.30 views

CVE-2026-8943 GoStats for WordPress <= 1.4 - Cross-Site Request Forgery via gostats_manage() Function

The GoStats for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the gostatsmanage function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS0.0014EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/27 5:31 a.m.10 views

EUVD-2026-32067

The CDN Linker lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the ossdloffoptions function. This makes it possible for unauthenticated attackers to update the plugin's settings ...

4.3CVSS5.7AI score0.0014EPSS
Exploits0References3
CVE
CVE
added 2026/05/27 5:31 a.m.18 views

CVE-2026-8701

The CVE-2026-8701 entry describes a Stored XSS in the WordPress plugin GNTT Post Title Ticker (versions

6.4CVSS6AI score0.00187EPSS
Exploits0References3
Rows per page
Query Builder