Lucene search
K

264410 matches found

CVE
CVE
added 2026/05/27 5:31 a.m.17 views

CVE-2026-9200

CVE-2026-9200 affects the WordPress Query Shortcode plugin, vulnerable up to version 0.2.1. The vulnerability exists in the shortcode function, enabling Local File Inclusion. An authenticated attacker with contributor-level access or higher could include and execute arbitrary PHP files on the ser...

7.5CVSS6.4AI score0.00495EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/27 5:31 a.m.7 views

CVE-2026-8870

The Team Master – A Modern WordPress Team Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6AI score0.0019EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/27 5:31 a.m.7 views

CVE-2026-9200

The Query Shortcode plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.2.1 via the shortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary .php files on the...

7.5CVSS6.4AI score0.00495EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/27 5:31 a.m.6 views

CVE-2026-8702

The GBI To Print plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0 via the 'div' attribute of the 'gbitoprint' shortcode. This is due to insufficient output escaping in the gbitoprintshortcode function, which concatenates the raw shortcode attribute value directly...

6AI score0.00156EPSS
Exploits0References3
CVE
CVE
added 2026/05/27 5:31 a.m.24 views

CVE-2026-8870

The Team Master – A Modern WordPress Team Showcase plugin for WordPress (versions up to 1.1.2) is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes due to insufficient input sanitization and output escaping. Authenticated attackers with contributor-level access can inject arbitra...

6.4CVSS6AI score0.0019EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/27 5:31 a.m.10 views

CVE-2026-8702 GBI To Print <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'div' Shortcode Attribute

The GBI To Print plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0 via the 'div' attribute of the 'gbitoprint' shortcode. This is due to insufficient output escaping in the gbitoprintshortcode function, which concatenates the raw shortcode attribute value directly...

6.4CVSS6AI score0.00156EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/27 5:31 a.m.7 views

CVE-2026-8939

The Search Simple Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the searchsimplefieldsoptions function in functionsadmin.php. This makes it possible for unauthenticated attacke...

4.3CVSS5.7AI score0.0014EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/27 5:31 a.m.7 views

CVE-2026-8938 auto making JSON-LD <= 4.5.3 - Cross-Site Request Forgery to Plugin Certification Settings via Nonce Validation Bypass

The auto making JSON-LD plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the amJLcertification function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS5.7AI score0.0014EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/27 5:31 a.m.32 views

CVE-2026-8939 Search Simple Fields <= 0.2 - Cross-Site Request Forgery to Plugin Settings Update

The Search Simple Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the searchsimplefieldsoptions function in functionsadmin.php. This makes it possible for unauthenticated attacke...

4.3CVSS0.0014EPSS
Exploits0References3
CVE
CVE
added 2026/05/27 5:31 a.m.21 views

CVE-2026-8842

The CVE-2026-8842 vulnerability affects the WordPress plugin Google+ Link Name (versions

6.4CVSS6AI score0.00198EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/27 5:31 a.m.11 views

CVE-2026-8938

The auto making JSON-LD plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the amJLcertification function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS5.7AI score0.0014EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/27 5:31 a.m.6 views

CVE-2026-8939 Search Simple Fields <= 0.2 - Cross-Site Request Forgery to Plugin Settings Update

The Search Simple Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the searchsimplefieldsoptions function in functionsadmin.php. This makes it possible for unauthenticated attacke...

4.3CVSS5.7AI score0.0014EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/27 5:31 a.m.8 views

CVE-2026-8842 Google+ Link Name <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Google+ Link Name plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gplusnamelink' shortcode in versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes 'id' and 'name' in the...

6.4CVSS6AI score0.00198EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/27 5:31 a.m.31 views

CVE-2026-8938 auto making JSON-LD <= 4.5.3 - Cross-Site Request Forgery to Plugin Certification Settings via Nonce Validation Bypass

The auto making JSON-LD plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the amJLcertification function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS0.0014EPSS
Exploits0References3
CVE
CVE
added 2026/05/27 5:31 a.m.18 views

CVE-2026-8939

The CVE-2026-8939 entry concerns the WordPress plugin Search Simple Fields (

4.3CVSS5.7AI score0.0014EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/27 5:31 a.m.7 views

EUVD-2026-32059

The Search Simple Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the searchsimplefieldsoptions function in functionsadmin.php. This makes it possible for unauthenticated attacke...

4.3CVSS5.7AI score0.0014EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/27 5:31 a.m.27 views

CVE-2026-8842 Google+ Link Name <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Google+ Link Name plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gplusnamelink' shortcode in versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes 'id' and 'name' in the...

6.4CVSS0.00198EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/27 5:31 a.m.9 views

EUVD-2026-32058

The Google+ Link Name plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gplusnamelink' shortcode in versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes 'id' and 'name' in the...

6.4CVSS6AI score0.00198EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/27 5:31 a.m.10 views

EUVD-2026-32060

The auto making JSON-LD plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the amJLcertification function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS5.7AI score0.0014EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/27 5:31 a.m.8 views

CVE-2026-8842

The Google+ Link Name plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gplusnamelink' shortcode in versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes 'id' and 'name' in the...

6AI score0.00198EPSS
Exploits0References4
Rows per page
Query Builder