263203 matches found
WordPress SEO Redirection plugin <= 9.17 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by dodoh4t in WordPress Plugin SEO Redirection versions = 9.17...
WordPress Fediverse Embeds plugin <= 1.5.7 - Unauthenticated SSRF vulnerability
Unauthenticated SSRF vulnerability discovered by 0xBassia in WordPress Plugin Fediverse Embeds versions = 1.5.7...
Exploit for CVE-2026-8809
CVE-2026-8809 Advanced Custom Fields: Extended = 0.9.2.5 -...
CVE-2026-9269
The Secure Copy Content Protection and Content Locking WordPress plugin before 5.1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for...
CVE-2026-9269 Secure Copy Content Protection and Content Locking < 5.1.5 - Admin+ Stored XSS via ays_sccp_sub_icon_image Parameter
The Secure Copy Content Protection and Content Locking WordPress plugin before 5.1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for...
EUVD-2026-36387
The Secure Copy Content Protection and Content Locking WordPress plugin before 5.1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for...
CVE-2026-9269 Secure Copy Content Protection and Content Locking < 5.1.5 - Admin+ Stored XSS via ays_sccp_sub_icon_image Parameter
The Secure Copy Content Protection and Content Locking WordPress plugin before 5.1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for...
CVE-2026-9269
The CVE pertains to the WordPress plugin “Secure Copy Content Protection and Content Locking” prior to version 5.1.5, which fails to sanitize and escape certain settings. This enables Stored XSS for high-privilege users (e.g., admin), even when unfiltered_html is disallowed (such as in multisite ...
CVE-2026-47365
Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CLI commands as another account...
WordPress Fediverse Embeds plugin <= 1.5.7 - Unauthenticated SSRF vulnerability
Unauthenticated SSRF vulnerability discovered by 0xBassia in WordPress Plugin Fediverse Embeds versions = 1.5.7...
EUVD-2026-36376
Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CLI commands as another account...
CVE-2026-47365
CVE-2026-47365 affects WordPress Toolkit (before 6.11.0) as used in cPanel & WHM. An argument injection flaw enables remote authenticated users to bypass cross-tenant authorization and run arbitrary wp-toolkit CLI commands as another account. The description and connected records confirm the affe...
CVE-2026-47365
Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CLI commands as another account...
CVE-2026-47365
Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CLI commands as another account...
CVE-2026-9125
The Presto Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'linkurl' parameter of the prestoplayeroverlay shortcode in versions up to, and including, 4.2.0 This is due to insufficient input sanitization and output escaping in the getOverlays function, which copies...
EUVD-2026-36372
The Presto Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'linkurl' parameter of the prestoplayeroverlay shortcode in versions up to, and including, 4.2.0 This is due to insufficient input sanitization and output escaping in the getOverlays function, which copies...
CVE-2026-9125 The Ultimate Video Player For WordPress <= 4.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'link_url' Shortcode Attribute
The Presto Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'linkurl' parameter of the prestoplayeroverlay shortcode in versions up to, and including, 4.2.0 This is due to insufficient input sanitization and output escaping in the getOverlays function, which copies...
CVE-2026-9125 The Ultimate Video Player For WordPress <= 4.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'link_url' Shortcode Attribute
The Presto Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'linkurl' parameter of the prestoplayeroverlay shortcode in versions up to, and including, 4.2.0 This is due to insufficient input sanitization and output escaping in the getOverlays function, which copies...
PT-2026-48837
Name of the Vulnerable Software and Affected Versions WP Time Slots Booking Form versions prior to 1.2.47 Description Unauthenticated Cross Site Scripting XSS allows an attacker to execute malicious scripts in the browser of a user without requiring authentication. Recommendations Update to a...
PT-2026-48832
The Secure Copy Content Protection and Content Locking WordPress plugin before 5.1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered html capability is disallowed for...