Lucene search
K

264432 matches found

NVD
NVD
added 2026/05/27 7:16 a.m.16 views

CVE-2026-8899

The Auto Thumbnail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'thumbnails' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on the shortcode's 'width' and 'height' attributes in the athnthumbnail...

6.4CVSS0.00198EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 7:16 a.m.13 views

CVE-2026-8938

The auto making JSON-LD plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the amJLcertification function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS0.0014EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 7:16 a.m.14 views

CVE-2026-8939

The Search Simple Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the searchsimplefieldsoptions function in functionsadmin.php. This makes it possible for unauthenticated attacke...

4.3CVSS0.0014EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 7:16 a.m.19 views

CVE-2026-8943

The GoStats for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the gostatsmanage function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS0.0014EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 7:16 a.m.18 views

CVE-2026-8911

The WP AutoBuzz plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web script...

6.1CVSS0.00145EPSS
Exploits0References4
NVD
NVD
added 2026/05/27 7:16 a.m.14 views

CVE-2026-8994

The Login with NEAR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.3.3. The ajaxLoginWithNear function — registered as a wpajaxnopriv action and therefore reachable by unauthenticated users — accepts an attacker-supplied account POST parameter...

8.1CVSS0.0039EPSS
Exploits0References5
NVD
NVD
added 2026/05/27 7:16 a.m.14 views

CVE-2026-8877

The Responsive Video Embedder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'remvideo' shortcode in versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes notably 'id' and 'list' in the...

6.4CVSS0.00235EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 7:16 a.m.15 views

CVE-2026-8884

The Instant-Quote.co Quotation Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00217EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 7:16 a.m.18 views

CVE-2026-8887

The Listen Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'listen' shortcode in versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes src, start, end in the listenEmbedJS function,...

6.4CVSS0.00235EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 7:16 a.m.14 views

CVE-2026-8897

The Shortcode Buddy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 0.1.9.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level acces...

6.4CVSS0.00235EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 7:16 a.m.14 views

CVE-2026-8894

The iWR Tooltip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's iwrtooltip shortcode in versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes in the iwrtooltip shortcode handler — the...

6.4CVSS0.00187EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 7:16 a.m.16 views

CVE-2026-8898

The Events In City plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'org-events' shortcode in versions up to, and including, 3.0. This is due to insufficient input sanitization and output escaping on user supplied attributes such as 'organizerid', 'width', 'height',...

6.4CVSS0.00235EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 7:16 a.m.17 views

CVE-2026-8875

The Easy Prism Syntax Highlighter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'code' and 'c' shortcode in versions up to, and including, 1.0.2. This is due to insufficient input sanitization and output escaping on user supplied shortcode attributes in the...

6.4CVSS0.00187EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 7:16 a.m.12 views

CVE-2026-8891

The BitForm plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bitform' shortcode in versions up to, and including, 1.1.0. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes 'width' and 'height' in the...

6.4CVSS0.00193EPSS
Exploits0References4
NVD
NVD
added 2026/05/27 7:16 a.m.15 views

CVE-2026-8869

The Mutual Funds Data plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' shortcode attribute in versions up to, and including, 1.2.1. This is due to insufficient input sanitization and output escaping on the user supplied 'title' attribute in the mfdshortcode...

6.4CVSS0.00235EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 7:16 a.m.16 views

CVE-2026-8870

The Team Master – A Modern WordPress Team Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS0.0019EPSS
Exploits0References2
NVD
NVD
added 2026/05/27 7:16 a.m.19 views

CVE-2026-8872

The Animate Your Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animation-set' shortcode in versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes in the...

6.4CVSS0.00193EPSS
Exploits0References4
NVD
NVD
added 2026/05/27 7:16 a.m.22 views

CVE-2026-8873

The Content Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level acces...

6.4CVSS0.00187EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 7:16 a.m.28 views

CVE-2026-8868

The Single Mailchimp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'single-mailchimp' shortcode in all versions up to, and including, 1.4. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes autocomplete, label,...

6.4CVSS0.00235EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 7:16 a.m.18 views

CVE-2026-8867

The Post Category Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'postcategorygallery' shortcode in versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes such as...

6.4CVSS0.00198EPSS
Exploits0References3
Rows per page
Query Builder