Lucene search
K

264432 matches found

NVD
NVD
added 2026/05/27 7:16 a.m.16 views

CVE-2026-8846

The Tuxquote plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'TUXQUOTE' shortcode in versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes 'title', 'align', and 'width' in the tuxquotebuildforma...

6.4CVSS0.00187EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 7:16 a.m.18 views

CVE-2026-8837

The WP Iframe Geo Style for Amazon affiliates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'adid' Shortcode Attribute in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS0.00187EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 7:16 a.m.16 views

CVE-2026-8842

The Google+ Link Name plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gplusnamelink' shortcode in versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes 'id' and 'name' in the...

6.4CVSS0.00198EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 7:16 a.m.17 views

CVE-2026-8844

The Responsive Check plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rspcheck' shortcode in versions up to, and including, 0.0.3. This is due to insufficient input sanitization and output escaping on the 'url' and 'button' shortcode attributes in the rspccheckshortcode...

6.4CVSS0.00204EPSS
Exploits0References4
NVD
NVD
added 2026/05/27 7:16 a.m.15 views

CVE-2026-8845

The Islamic Database plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'islamicDB-roqya' shortcode in versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user-supplied 'width' and 'height' shortcode attributes within th...

6.4CVSS0.00187EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 7:16 a.m.18 views

CVE-2026-8847

The Dideo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dideo' shortcode in version 1.0. This is due to insufficient input sanitization and output escaping on the 'id' shortcode attribute, which is interpolated directly into an HTML iframe 'src' attribute...

6.4CVSS0.00198EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 7:16 a.m.19 views

CVE-2026-8866

The jQuery googleslides plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'googleslides' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes userid, albumid, authkey, imgmax,...

6.4CVSS0.00235EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 7:16 a.m.9 views

CVE-2026-8048

The My Email Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'subject' shortcode attribute in the 'my-email' shortcode in all versions up to, and including, 0.91 due to insufficient input sanitization and output escaping. This makes it possible for authenticate...

6.4CVSS0.00187EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 7:16 a.m.8 views

CVE-2026-8698

The Cryptocurrency Prijsvergelijking Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0. This is due to insufficient output escaping in the asgetcoinshortcode function, which renders the 'width' and 'height' shortcode attribute directly into the style attribut...

6.4CVSS0.00187EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 7:16 a.m.20 views

CVE-2026-8701

The GNTT Post Title Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0 via the title-ticker-slide, title-ticker-fade, and title-ticker-typing shortcodes. This is due to insufficient input sanitization and output escaping on shortcode attributes notably border,...

6.4CVSS0.00187EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 7:16 a.m.12 views

CVE-2026-8702

The GBI To Print plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0 via the 'div' attribute of the 'gbitoprint' shortcode. This is due to insufficient output escaping in the gbitoprintshortcode function, which concatenates the raw shortcode attribute value directly...

6.4CVSS0.00156EPSS
Exploits0References2
NVD
NVD
added 2026/05/27 7:16 a.m.16 views

CVE-2026-8703

The Endless Scroll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access a...

6.4CVSS0.00187EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 7:16 a.m.16 views

CVE-2026-8707

The NS Product icon badge plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

6.1CVSS0.00211EPSS
Exploits0References5
NVD
NVD
added 2026/05/27 7:16 a.m.12 views

CVE-2026-8760

The Login with OTP plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.6. This is due to an incomplete fix for CVE-2024-11178: the rate-limit/lockout check added to otplloginaction was placed only inside the OTP-generation branch and is never...

9.8CVSS0.00595EPSS
Exploits0References10
NVD
NVD
added 2026/05/27 7:16 a.m.9 views

CVE-2026-8708

The Genzel breadcrumbs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the optionspage function. This makes it possible for unauthenticated attackers to update the plugin's breadcru...

4.3CVSS0.00128EPSS
Exploits0References4
NVD
NVD
added 2026/05/27 7:16 a.m.9 views

CVE-2026-7614

The Old Posts Highlighter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the OPHoptions function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS0.00128EPSS
Exploits0References5
NVD
NVD
added 2026/05/27 7:16 a.m.10 views

CVE-2026-8040

The faq shortocde plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'color' shortcode attribute in the 'faq' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS0.00187EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 7:16 a.m.15 views

CVE-2026-6268

The EventPress WordPress theme before 22.2 does not sanitize or escape the 'id' parameter in the eventpresscustomizernotifydismissaction AJAX handler before outputting it back in the response, allowing unauthenticated attackers to perform Reflected Cross-Site Scripting attacks against logged-in...

7.1CVSS0.00164EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 6:46 a.m.11 views

EUVD-2026-32107

The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lvcaadminajax AJAX action in all versions up to, and including, 3.9.4 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce b...

6.4CVSS5.8AI score0.00223EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/27 6:46 a.m.7 views

CVE-2026-3895 WPBakery Page Builder Addons by Livemesh <= 3.9.4 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting

The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lvcaadminajax AJAX action in all versions up to, and including, 3.9.4 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce b...

6.4CVSS5.8AI score0.00223EPSS
Exploits0References4
Rows per page
Query Builder