Export limit exceeded: 46988 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46988 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-57333 | 2 Spencer Haws, Wordpress | 2 Link Whisper Free, Wordpress | 2026-06-29 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Link Whisper Free <= 0.9.4 versions. | ||||
| CVE-2026-57336 | 2 Astoundify, Wordpress | 2 Jobify, Wordpress | 2026-06-29 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Jobify <= 4.3.2 versions. | ||||
| CVE-2026-57338 | 2 Reputeinfosystems, Wordpress | 2 Arforms, Wordpress | 2026-06-29 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in ARForms <= 7.1.2 versions. | ||||
| CVE-2026-50765 | 1 Koha | 1 Library Management System | 2026-06-29 | 6.1 Medium |
| A stored cross-site scripting (XSS) vulnerability in the patron restriction type administration page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the restriction type label (display_text field). | ||||
| CVE-2026-50767 | 1 Koha | 1 Library Management System | 2026-06-29 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the item type administration page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the item type check-in message field (checkinmsg). | ||||
| CVE-2025-68074 | 2 Ghozylab, Wordpress | 2 Image Carousel, Wordpress | 2026-06-29 | 6.5 Medium |
| Contributor Cross Site Scripting (XSS) in Image Carousel <= 1.0.0.41 versions. | ||||
| CVE-2025-68075 | 2 Kerry, Wordpress | 2 Bne Testimonials, Wordpress | 2026-06-29 | 6.5 Medium |
| Contributor Cross Site Scripting (XSS) in BNE Testimonials <= 2.0.8 versions. | ||||
| CVE-2026-56039 | 2 Wordpress, Wordpress.com | 2 Wordpress, Quick Interest Slider | 2026-06-29 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Quick Interest Slider <= 3.1.6 versions. | ||||
| CVE-2026-56040 | 2 Wordpress, Wordpress.com | 2 Wordpress, Gutenverse Form | 2026-06-29 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Gutenverse Form <= 2.4.7 versions. | ||||
| CVE-2026-56047 | 2 Perfmatters, Powered Kinsta + Generatepress Docs Changelog Feature Requests Legal Affiliate Contact, Wordpress | 2 Perfmatters, Wordpress | 2026-06-29 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in perfmatters <= 2.6.3 versions. | ||||
| CVE-2026-57325 | 2 Jellywp, Wordpress | 2 Nanomag, Wordpress | 2026-06-29 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in NanoMag <= 1.8 versions. | ||||
| CVE-2026-57618 | 2 Themeisle, Wordpress | 2 Neve Pro, Wordpress | 2026-06-29 | 6.5 Medium |
| Contributor Cross Site Scripting (XSS) in Neve PRO <= 3.1.2 versions. | ||||
| CVE-2026-57638 | 2 Wordpress, Wpmanageninja | 2 Wordpress, Fluent Booking | 2026-06-29 | 6.5 Medium |
| Contributor Cross Site Scripting (XSS) in Fluent Booking <= 2.1.0 versions. | ||||
| CVE-2026-57651 | 2 Nk, Wordpress | 2 Ghost Kit, Wordpress | 2026-06-29 | 6.5 Medium |
| Contributor Cross Site Scripting (XSS) in Ghost Kit <= 3.6.0 versions. | ||||
| CVE-2026-57656 | 2 Peregrinethemes, Wordpress | 2 Hester Core, Wordpress | 2026-06-29 | 5.9 Medium |
| Author Cross Site Scripting (XSS) in Hester Core <= 1.1.8 versions. | ||||
| CVE-2026-31928 | 1 Daktronics | 3 Dmp-5000, Dmp-8000, Vfc-dmp-5000 | 2026-06-29 | 8.1 High |
| The DMP-5000 devices are shipped with a default administrative web account with weak authentication controls, which are not required to be changed during initial configuration or operation. Using these accounts provides full system access. | ||||
| CVE-2026-13335 | 2 Codepeople, Wordpress | 2 Codepeople Post Map For Google Maps, Wordpress | 2026-06-29 | 6.4 Medium |
| The CodePeople Post Map for Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'cpm_point' Post Meta in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-13245 | 2 Maxfoundry, Wordpress | 2 Maxbuttons – Create Buttons, Wordpress | 2026-06-29 | 6.1 Medium |
| The MaxButtons – Create buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'view' parameter in all versions up to, and including, 9.8.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2026-9677 | 2 Shariff For Wordpress, Wordpress | 2 Shariff For Wordpress, Wordpress | 2026-06-29 | 4.8 Medium |
| The Shariff for WordPress Shariff for WordPress plugin through 1.0.11 does not sanitize or escape the shariff_infourl setting before outputting it in the frontend HTML via the generateshariff() function, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2026-11597 | 2 Surbma, Wordpress | 2 Surbma | Infusionsoft Shortcode, Wordpress | 2026-06-29 | 6.4 Medium |
| The Surbma | Infusionsoft Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'infusionsoft-form' shortcode in versions up to, and including, 2.0.1. This is due to insufficient input sanitization and output escaping on user-supplied 'account' and 'id' shortcode attributes in the surbma_infusionsoft_shortcode_shortcode() function, which are concatenated directly into a <script> tag's src attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||