Latest CVE Feed
-
6.4
MEDIUMCVE-2019-25264
Snipe-IT 4.7.5 contains a persistent cross-site scripting vulnerability that allows authorized users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags to execute arbitrary JavaScript when the accessory ... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2026-1252
The Events Listing Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Event URL' parameter in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for au... Read more
Affected Products :- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2019-25294
html5_snmp 1.11 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through the 'Remark' parameter in add_router_operation.php. Attackers can craft a POST request with a script payload in the Remark f... Read more
Affected Products :- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2026-1573
The OMIGO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `omigo_donate_button` shortcode in all versions up to, and including, 3.3 due to insufficient input sanitization and output escaping on user supplied attributes. ... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2026-1608
The Video Onclick plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `youtube` shortcode in all versions up to, and including, 0.4.7 due to insufficient input sanitization and output escaping on user supplied attributes. Th... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2026-1611
The Wikiloops Track Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `wikiloops` shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied att... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2026-1570
The Simple Bible Verse via Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `verse` shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-13463
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Grid component in all versions up to, and including, 5.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenti... Read more
Affected Products : bold_page_builder- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2026-1804
The WDES Responsive Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wdes-popup-title' shortcode in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping on user suppli... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2026-1809
The HTML Tag Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This ma... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2026-1821
The Microtango plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'restkey' parameter of the mt_reservation shortcode in all versions up to, and including, 0.9.29 due to insufficient input sanitization and output escaping. This make... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2021-47914
PHP Melody version 3.0 contains a persistent cross-site scripting vulnerability in the edit-video.php submitted parameter that allows remote attackers to inject malicious script code. Attackers can exploit this vulnerability to execute arbitrary JavaScrip... Read more
Affected Products : php_melody- Published: Feb. 01, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2026-0557
The WP Data Access plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpda_app' shortcode in all versions up to, and including, 5.5.63 due to insufficient input sanitization and output escaping on user supplied attributes.... Read more
Affected Products :- Published: Feb. 14, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2026-1187
The ZoomifyWP Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filename' parameter of the 'zoomify' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user suppl... Read more
Affected Products :- Published: Feb. 14, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2026-0736
The Chatbot for WordPress by Collect.chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_inpost_head_script[synth_header_script]' post meta field in all versions up to, and including, 2.4.8 due to insufficient input sanitizati... Read more
Affected Products : collect.chat- Published: Feb. 14, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-14851
The YaMaps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `yamap` shortcode parameters in all versions up to, and including, 0.6.40 due to insufficient input sanitization and output escaping on user supplied attrib... Read more
Affected Products :- Published: Feb. 19, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-14983
The Advanced Custom Fields: Font Awesome Field plugin for WordPress is vulnerable to Cross-Site Scripting in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping. This makes it possible forauthenticated attac... Read more
Affected Products :- Published: Feb. 19, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-13048
The StatCounter – Free Real Time Visitor Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user's Nickname in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it ... Read more
Affected Products :- Published: Feb. 19, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2026-0556
The XO Event Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xo_event_field' shortcode in all versions up to, and including, 3.2.10 due to insufficient input sanitization and output escaping on user supplied at... Read more
Affected Products :- Published: Feb. 19, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2020-36931
Click2Magic 1.1.5 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts in the chat name input. Attackers can craft a malicious payload in the chat name to capture administrator cookies when the admin proce... Read more
Affected Products :- Published: Jan. 25, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting