Latest CVE Feed
-
6.4
MEDIUMCVE-2026-0742
The Smart Appointment & Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the saab_save_form_data AJAX action in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user suppli... Read more
Affected Products :- Published: Feb. 04, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2026-1915
The Simple Plyr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'poster' parameter in the 'plyr' shortcode in all versions up to, and including, 0.0.1 due to insufficient input sanitization and output escaping on user supplied at... Read more
Affected Products :- Published: Feb. 14, 2026
- Modified: Feb. 14, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2026-1939
The Percent to Infograph plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `percent_to_graph` shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attribute... Read more
Affected Products :- Published: Feb. 14, 2026
- Modified: Feb. 14, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2022-50941
BootCommerce 3.2.1 contains persistent input validation vulnerabilities that allow remote attackers to inject malicious script code through guest order checkout input fields. Attackers can exploit unvalidated input parameters to execute arbitrary scripts,... Read more
Affected Products :- Published: Feb. 01, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2022-50797
Stripe Green Downloads Wordpress Plugin 2.03 contains a persistent cross-site scripting vulnerability allowing remote attackers to inject malicious scripts in button label fields. Attackers can exploit input parameters to execute arbitrary scripts, potent... Read more
Affected Products :- Published: Feb. 01, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2020-36998
Forma.lms The E-Learning Suite 2.3.0.2 contains a persistent cross-site scripting vulnerability in multiple course and profile parameters. Attackers can inject malicious scripts in course code, name, description fields, and email parameter to execute arbi... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2026-1888
The Docus – YouTube Video Playlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'docusplaylist' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied ... Read more
Affected Products :- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2019-25263
Zendesk SweetHawk Survey 1.6 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through support ticket submissions. Attackers can insert XSS payloads like script tags into ticket text that automatica... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2020-36955
Grav CMS 1.6.30 with Admin Plugin 1.9.18 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the page title field. Attackers can create a new page with a malicious script in the ... Read more
Affected Products :- Published: Jan. 26, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-8072
The Target Video Easy Publish plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘placeholder_img’ parameter in all versions up to, and including, 3.8.8 due to insufficient input sanitization and output escaping. This makes it possi... Read more
Affected Products :- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-15267
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_accordion_item shortcode in all versions up to, and including, 5.5.7 due to insufficient input sanitization and output escaping on user supplied... Read more
Affected Products : bold_page_builder- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2026-1097
The ThemeRuby Multi Authors – Assign Multiple Writers to Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'before' and 'after' shortcode attributes in all versions up to, and including, 1.0.0 due to insufficient input saniti... Read more
Affected Products :- Published: Jan. 24, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-12159
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_raw_content shortcode in all versions up to, and including, 5.4.8 due to insufficient input sanitization and output escaping on user supplied at... Read more
Affected Products : bold_page_builder- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2026-1922
The The Events Calendar Shortcode & Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `ecs-list-events` shortcode `message` attribute in all versions up to, and including, 3.1.2 due to insufficient input sanitization... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2020-36978
Froxlor Server Management Panel 0.10.16 contains a persistent cross-site scripting vulnerability in customer registration input fields. Attackers can inject malicious scripts through username, name, and firstname parameters to execute code when administra... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2026-1295
The Buy Now Plus – Buy Now buttons for Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buynowplus' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on shortc... Read more
Affected Products :- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2026-0555
The Premmerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premmerce_wizard_actions' AJAX endpoint in all versions up to, and including, 1.3.20. This is due to missing capability checks and insufficient input sanitization and... Read more
Affected Products : premmerce- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2019-25301
Millhouse-Project 1.414 contains a persistent cross-site scripting vulnerability in the comment submission functionality that allows attackers to inject malicious scripts. Attackers can post comments with embedded JavaScript through the 'content' paramete... Read more
Affected Products :- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2022-50952
Banco Guayaquil 8.0.0 mobile iOS application contains a persistent cross-site scripting vulnerability in the TextBox Name Profile input. Attackers can inject malicious script code through a POST request that executes on application review without user int... Read more
Affected Products :- Published: Feb. 01, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2019-25265
Online Inventory Manager 3.2 contains a stored cross-site scripting vulnerability in the group description field of the admin edit groups section. Attackers can inject malicious JavaScript through the description field that will execute when the groups pa... Read more
Affected Products : online_invoicing_system- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Cross-Site Scripting