Latest CVE Feed
-
6.4
MEDIUMCVE-2026-1097
The ThemeRuby Multi Authors – Assign Multiple Writers to Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'before' and 'after' shortcode attributes in all versions up to, and including, 1.0.0 due to insufficient input saniti... Read more
Affected Products :- Published: Jan. 24, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2019-25317
Kimai 2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into timesheet descriptions. Attackers can insert SVG-based XSS payloads in the description field to execute arbitrary JavaScript when the p... Read more
Affected Products : kimai- Published: Feb. 11, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-12116
The Drift theme for WordPress is vulnerable to Stored Cross-Site Scripting via the post title in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with ... Read more
Affected Products :- Published: Feb. 19, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2026-0914
The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lw_content_block' shortcode in all versions up to, and including, 3.1.36 due to insufficient input sanitization and output escaping on user suppl... Read more
Affected Products : wp_dsgvo_tools- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-12117
The Renden theme for WordPress is vulnerable to Stored Cross-Site Scripting via the post title in all versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with... Read more
Affected Products :- Published: Feb. 19, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2021-47913
PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor that allows privileged users to inject malicious scripts. Attackers can exploit the WYSIWYG editor to execute persistent scripts, potentially leading to session hi... Read more
Affected Products : php_melody- Published: Feb. 01, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2020-37103
DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbitrary ... Read more
Affected Products : dotnetnuke- Published: Feb. 03, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2019-25264
Snipe-IT 4.7.5 contains a persistent cross-site scripting vulnerability that allows authorized users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags to execute arbitrary JavaScript when the accessory ... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2026-1098
The CM CSS Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' shortcode attribute in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This... Read more
Affected Products :- Published: Jan. 24, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-13738
The Easy Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `ez-toc` shortcode in all versions up to, and including, 2.0.78 due to insufficient input sanitization and output escaping on user supplied attri... Read more
Affected Products :- Published: Feb. 19, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-14525
A flaw was found in kubevirt. A user within a virtual machine (VM), if the guest agent is active, can exploit this by causing the agent to report an excessive number of network interfaces. This action can overwhelm the system's ability to store VM configu... Read more
Affected Products : kubevirt- Published: Jan. 26, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Denial of Service
-
6.4
MEDIUMCVE-2025-14941
The GZSEO plugin for WordPress is vulnerable to authorization bypass leading to Stored Cross-Site Scripting in all versions up to, and including, 2.0.11. This is due to missing capability checks on multiple AJAX handlers combined with insufficient input s... Read more
Affected Products :- Published: Jan. 24, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
6.4
MEDIUMCVE-2026-1244
The Forms Bridge – Infinite integrations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute in the 'financoop_campaign' shortcode in all versions up to, and including, 4.2.5. This is due to insufficient inpu... Read more
Affected Products :- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-9082
The WPBITS Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widget parameters in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping when dynamic content is enabl... Read more
Affected Products : wpbits_addons_for_elementor_page_builder- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-8072
The Target Video Easy Publish plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘placeholder_img’ parameter in all versions up to, and including, 3.8.8 due to insufficient input sanitization and output escaping. This makes it possi... Read more
Affected Products :- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-14039
The Simple Folio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_simple_folio_item_client_name' and '_simple_folio_item_link' meta fields in all versions up to, and including, 1.1.1 due to insufficient input sanitization and ou... Read more
Affected Products :- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2026-1295
The Buy Now Plus – Buy Now buttons for Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buynowplus' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on shortc... Read more
Affected Products :- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-36436
IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to... Read more
Affected Products : cloud_pak_for_business_automation- Published: Feb. 02, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2026-1570
The Simple Bible Verse via Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `verse` shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2026-1922
The The Events Calendar Shortcode & Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `ecs-list-events` shortcode `message` attribute in all versions up to, and including, 3.1.2 due to insufficient input sanitization... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Cross-Site Scripting