Search Results (47123 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-57354 2026-07-02 6.5 Medium
Subscriber Cross Site Scripting (XSS) in JetReviews <= 3.0.0.1 versions.
CVE-2026-57672 2026-07-02 7.1 High
Unauthenticated Cross Site Scripting (XSS) in wpDataTables <= 6.5.1.1 versions.
CVE-2026-57722 2 Shortpixel, Wordpress 2 Enable Media Replace, Wordpress 2026-07-02 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShortPixel Enable Media Replace allows Stored XSS. This issue affects Enable Media Replace: from n/a through 4.2.1.
CVE-2026-57360 2 Implecode, Wordpress 2 Ecommerce Product Catalog, Wordpress 2026-07-02 7.1 High
Unauthenticated Cross Site Scripting (XSS) in eCommerce Product Catalog <= 3.5.4 versions.
CVE-2026-57764 2026-07-02 6.5 Medium
Contributor Cross Site Scripting (XSS) in Surbma | Yoast SEO Breadcrumb Shortcode <= 1.2 versions.
CVE-2026-57686 2026-07-02 7.1 High
Unauthenticated Cross Site Scripting (XSS) in WowAddons <= 1.6.14 versions.
CVE-2026-57678 2 Themepunch, Wordpress 2 Slider Revolution, Wordpress 2026-07-02 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemePunch Slider Revolution allows Reflected XSS. This issue affects Slider Revolution: from 7.0.0 through 7.0.16.
CVE-2026-4772 2026-07-02 5.4 Medium
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in TR7 Cyber ​​Defense Inc. WAF-ASP allows Stored XSS. This issue affects WAF-ASP: from v1.0.324.900 before v1.4.0.117.
CVE-2026-4770 2026-07-02 4.6 Medium
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in TR7 Cyber ​​Defense Inc. Web Application Firewall allows DOM-Based XSS. This issue affects Web Application Firewall: from v1.0.42.239 before v1.4.0.117.
CVE-2026-57737 2 Averta, Wordpress 2 Shortcodes And Extra Features For Phlox Theme, Wordpress 2026-07-02 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta LTD Shortcodes and extra features for Phlox theme allows DOM-Based XSS. This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.17.16.
CVE-2026-57359 2 Reviewx, Wordpress 2 Reviewx, Wordpress 2026-07-02 7.1 High
Unauthenticated Cross Site Scripting (XSS) in ReviewX <= 2.3.10 versions.
CVE-2026-14449 2026-07-02 N/A
u5CMS through v12.8.8 is vulnerable to reflected XSS via the ‘thanks’ parameter in multiple form components
CVE-2026-55660 2026-07-02 N/A
Tina is a headless content management system. In versions prior to @tinacms/app 2.5.6 and tinacms 3.9.3, cross-origin postMessage handlers and a rich-text URL-sanitization bypass enable stored XSS and session takeover. The library registers window message listeners — the useTina overlay handler, the OAuth authentication popup handler, and the admin↔preview iframe GraphQL reducer — that act on event.data without verifying event.origin or event.source and post messages using non-specific target origins, while insufficient URL sanitization in rich-text content allows malicious URLs to persist and execute. A page the victim visits (or a window in an opener/iframe relationship with a Tina admin) can forge messages to drive the editor, inject preview content, or observe/forge the OAuth popup channel to take over an authenticated editing session. This issue has been fixed in versions @tinacms/app 2.5.6 and tinacms 3.9.3.
CVE-2026-57670 2 Codepeople, Wordpress 2 Google Maps Cp, Wordpress 2026-07-02 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Google Maps CP <= 1.2.5 versions.
CVE-2026-57671 2 Perfmatters, Wordpress 2 Perfmatters, Wordpress 2026-07-02 7.1 High
Unauthenticated Cross Site Scripting (XSS) in perfmatters <= 2.6.4 versions.
CVE-2025-69152 2026-07-02 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Artale | Wedding Photography WordPress <= 2.2.2 versions.
CVE-2026-27425 2026-07-02 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Automotive Listings <= 18.6 versions.
CVE-2026-57349 2 Etruel, Wordpress 2 Wpematico Rss Feed Fetcher, Wordpress 2026-07-02 7.1 High
Unauthenticated Cross Site Scripting (XSS) in WPeMatico RSS Feed Fetcher <= 2.8.17 versions.
CVE-2026-57763 2026-07-02 6.5 Medium
Contributor Cross Site Scripting (XSS) in Structured Content <= 1.7.0 versions.
CVE-2026-13704 2026-07-02 6.4 Medium
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sequoia[introduction][image]' parameter in all versions up to, and including, 4.16.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Give Worker-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.