|
1461
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Responsive Video Embedder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rem_video' shortcode in versions up to, and including, 0.1. This is due to insufficient input …
|
CWE-79
Cross-site Scripting
|
CVE-2026-8877
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1462
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Instant-Quote.co Quotation Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.3.4 due to insufficient input sa…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8884
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1463
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The hk_shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title-plane' shortcode in versions up to, and including, 1.0. This is due to insufficient input sanitizatio…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8886
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1464
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Listen Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'listen' shortcode in versions up to, and including, 1.0. This is due to insufficient input sanitization…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8887
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1465
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The BitForm plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bitform' shortcode in versions up to, and including, 1.1.0. This is due to insufficient input sanitizat…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8891
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1466
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The iWR Tooltip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `iwrtooltip` shortcode in versions up to, and including, 1.0. This is due to insufficient input sani…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8894
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1467
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Shortcode Buddy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 0.1.9.5 due to insufficient input sanitization and…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8897
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1468
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Events In City plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'org-events' shortcode in versions up to, and including, 3.0. This is due to insufficient input sanitizati…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8898
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1469
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Auto Thumbnail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'thumbnails' shortcode in all versions up to, and including, 1.0. This is due to insufficient input saniti…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8899
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1470
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Two-factor authentication (formerly IP Vault) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing or incorrect nonce…
|
CWE-352
Origin Validation Error
|
CVE-2026-8903
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
