Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-54191 |
|
Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions.
Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions.
|
| CVE-2026-39437 |
|
Cross-Site Scripting (XSS) in CVE-2026-39437 (CVE-2026-39437)
cross-site scripting in CVE-2026-39437 (CVE-2026-39437). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10093 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-10093)
cross-site scripting in wordpress (CVE-2026-10093). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-52702 |
|
Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions.
Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions.
|
| CVE-2026-49773 |
|
Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < 7.5.51.7212 versions.
Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < 7.5.51.7212 versions.
|
| CVE-2026-49055 |
|
Cross-Site Scripting (XSS) in CVE-2026-49055 (CVE-2026-49055)
cross-site scripting in CVE-2026-49055 (CVE-2026-49055). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48966 |
|
Unauthenticated Cross Site Scripting (XSS) in Funnel Builder by FunnelKit <= 3.15.0.2 versions.
Unauthenticated Cross Site Scripting (XSS) in Funnel Builder by FunnelKit <= 3.15.0.2 versions.
|
| CVE-2026-48876 |
|
Unauthenticated Cross Site Scripting (XSS) in Stop Spammers <= 2026.3 versions.
Unauthenticated Cross Site Scripting (XSS) in Stop Spammers <= 2026.3 versions.
|
| CVE-2026-48867 |
|
Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.1.2 versions.
Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.1.2 versions.
|
| CVE-2026-48870 |
|
Subscriber Cross Site Scripting (XSS) in King Addons for Elementor <= 51.1.62 versions.
Subscriber Cross Site Scripting (XSS) in King Addons for Elementor <= 51.1.62 versions.
|
| CVE-2026-48871 |
|
Unauthenticated Cross Site Scripting (XSS) in MW WP Form <= 5.1.3 versions.
Unauthenticated Cross Site Scripting (XSS) in MW WP Form <= 5.1.3 versions.
|
| CVE-2026-48885 |
|
Unauthenticated Cross Site Scripting (XSS) in HollerBox <= 2.3.10.1 versions.
Unauthenticated Cross Site Scripting (XSS) in HollerBox <= 2.3.10.1 versions.
|
| CVE-2026-48880 |
|
Subscriber Cross Site Scripting (XSS) in WP Job Portal <= 2.5.2 versions.
Subscriber Cross Site Scripting (XSS) in WP Job Portal <= 2.5.2 versions.
|
| CVE-2026-48838 |
|
Unauthenticated Cross Site Scripting (XSS) in Post SMTP <= 3.6.2 versions.
Unauthenticated Cross Site Scripting (XSS) in Post SMTP <= 3.6.2 versions.
|
| CVE-2026-42656 |
|
Subscriber Cross Site Scripting (XSS) in Contest Gallery <= 28.1.6 versions.
Subscriber Cross Site Scripting (XSS) in Contest Gallery <= 28.1.6 versions.
|
| CVE-2026-42650 |
|
Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.6.7 versions.
Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.6.7 versions.
|
| CVE-2026-42649 |
|
Unauthenticated Cross Site Scripting (XSS) in Favicon Rotator <= 1.2.11 versions.
Unauthenticated Cross Site Scripting (XSS) in Favicon Rotator <= 1.2.11 versions.
|
| CVE-2026-42775 |
|
Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.7.2 versions.
Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.7.2 versions.
|
| CVE-2026-42688 |
|
Subscriber Cross Site Scripting (XSS) in Modula Image Gallery <= 2.14.23 versions.
Subscriber Cross Site Scripting (XSS) in Modula Image Gallery <= 2.14.23 versions.
|
| CVE-2026-45437 |
|
Cross-Site Scripting (XSS) in CVE-2026-45437 (CVE-2026-45437)
cross-site scripting in CVE-2026-45437 (CVE-2026-45437). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42686 |
|
Subscriber Cross Site Scripting (XSS) in EventPrime <= 4.3.2.1 versions.
Subscriber Cross Site Scripting (XSS) in EventPrime <= 4.3.2.1 versions.
|
| CVE-2026-42663 |
|
Unauthenticated Cross Site Scripting (XSS) in Simple Membership <= 4.7.2 versions.
Unauthenticated Cross Site Scripting (XSS) in Simple Membership <= 4.7.2 versions.
|
| CVE-2026-42658 |
|
Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.3.8 versions.
Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.3.8 versions.
|
| CVE-2026-40787 |
|
Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.0.0 versions.
Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.0.0 versions.
|
| CVE-2026-40791 |
|
Unauthenticated Cross Site Scripting (XSS) in WP Time Slots Booking Form <= 1.2.46 versions.
Unauthenticated Cross Site Scripting (XSS) in WP Time Slots Booking Form <= 1.2.46 versions.
|
| CVE-2026-40770 |
|
Unauthenticated Cross Site Scripting (XSS) in Coupon Affiliates <= 7.5.3 versions.
Unauthenticated Cross Site Scripting (XSS) in Coupon Affiliates <= 7.5.3 versions.
|
| CVE-2026-41556 |
|
Subscriber Cross Site Scripting (XSS) in ProfilePress <= 4.16.13 versions.
Subscriber Cross Site Scripting (XSS) in ProfilePress <= 4.16.13 versions.
|
| CVE-2026-40732 |
|
Unauthenticated Cross Site Scripting (XSS) in Notification for Telegram <= 3.5 versions.
Unauthenticated Cross Site Scripting (XSS) in Notification for Telegram <= 3.5 versions.
|
| CVE-2026-39540 |
|
Subscriber Cross Site Scripting (XSS) in Shipment Tracker for Woocommerce <= 1.5.3.2 versions.
Subscriber Cross Site Scripting (XSS) in Shipment Tracker for Woocommerce <= 1.5.3.2 versions.
|
| CVE-2026-39463 |
|
Unauthenticated Cross Site Scripting (XSS) in ManageWP Worker <= 4.9.31 versions.
Unauthenticated Cross Site Scripting (XSS) in ManageWP Worker <= 4.9.31 versions.
|
| CVE-2026-39491 |
|
Subscriber Cross Site Scripting (XSS) in JupiterX Core <= 4.14.1 versions.
Subscriber Cross Site Scripting (XSS) in JupiterX Core <= 4.14.1 versions.
|
| CVE-2026-39447 |
|
Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments <= 1.6.10.6 versions.
Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments <= 1.6.10.6 versions.
|
| CVE-2026-39451 |
|
Unauthenticated Cross Site Scripting (XSS) in WP Google Review Slider <= 18.0 versions.
Unauthenticated Cross Site Scripting (XSS) in WP Google Review Slider <= 18.0 versions.
|
| CVE-2026-39449 |
|
Unauthenticated Cross Site Scripting (XSS) in Contact Form to Any API <= 3.0.3 versions.
Unauthenticated Cross Site Scripting (XSS) in Contact Form to Any API <= 3.0.3 versions.
|
| CVE-2026-39507 |
|
Unauthenticated Cross Site Scripting (XSS) in Social Slider Feed <= 2.3.2 versions.
Unauthenticated Cross Site Scripting (XSS) in Social Slider Feed <= 2.3.2 versions.
|
| CVE-2026-39514 |
|
Unauthenticated Cross Site Scripting (XSS) in Paid Member Subscriptions <= 2.17.3 versions.
Unauthenticated Cross Site Scripting (XSS) in Paid Member Subscriptions <= 2.17.3 versions.
|
| CVE-2026-34902 |
|
Unauthenticated Cross Site Scripting (XSS) in WooCommerce Product Table Lite <= 4.6.3 versions.
Unauthenticated Cross Site Scripting (XSS) in WooCommerce Product Table Lite <= 4.6.3 versions.
|
| CVE-2025-68840 |
|
Unauthenticated Cross Site Scripting (XSS) in iRobots.txt SEO <= 1.1.2 versions.
Unauthenticated Cross Site Scripting (XSS) in iRobots.txt SEO <= 1.1.2 versions.
|
| CVE-2026-39435 |
|
Unauthenticated Cross Site Scripting (XSS) in CformsII <= 15.1.3 versions.
Unauthenticated Cross Site Scripting (XSS) in CformsII <= 15.1.3 versions.
|
| CVE-2025-68872 |
|
Cross-Site Scripting (XSS) in CVE-2025-68872 (CVE-2025-68872)
cross-site scripting in CVE-2025-68872 (CVE-2025-68872). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-68851 |
|
Unauthenticated Cross Site Scripting (XSS) in Okay Toolkit <= 2.3 versions.
Unauthenticated Cross Site Scripting (XSS) in Okay Toolkit <= 2.3 versions.
|
| CVE-2026-23970 |
|
Unauthenticated Cross Site Scripting (XSS) in Redirection for Contact Form 7 <= 3.2.8 versions.
Unauthenticated Cross Site Scripting (XSS) in Redirection for Contact Form 7 <= 3.2.8 versions.
|
| CVE-2026-34900 |
|
Unauthenticated Cross Site Scripting (XSS) in GiveWP <= 4.14.2 versions.
Unauthenticated Cross Site Scripting (XSS) in GiveWP <= 4.14.2 versions.
|
| CVE-2026-50876 |
|
Cross-Site Scripting (XSS) in CVE-2026-50876 (CVE-2026-50876)
cross-site scripting in CVE-2026-50876 (CVE-2026-50876). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-37216 |
|
Ruoyi 4.8.2 is vulnerable to Cross Site Scripting (XSS) at the interface /system/notice/add.
Ruoyi 4.8.2 is vulnerable to Cross Site Scripting (XSS) at the interface /system/notice/add.
|
| CVE-2026-36521 |
|
Cross-Site Scripting (XSS) in CVE-2026-36521 (CVE-2026-36521)
cross-site scripting in CVE-2026-36521 (CVE-2026-36521). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49294 |
|
Cross-Site Scripting (XSS) in CVE-2026-49294 (CVE-2026-49294)
cross-site scripting in CVE-2026-49294 (CVE-2026-49294). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54265 |
|
Cross-Site Scripting (XSS) in @angular/compiler (CVE-2026-54265)
cross-site scripting in @angular/compiler (CVE-2026-54265). Risk of unauthorized operations or information disclosure. Exploitable via ``innerHTML``.
|
| CVE-2026-50557 |
|
Cross-Site Scripting (XSS) in @angular/core (CVE-2026-50557)
cross-site scripting in @angular/core (CVE-2026-50557). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50556 |
|
Cross-Site Scripting (XSS) in @angular/platform-server (CVE-2026-50556)
cross-site scripting in @angular/platform-server (CVE-2026-50556). Risk of unauthorized operations or information disclosure. Exploitable via ``domino``.
|