Search Results (47210 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-57675 2 Jacob N. Breetvelt, Wordpress 2 Wp Photo Album Plus, Wordpress 2026-07-02 7.1 High
Unauthenticated Cross Site Scripting (XSS) in WP Photo Album Plus <= 9.2.02.004 versions.
CVE-2026-57754 2026-07-02 6.5 Medium
Contributor Cross Site Scripting (XSS) in Livemesh Addons for WPBakery Page Builder <= 3.9.4 versions.
CVE-2026-57342 2 Shortpixel, Wordpress 2 Shortpixel Adaptive Images, Wordpress 2026-07-02 6.5 Medium
Subscriber Cross Site Scripting (XSS) in ShortPixel Adaptive Images <= 3.11.3 versions.
CVE-2026-27426 2026-07-02 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Automotive Car Dealership Business <= 13.3.3 versions.
CVE-2026-57722 2 Shortpixel, Wordpress 2 Enable Media Replace, Wordpress 2026-07-02 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShortPixel Enable Media Replace allows Stored XSS. This issue affects Enable Media Replace: from n/a through 4.2.1.
CVE-2026-57360 2 Implecode, Wordpress 2 Ecommerce Product Catalog, Wordpress 2026-07-02 7.1 High
Unauthenticated Cross Site Scripting (XSS) in eCommerce Product Catalog <= 3.5.4 versions.
CVE-2026-4772 2026-07-02 5.4 Medium
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in TR7 Cyber ​​Defense Inc. WAF-ASP allows Stored XSS. This issue affects WAF-ASP: from v1.0.324.900 before v1.4.0.117.
CVE-2026-4770 2026-07-02 4.6 Medium
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in TR7 Cyber ​​Defense Inc. Web Application Firewall allows DOM-Based XSS. This issue affects Web Application Firewall: from v1.0.42.239 before v1.4.0.117.
CVE-2026-57737 2 Averta, Wordpress 2 Shortcodes And Extra Features For Phlox Theme, Wordpress 2026-07-02 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta LTD Shortcodes and extra features for Phlox theme allows DOM-Based XSS. This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.17.16.
CVE-2026-57359 2 Reviewx, Wordpress 2 Reviewx, Wordpress 2026-07-02 7.1 High
Unauthenticated Cross Site Scripting (XSS) in ReviewX <= 2.3.10 versions.
CVE-2026-14449 2026-07-02 N/A
u5CMS through v12.8.8 is vulnerable to reflected XSS via the ‘thanks’ parameter in multiple form components
CVE-2026-55660 2026-07-02 N/A
Tina is a headless content management system. In versions prior to @tinacms/app 2.5.6 and tinacms 3.9.3, cross-origin postMessage handlers and a rich-text URL-sanitization bypass enable stored XSS and session takeover. The library registers window message listeners — the useTina overlay handler, the OAuth authentication popup handler, and the admin↔preview iframe GraphQL reducer — that act on event.data without verifying event.origin or event.source and post messages using non-specific target origins, while insufficient URL sanitization in rich-text content allows malicious URLs to persist and execute. A page the victim visits (or a window in an opener/iframe relationship with a Tina admin) can forge messages to drive the editor, inject preview content, or observe/forge the OAuth popup channel to take over an authenticated editing session. This issue has been fixed in versions @tinacms/app 2.5.6 and tinacms 3.9.3.
CVE-2026-57670 2 Codepeople, Wordpress 2 Google Maps Cp, Wordpress 2026-07-02 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Google Maps CP <= 1.2.5 versions.
CVE-2026-57671 2 Perfmatters, Wordpress 2 Perfmatters, Wordpress 2026-07-02 7.1 High
Unauthenticated Cross Site Scripting (XSS) in perfmatters <= 2.6.4 versions.
CVE-2026-57349 2 Etruel, Wordpress 2 Wpematico Rss Feed Fetcher, Wordpress 2026-07-02 7.1 High
Unauthenticated Cross Site Scripting (XSS) in WPeMatico RSS Feed Fetcher <= 2.8.17 versions.
CVE-2026-13704 2026-07-02 6.4 Medium
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sequoia[introduction][image]' parameter in all versions up to, and including, 4.16.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Give Worker-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2026-57345 2026-07-02 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Internal Links Manager <= 3.0.3 versions.
CVE-2026-13323 1 Eclipse 1 Open Vsx 2026-07-02 4.1 Medium
In Open VSX Registry before 1.0.2, the /vscode/unpkg/ endpoint serves user-supplied HTML files with Content-Type: text/html and without a Content-Security-Policy or Content-Disposition: attachment response header. An unauthenticated attacker can register a publisher account, upload a VSIX containing a crafted HTML payload, and induce an authenticated user to visit the resulting URL. The browser renders the file inline in the open-vsx.org origin context, enabling session token exfiltration, persistent Personal Access Token (PAT) generation, and unauthorized publication of malicious extension versions. Because Open VSX extensions are distributed to VS Code, VSCodium, Cursor, Windsurf, and compatible editors, a compromised extension update constitutes a supply chain attack against all downstream users.
CVE-2026-58037 1 Wikimedia 1 Mediawiki 2026-07-02 N/A
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Language/Language.Php, includes/Logging/BlockLogFormatter.Php, includes/Logging/LogFormatter.Php, includes/Logging/PatrolLogFormatter.Php, includes/Logging/RenameuserLogFormatter.Php, includes/Logging/TagLogFormatter.Php, includes/Specials/SpecialVersion.Php. This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
CVE-2026-58034 1 Wikimedia 1 Checkuser 2026-07-01 N/A
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files modules/ext.CheckUser.TempAccounts/components/blockConnectedTempAccountsField.Vue. This issue affects CheckUser: from 1.46.0-rc.0 before 1.46.0.