Export limit exceeded: 47196 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47196 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-34097 | 1 Guardian | 1 Language-system | 2026-07-06 | 4.6 Medium |
| Guardian language-system fails to sanitize the id GET parameter before inserting it into multiple HTML form action attributes in text_file.php (lines 94, 101, 323, 403, 826, 852). An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session. | ||||
| CVE-2026-34098 | 1 Guardian | 1 Language-system | 2026-07-06 | 4.6 Medium |
| Guardian language-system fails to sanitize the id GET parameter before inserting it into HTML source and form action attributes in media.php (lines 119, 129). An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session. | ||||
| CVE-2026-58263 | 1 Xdan | 1 Jodit | 2026-07-06 | 7.2 High |
| Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.28, the built-in clean-html sanitizer can be bypassed by a MathML/<style> carrier that hides a dangerous element from the sanitizer's element walk, so a no-interaction event handler survives into the editor value, potentially causing Mutation XSS. When an application supplies attacker-influenced HTML to the editor's value-set or insertion paths, the sanitized output still contains a live <img ... onload=...> (or another non-onerror handler such as onfocus). A consumer that renders that output (element.innerHTML = editor.value) executes the handler with no user interaction. This issue has been fixed in version 4.12.28. | ||||
| CVE-2026-10089 | 2 Figureone, Wordpress | 2 Insert Pages, Wordpress | 2026-07-06 | 6.4 Medium |
| The Insert Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post custom field keys (meta key names) in all versions up to, and including, 3.11.4. This is due to insufficient output escaping in the the_meta() function: while the custom field VALUE is sanitized with wp_kses_post(), the custom field KEY ($key) is interpolated into the rendered HTML (lines 1786-1791) and echoed (line 1806) without any escaping when an inserted page is rendered with the [insert page='ID' display='all'] shortcode. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-10104 | 2 Nikhilgadhiya, Wordpress | 2 Product Video Gallery For Woocommerce, Wordpress | 2026-07-06 | 4.4 Medium |
| The Product Video Gallery for Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom_thumbnail Parameter in all versions up to, and including, 1.5.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with shop manager-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-69152 | 2 Themegoods, Wordpress | 2 Artale | Wedding Photography Wordpress, Wordpress | 2026-07-06 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Artale | Wedding Photography WordPress <= 2.2.2 versions. | ||||
| CVE-2025-69153 | 2 Designthemes, Wordpress | 2 Trendy Travel, Wordpress | 2026-07-06 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Trendy Travel <= 6.7 versions. | ||||
| CVE-2025-69154 | 2 Designthemes, Wordpress | 2 Spalab | Beauty Salon Wordpress Theme, Wordpress | 2026-07-06 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in SpaLab | Beauty Salon WordPress Theme <= 6.7 versions. | ||||
| CVE-2025-69155 | 2 Designthemes, Wordpress | 2 Fitness Zone Wordpress Theme, Wordpress | 2026-07-06 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Fitness Zone WordPress Theme <= 5.7 versions. | ||||
| CVE-2025-69156 | 2 Design Themes, Wordpress | 2 Kids Zone - Children Wordpress Theme, Wordpress | 2026-07-06 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Kids Zone - Children WordPress Theme <= 5.4 versions. | ||||
| CVE-2026-27402 | 2 Designthemes, Wordpress | 2 Kids Life | Children School Wordpress, Wordpress | 2026-07-06 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Kids Life | Children School WordPress <= 5.2 versions. | ||||
| CVE-2026-27404 | 2 Designthemes, Wordpress | 2 Lms, Wordpress | 2026-07-06 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in LMS <= 9.7 versions. | ||||
| CVE-2026-27408 | 2 Imithemes, Wordpress | 2 Nativechurch, Wordpress | 2026-07-06 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in NativeChurch <= 4.8.8.2 versions. | ||||
| CVE-2026-27425 | 2 Themesuite, Wordpress | 2 Automotive Listings, Wordpress | 2026-07-06 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Automotive Listings <= 18.6 versions. | ||||
| CVE-2026-27430 | 2 Tranmautritam, Wordpress | 2 Thefox, Wordpress | 2026-07-06 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in TheFox <= 3.9.76 versions. | ||||
| CVE-2026-57350 | 2 Andy Fragen, Wordpress | 2 Wp Debugging, Wordpress | 2026-07-06 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in WP Debugging <= 2.12.2 versions. | ||||
| CVE-2026-57354 | 2 Crocoblock. Jetimpex Inc., Wordpress | 2 Jetreviews, Wordpress | 2026-07-06 | 6.5 Medium |
| Subscriber Cross Site Scripting (XSS) in JetReviews <= 3.0.0.1 versions. | ||||
| CVE-2026-57357 | 2 Search Atlas Group, Wordpress | 2 Search Atlas Seo, Wordpress | 2026-07-06 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Search Atlas SEO <= 2.6.6 versions. | ||||
| CVE-2026-57358 | 2 Sysbasics, Wordpress | 2 Customize My Account For Woocommerce, Wordpress | 2026-07-06 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Customize My Account for WooCommerce <= 4.3.9 versions. | ||||
| CVE-2026-57426 | 2 Chill Media Labs S.r.l., Wordpress | 2 Modula - Pro, Wordpress | 2026-07-06 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Modula - PRO <= 2.10.8 versions. | ||||