Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-4125 The WPMK Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to and including 1.0.1. This is due to insufficient input saniti... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-4279 The Bread & Butter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'breadbutter-customevent-button' shortcode in all versions up to, and including, 8.2.0.25. This is due to i... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-4353 The CI HUB Connector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute of the `cihub_metadata` shortcode in all versions up to, and including, 1.2.106 due to ins... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-5748 The Text Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `ts` shortcode in all versions up to, and including, 0.0.1 due to insufficient input sanitization a... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-5767 The SlideShowPro SC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `slideShowProSC` shortcode in all versions up to, and including, 1.0.2 due to insufficient input ... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-5820 The Zypento Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 1.0.6. This is due to the front-end TOC rende... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-6246 The Simple Random Posts Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'container_right_width' attribute of the 'simple_random_posts' shortcode in all versions up ... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-1395 The Gutentools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Slider block's block_id attribute in all versions up to, and including, 1.1.3. This is due to insufficient... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-1913 The Gallagher Website Design plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's login_link shortcode in all versions up to, and including, 2.6.4 due to insufficient inp... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-2583 The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the `blocksy_meta` metadata fields in all versions up to, and including, 2.1.30 due to insufficient input sanitization ... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-2355 The My Calendar β Accessible Event Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `template` attribute of the `[my_calendar_upcoming]` shortcode in all versions up t... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-3034 The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _ob_spacerat_link, _ob_bbad_link, and _ob_teleporter_link URL parameters in all versions up... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-4076 The Slider Bootstrap Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'category' and 'template' shortcode attributes in all versions up to and including 1.0.7. This i... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-6236 The Posts map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' shortcode attribute in all versions up to, and including, 0.1.3 due to insufficient input sanitization an... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-2311 IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check. Β A malicious actor could cause user-controlled code to run... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-3346 IBM Langflow Desktop 1.6.0 through 1.8.4 Lanflow is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus alt... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-58344 Carbon Forum 5.9.0 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript code through the Forum Name field in dashboard setti... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-3875 The BetterDocs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'betterdocs_feedback_form' shortcode in all versions up to, and including, 4.3.8. This is due to insufficient i... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-1572 The Livemesh Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 9.0.... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-13364 The WP Maps β Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'put_wpgm' shortcode in all versions ... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-1354 Zero Motorcycles firmware versions 44 and prior enable an attacker to forcibly pair a device with the motorcycle via Bluetooth. Once paired, an attacker can utilize over-the-air firmware updating fu... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-28036 Server-Side Request Forgery (SSRF) vulnerability in SkatDesign Ratatouille ratatouille allows Server Side Request Forgery.This issue affects Ratatouille: from n/a through <= 1.2.6. | 6.4 | MEDIUM | β | 0 |
| CVE-2026-5774 Improper synchronization of the userTokens map in the API server in Canonical JujuΒ 4.0.5,Β 3.6.20, and 2.9.56 may allow an authenticated user to possibly cause a denial of service on the server or poss... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-2501 The Ed's Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `social_share` shortcode in all versions up to, and including, 2.0. This is due to insufficient... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-2496 The Ed's Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `eds_font_awesome` shortcode in all versions up to, and including, 2.0. This is due to insuffic... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-5717 The VI: Include Post By plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class_container' attribute of the 'include-post-by-cat' shortcode in all versions up to, and includin... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-4011 The Power Charts Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the [pc] shortcode in all versions up to, and including, 0.1.0. This is due to insuffi... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-4005 The Coachific Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userhash' shortcode attribute in all versions up to and including 1.0. This is due to insufficient in... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-3998 The WM JqMath plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' shortcode attribute of the [jqmath] shortcode in all versions up to and including 1.3. This is due to in... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-3659 The WP Circliful plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the [circliful] shortcode and via multiple shortcode attributes of the [circliful... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-1911 The Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tweet_title' parameter in the 'TwitterFeeds' shortcode in all versions up to, and including, 1.0.0 due to i... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-1908 The Integration with Hubspot Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hubspotform' shortcode in all versions up to, and including, 1.2.2 due to insufficient inp... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-1899 The Any Post Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aps_slider shortcode in all versions up to, and including, 1.0.4 due to insufficient input saniti... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-1891 The Simple Football Scoreboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ytmr_fb_scoreboard' shortcode in all versions up to, and including, 1.0 due to insufficient in... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-1889 The Outgrow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute of the 'outgrow' shortcode in all versions up to, and including, 2.1. This is due to insufficient i... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-1886 The Go Night Pro | WordPress Dark Mode Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'go-night-pro-shortcode' shortcode in all versions up to, and including, 1.1.0... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-1851 The iVysilani Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' shortcode attribute in all versions up to, and including, 3.0 due to insufficient input saniti... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-1822 The WP NG Weather plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ng-weather' shortcode in all versions up to, and including, 1.0.9 due to insufficient input saniti... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-1806 The Tour & Activity Operator Plugin for TourCMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'target' parameter of the tourcms_doc_link shortcode in all versions up to, an... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-1575 The Schema Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `itemscope` shortcode in all versions up to, and including, 1.0 due to insufficient input saniti... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-1397 The PQ Addons β Creative Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget attributes in all versions up to, and including, 1.0.0 due to insufficient input... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-1093 The WPFAQBlockβ FAQ & Accordion Plugin For Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter of the 'wpfaqblock' shortcode in all versions up to, an... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-0609 The Logo Slider β Logo Carousel, Logo Showcase & Client Logo Slider Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image alt text in all versions up to, and including... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-4083 The Scoreboard for HTML5 Games Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'scoreboard' shortcode in all versions up to, and including, 1.2. The shortcode function s... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-3516 The Contact List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_cl_map_iframe' parameter in all versions up to, and including, 3.0.18. This is due to insufficient input sa... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-3350 The Image Alt Text Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post title in all versions up to, and including, 1.8.2. This is due to insufficient input sanitizat... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-2430 The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lazy-loading image processing in all versions up to, and including, 3.1.14. This is due to the use of an overl... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-2352 The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ao_post_preload' meta value in all versions up to, and including, 3.1.14. This is due to insufficient input s... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-2593 The Greenshift β animation and page builder blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `_gspb_post_css` post meta value and the `dynamicAttributes` block attribut... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-1902 The Hammas Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'apix' parameter in the 'hp-calendar-manage-redirect' shortcode in all versions up to, and including, 1.5.... | 6.4 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.