🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-1397 | Medium | 6.4 |
The PQ Addons – Creative Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget …
|
— | Mar 21, 2026 |
| CVE-2026-1575 | Medium | 6.4 |
The Schema Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `itemscope` shor…
|
— | Mar 21, 2026 |
| CVE-2026-1806 | Medium | 6.4 |
The Tour & Activity Operator Plugin for TourCMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via th…
|
— | Mar 21, 2026 |
| CVE-2026-1822 | Medium | 6.4 |
The WP NG Weather plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ng-weather' shortc…
|
— | Mar 21, 2026 |
| CVE-2026-1851 | Medium | 6.4 |
The iVysilani Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' shortcode attr…
|
— | Mar 21, 2026 |
| CVE-2026-1854 | Medium | 6.4 |
The Post Flagger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'flag' shortcode in …
|
— | Mar 21, 2026 |
| CVE-2026-1886 | Medium | 6.4 |
The Go Night Pro | WordPress Dark Mode Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin'…
|
— | Mar 21, 2026 |
| CVE-2026-1889 | Medium | 6.4 |
The Outgrow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute of the 'outgrow' sh…
|
— | Mar 21, 2026 |
| CVE-2026-1891 | Medium | 6.4 |
The Simple Football Scoreboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ytmr_fb_scoreb…
|
— | Mar 21, 2026 |
| CVE-2026-1899 | Medium | 6.4 |
The Any Post Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aps_slider shortc…
|
— | Mar 21, 2026 |
| CVE-2026-1908 | Medium | 6.4 |
The Integration with Hubspot Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hubspotfor…
|
— | Mar 21, 2026 |
| CVE-2026-1911 | Medium | 6.4 |
The Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tweet_title' parameter in t…
|
— | Mar 21, 2026 |
| CVE-2026-1914 | Medium | 6.4 |
The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fusedesk_newcase shortco…
|
— | Mar 21, 2026 |
| CVE-2026-2352 | Medium | 6.4 |
The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ao_post_preload' meta value i…
|
— | Mar 21, 2026 |
| CVE-2026-2430 | Medium | 6.4 |
The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lazy-loading image processing …
|
— | Mar 21, 2026 |
| CVE-2026-2496 | Medium | 6.4 |
The Ed's Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `eds_font_aweso…
|
— | Mar 21, 2026 |
| CVE-2026-2501 | Medium | 6.4 |
The Ed's Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `social_share` …
|
— | Mar 21, 2026 |
| CVE-2026-32052 | Medium | 6.4 |
OpenClaw versions prior to 2026.2.24 contain a command injection vulnerability in the system.run shell-wrapper that allo…
|
— | Mar 21, 2026 |
| CVE-2026-3333 | Medium | 6.4 |
The MinhNhut Link Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'linkgate' …
|
— | Mar 21, 2026 |
| CVE-2026-3350 | Medium | 6.4 |
The Image Alt Text Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post title in all v…
|
— | Mar 21, 2026 |