🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-2501 | Medium | 6.4 |
The Ed's Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `social_share` …
|
— | Mar 21, 2026 |
| CVE-2026-1575 | Medium | 6.4 |
The Schema Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `itemscope` shor…
|
— | Mar 21, 2026 |
| CVE-2026-1886 | Medium | 6.4 |
The Go Night Pro | WordPress Dark Mode Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin'…
|
— | Mar 21, 2026 |
| CVE-2026-1275 | Medium | 6.4 |
The Multi Post Carousel by Category plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slides' s…
|
— | Mar 21, 2026 |
| CVE-2026-3516 | Medium | 6.4 |
The Contact List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_cl_map_iframe' parameter in…
|
— | Mar 21, 2026 |
| CVE-2026-3554 | Medium | 6.4 |
The Sherk Custom Post Type Displays plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' sh…
|
— | Mar 21, 2026 |
| CVE-2026-3617 | Medium | 6.4 |
The Paypal Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'amount' and 'name' short…
|
— | Mar 21, 2026 |
| CVE-2026-1891 | Medium | 6.4 |
The Simple Football Scoreboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ytmr_fb_scoreb…
|
— | Mar 21, 2026 |
| CVE-2026-1889 | Medium | 6.4 |
The Outgrow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute of the 'outgrow' sh…
|
— | Mar 21, 2026 |
| CVE-2026-2496 | Medium | 6.4 |
The Ed's Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `eds_font_aweso…
|
— | Mar 21, 2026 |
| CVE-2026-3333 | Medium | 6.4 |
The MinhNhut Link Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'linkgate' …
|
— | Mar 21, 2026 |
| CVE-2026-2352 | Medium | 6.4 |
The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ao_post_preload' meta value i…
|
— | Mar 21, 2026 |
| CVE-2026-0609 | Medium | 6.4 |
The Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider Plugin plugin for WordPress is vulnerable to Stored …
|
— | Mar 21, 2026 |
| CVE-2026-1822 | Medium | 6.4 |
The WP NG Weather plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ng-weather' shortc…
|
— | Mar 21, 2026 |
| CVE-2026-1908 | Medium | 6.4 |
The Integration with Hubspot Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hubspotfor…
|
— | Mar 21, 2026 |
| CVE-2026-1851 | Medium | 6.4 |
The iVysilani Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' shortcode attr…
|
— | Mar 21, 2026 |
| CVE-2026-1914 | Medium | 6.4 |
The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fusedesk_newcase shortco…
|
— | Mar 21, 2026 |
| CVE-2026-1911 | Medium | 6.4 |
The Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tweet_title' parameter in t…
|
— | Mar 21, 2026 |
| CVE-2026-1854 | Medium | 6.4 |
The Post Flagger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'flag' shortcode in …
|
— | Mar 21, 2026 |
| CVE-2026-1899 | Medium | 6.4 |
The Any Post Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aps_slider shortc…
|
— | Mar 21, 2026 |