Search Results (47413 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-69156 2 Design Themes, Wordpress 2 Kids Zone - Children Wordpress Theme, Wordpress 2026-07-06 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Kids Zone - Children WordPress Theme <= 5.4 versions.
CVE-2026-27402 2 Designthemes, Wordpress 2 Kids Life | Children School Wordpress, Wordpress 2026-07-06 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Kids Life | Children School WordPress <= 5.2 versions.
CVE-2026-27404 2 Designthemes, Wordpress 2 Lms, Wordpress 2026-07-06 7.1 High
Unauthenticated Cross Site Scripting (XSS) in LMS <= 9.7 versions.
CVE-2026-27408 2 Imithemes, Wordpress 2 Nativechurch, Wordpress 2026-07-06 7.1 High
Unauthenticated Cross Site Scripting (XSS) in NativeChurch <= 4.8.8.2 versions.
CVE-2026-27425 2 Themesuite, Wordpress 2 Automotive Listings, Wordpress 2026-07-06 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Automotive Listings <= 18.6 versions.
CVE-2026-27430 2 Tranmautritam, Wordpress 2 Thefox, Wordpress 2026-07-06 7.1 High
Unauthenticated Cross Site Scripting (XSS) in TheFox <= 3.9.76 versions.
CVE-2026-57350 2 Andy Fragen, Wordpress 2 Wp Debugging, Wordpress 2026-07-06 7.1 High
Unauthenticated Cross Site Scripting (XSS) in WP Debugging <= 2.12.2 versions.
CVE-2026-57354 2 Crocoblock. Jetimpex Inc., Wordpress 2 Jetreviews, Wordpress 2026-07-06 6.5 Medium
Subscriber Cross Site Scripting (XSS) in JetReviews <= 3.0.0.1 versions.
CVE-2026-57357 2 Search Atlas Group, Wordpress 2 Search Atlas Seo, Wordpress 2026-07-06 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Search Atlas SEO <= 2.6.6 versions.
CVE-2026-57358 2 Sysbasics, Wordpress 2 Customize My Account For Woocommerce, Wordpress 2026-07-06 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Customize My Account for WooCommerce <= 4.3.9 versions.
CVE-2026-57426 2 Chill Media Labs S.r.l., Wordpress 2 Modula - Pro, Wordpress 2026-07-06 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Modula - PRO <= 2.10.8 versions.
CVE-2026-57672 2 Melograno Venture Studio, Wordpress 2 Wpdatatables, Wordpress 2026-07-06 7.1 High
Unauthenticated Cross Site Scripting (XSS) in wpDataTables <= 6.5.1.1 versions.
CVE-2026-57673 2 Optimole, Wordpress 2 Optimole, Wordpress 2026-07-06 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Optimole <= 4.2.7 versions.
CVE-2026-57684 2 Tranmautritam, Wordpress 2 Thefox, Wordpress 2026-07-06 6.5 Medium
Contributor Cross Site Scripting (XSS) in TheFox <= 3.9.70 versions.
CVE-2026-57686 2 Wordpress, Wpxpo 2 Wordpress, Wowaddons 2026-07-06 7.1 High
Unauthenticated Cross Site Scripting (XSS) in WowAddons <= 1.6.14 versions.
CVE-2026-57755 2 Misbah Wp, Wordpress 2 Mosaic Gallery – Advanced Gallery, Wordpress 2026-07-06 6.5 Medium
Contributor Cross Site Scripting (XSS) in Mosaic Gallery &#8211; Advanced Gallery <= 1.2.0 versions.
CVE-2026-57762 2 Andrew Fiebert, Wordpress 2 Simple Urls, Wordpress 2026-07-06 5.9 Medium
Author Cross Site Scripting (XSS) in Simple URLs <= 151 versions.
CVE-2026-57763 2 Gordon Böhme, Wordpress 2 Structured Content, Wordpress 2026-07-06 6.5 Medium
Contributor Cross Site Scripting (XSS) in Structured Content <= 1.7.0 versions.
CVE-2026-57764 2 Surbma, Wordpress 2 Surbma | Yoast Seo Breadcrumb Shortcode, Wordpress 2026-07-06 6.5 Medium
Contributor Cross Site Scripting (XSS) in Surbma | Yoast SEO Breadcrumb Shortcode <= 1.2 versions.
CVE-2026-8699 1 Tp-link 1 Archer C5 2026-07-06 N/A
A stored Cross-Site Scripting (XSS) vulnerability has been identified in the web-based management interface of Archer C5 v6.8 routers, due to insufficient server-side validation and lack of proper output encoding of user-controlled input in a certain field.  An attacker with administrative privileges can inject crafted HTML or JS payloads into the affected field. The payload is stored and later executed when the affected page is rendered in an administrator's browser.Successful exploitation allows execution of arbitrary JavaScript in an admin's browser, potentially leading to session hijacking and unauthorized access to router configuration, possibly resulting in exposure of sensitive data and modification of device settings. The vulnerability affects ISP-managed firmware variants of the product. Remediation is coordinated through service providers.