Search
Search Results (47413 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-69156 | 2 Design Themes, Wordpress | 2 Kids Zone - Children Wordpress Theme, Wordpress | 2026-07-06 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Kids Zone - Children WordPress Theme <= 5.4 versions. | ||||
| CVE-2026-27402 | 2 Designthemes, Wordpress | 2 Kids Life | Children School Wordpress, Wordpress | 2026-07-06 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Kids Life | Children School WordPress <= 5.2 versions. | ||||
| CVE-2026-27404 | 2 Designthemes, Wordpress | 2 Lms, Wordpress | 2026-07-06 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in LMS <= 9.7 versions. | ||||
| CVE-2026-27408 | 2 Imithemes, Wordpress | 2 Nativechurch, Wordpress | 2026-07-06 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in NativeChurch <= 4.8.8.2 versions. | ||||
| CVE-2026-27425 | 2 Themesuite, Wordpress | 2 Automotive Listings, Wordpress | 2026-07-06 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Automotive Listings <= 18.6 versions. | ||||
| CVE-2026-27430 | 2 Tranmautritam, Wordpress | 2 Thefox, Wordpress | 2026-07-06 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in TheFox <= 3.9.76 versions. | ||||
| CVE-2026-57350 | 2 Andy Fragen, Wordpress | 2 Wp Debugging, Wordpress | 2026-07-06 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in WP Debugging <= 2.12.2 versions. | ||||
| CVE-2026-57354 | 2 Crocoblock. Jetimpex Inc., Wordpress | 2 Jetreviews, Wordpress | 2026-07-06 | 6.5 Medium |
| Subscriber Cross Site Scripting (XSS) in JetReviews <= 3.0.0.1 versions. | ||||
| CVE-2026-57357 | 2 Search Atlas Group, Wordpress | 2 Search Atlas Seo, Wordpress | 2026-07-06 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Search Atlas SEO <= 2.6.6 versions. | ||||
| CVE-2026-57358 | 2 Sysbasics, Wordpress | 2 Customize My Account For Woocommerce, Wordpress | 2026-07-06 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Customize My Account for WooCommerce <= 4.3.9 versions. | ||||
| CVE-2026-57426 | 2 Chill Media Labs S.r.l., Wordpress | 2 Modula - Pro, Wordpress | 2026-07-06 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Modula - PRO <= 2.10.8 versions. | ||||
| CVE-2026-57672 | 2 Melograno Venture Studio, Wordpress | 2 Wpdatatables, Wordpress | 2026-07-06 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in wpDataTables <= 6.5.1.1 versions. | ||||
| CVE-2026-57673 | 2 Optimole, Wordpress | 2 Optimole, Wordpress | 2026-07-06 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Optimole <= 4.2.7 versions. | ||||
| CVE-2026-57684 | 2 Tranmautritam, Wordpress | 2 Thefox, Wordpress | 2026-07-06 | 6.5 Medium |
| Contributor Cross Site Scripting (XSS) in TheFox <= 3.9.70 versions. | ||||
| CVE-2026-57686 | 2 Wordpress, Wpxpo | 2 Wordpress, Wowaddons | 2026-07-06 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in WowAddons <= 1.6.14 versions. | ||||
| CVE-2026-57755 | 2 Misbah Wp, Wordpress | 2 Mosaic Gallery – Advanced Gallery, Wordpress | 2026-07-06 | 6.5 Medium |
| Contributor Cross Site Scripting (XSS) in Mosaic Gallery – Advanced Gallery <= 1.2.0 versions. | ||||
| CVE-2026-57762 | 2 Andrew Fiebert, Wordpress | 2 Simple Urls, Wordpress | 2026-07-06 | 5.9 Medium |
| Author Cross Site Scripting (XSS) in Simple URLs <= 151 versions. | ||||
| CVE-2026-57763 | 2 Gordon Böhme, Wordpress | 2 Structured Content, Wordpress | 2026-07-06 | 6.5 Medium |
| Contributor Cross Site Scripting (XSS) in Structured Content <= 1.7.0 versions. | ||||
| CVE-2026-57764 | 2 Surbma, Wordpress | 2 Surbma | Yoast Seo Breadcrumb Shortcode, Wordpress | 2026-07-06 | 6.5 Medium |
| Contributor Cross Site Scripting (XSS) in Surbma | Yoast SEO Breadcrumb Shortcode <= 1.2 versions. | ||||
| CVE-2026-8699 | 1 Tp-link | 1 Archer C5 | 2026-07-06 | N/A |
| A stored Cross-Site Scripting (XSS) vulnerability has been identified in the web-based management interface of Archer C5 v6.8 routers, due to insufficient server-side validation and lack of proper output encoding of user-controlled input in a certain field. An attacker with administrative privileges can inject crafted HTML or JS payloads into the affected field. The payload is stored and later executed when the affected page is rendered in an administrator's browser.Successful exploitation allows execution of arbitrary JavaScript in an admin's browser, potentially leading to session hijacking and unauthorized access to router configuration, possibly resulting in exposure of sensitive data and modification of device settings. The vulnerability affects ISP-managed firmware variants of the product. Remediation is coordinated through service providers. | ||||