Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
The Gutenberg Blocks, Page Builder – ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Accordion block in all versions up to, and including, 2.2.87 due to
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded image's 'Title' and 'Slide link' fields in all versions up to, and incl
The Toggles Shortcode and Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 1.14 due to insufficient input sani
The Simple Youtube Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embed_youtube' shortcode in all versions up to, and including, 1.1.3. This is due to insufficien
The Advanced Woo Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aws_search_terms shortcode in all versions up to, and including, 3.28 due to insufficient inp
The Weluka Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'weluka-map' shortcode in all versions up to, and including, 1.0.3 due to insufficient input sanitiza
Multiple plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the cminds_free_guide shortcode in various versions due to insufficient input sanitization and output escaping. This
The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'saswp_tiny_multiple_faq' shortcode in all versions up to, and including, 1
The Show YouTube video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'syv' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitizati
The 1180px Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to, and including, 1.1.1 due to insufficient input saniti
The Slider, Gallery, and Carousel by MetaSlider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘aria-label’ parameter in all versions up to, and including, 3.98.0 due to ins
The Wilmer Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping on u
The WP Data Access plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpda_app' shortcode in all versions up to, and including, 5.5.63 due to insufficient input saniti
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion widget in all versions up to, and including, 3.4.0 due to insufficie
The Buk for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'buk' shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitizat
The Plethora Plugins Tabs + Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the anchor parameter in all versions up to, and including, 1.1.8 due to insufficient input
The Structured Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sc_fs_local_business shortcode in all versions up to, and including, 1.6.4 due to insufficient
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advanced_iframe' shortcode in all versions up to, and including, 2025.2 due to insufficient inpu
The CMSMasters Content Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's multiple shortcodes in all versions up to, and including, 1.8.8 due to insufficient i
The Marketplace Items plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'envato' shortcode in all versions up to, and including, 1.5.5 due to insufficient input saniti