adamshaikhma

3 exploits Active since Feb 2026
CVE-2026-1844 NOMISEC HIGH SUSPICIOUS
PixelYourSite Pro < 12.4.0.2 - Stored XSS via pysTrafficSource and pys_landing_page
The PixelYourSite PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pysTrafficSource' parameter and the 'pys_landing_page' parameter in all versions up to, and including, 12.4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2 stars
CVSS 7.2
CVE-2026-11645 GITHUB HIGH SUSPICIOUS
Google Chrome - Out-of-Bounds Access
Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVSS 8.8
CVE-2026-3300 GITHUB CRITICAL SUSPICIOUS
Everest Forms Pro <= 1.9.12 - Unauthenticated Remote Code Execution via Calculation Field
The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code Injection in all versions up to, and including, 1.9.12. This is due to the Calculation Addon's process_filter() function concatenating user-submitted form field values into a PHP code string without proper escaping before passing it to eval(). The sanitize_text_field() function applied to input does not escape single quotes or other PHP code context characters. This makes it possible for unauthenticated attackers to inject and execute arbitrary PHP code on the server by submitting a crafted value in any string-type form field (text, email, URL, select, radio) when a form uses the "Complex Calculation" feature.
CVSS 9.8