Lucene search
K

77 matches found

Nuclei
Nuclei
added 14 hours ago68 views

WordPress GiveWP <2.17.3 - Cross-Site Scripting

WordPress GiveWP plugin before 2.17.3 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the formid parameter before returning it in the response of an unauthenticated request via the givecheckoutlogin AJAX action. An attacker can inject arbitrary script in the...

6.1CVSS6.5AI score0.02145EPSS
Exploits2References5
Nuclei
Nuclei
added 14 hours ago44 views

Give WP Plugin < 3.19.0 - Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. id: CVE-2024-11921 info: name: Give WP Plugin 3.19.0 - Cross-Site Scripting author: Splint3r7...

4.8CVSS7AI score0.00794EPSS
Exploits1References2
CVE
CVE
added 2026/07/02 5:35 a.m.17 views

CVE-2026-13704

Summary: CVE-2026-13704 affects the GiveWP – Donation Plugin and Fundraising Platform for WordPress. The vulnerability is a Stored Cross‑Site Scripting issue exploitable via the parameter sequoia[introduction][image] and exists in all versions up to and including 4.16.1 due to insufficient input ...

6.4CVSS5.9AI score0.00235EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/07/02 5:35 a.m.39 views

CVE-2026-13704 GiveWP <= 4.16.1 - Authenticated (Give Worker+) Stored Cross-Site Scripting via Sequioa Form

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sequoiaintroductionimage' parameter in all versions up to, and including, 4.16.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00235EPSS
Exploits0References9
EUVD
EUVD
added 2026/07/02 5:35 a.m.9 views

EUVD-2026-41251

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sequoiaintroductionimage' parameter in all versions up to, and including, 4.16.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.9AI score0.00235EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.5 views

PT-2026-52165

Name of the Vulnerable Software and Affected Versions Drupal Advanced Content Feedback versions 0.0.0 through 2.8.0 Description An incorrect authorization issue in the Advanced Content Feedback module allows forceful browsing. The module fails to sufficiently verify authorization over the targete...

6.1AI score0.00142EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/15 1:15 a.m.8 views

CVE-2026-12204 ShopXO Scheduled Task Endpoint Crontab.php GoodsGiveIntegral authorization

A vulnerability was determined in ShopXO up to 6.7.1. This vulnerability affects the function OrderClose/OrderSuccess/PayLogOrderClose/GoodsGiveIntegral of the file app/api/controller/Crontab.php of the component Scheduled Task Endpoint. Executing a manipulation can lead to authorization bypass...

7.5CVSS7AI score0.00292EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/15 1:15 a.m.13 views

EUVD-2026-36679

A vulnerability was determined in ShopXO up to 6.7.1. This vulnerability affects the function OrderClose/OrderSuccess/PayLogOrderClose/GoodsGiveIntegral of the file app/api/controller/Crontab.php of the component Scheduled Task Endpoint. Executing a manipulation can lead to authorization bypass...

7.5CVSS7.1AI score0.00292EPSS
Exploits0References5
NVD
NVD
added 2026/05/11 10:22 p.m.23 views

CVE-2026-42188

Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition. Prior to 2.9.3, a server-side request forgery SSRF vulnerability exists in Geyser’s handling of Bedrock player head texture data. By supplying a crafted Base64-encoded skin texture URL via the /give command, an...

2.4CVSS0.00158EPSS
Exploits0References1
CVE
CVE
added 2026/05/11 9:25 p.m.26 views

CVE-2026-42188

CVE-2026-42188 (Geyser SSRF) : A server-side request forgery vulnerability exists in Geyser’s handling of Bedrock player head textures. Before version 2.9.3, a crafted Base64-encoded skin texture URL supplied via the /give command can cause the Minecraft server to issue arbitrary HTTP GET request...

2.4CVSS5.9AI score0.00158EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/11 9:25 p.m.9 views

CVE-2026-42188 Geyser: Server-Side Request Forgery (SSRF) via Player Head Texture URL

Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition. Prior to 2.9.3, a server-side request forgery SSRF vulnerability exists in Geyser’s handling of Bedrock player head texture data. By supplying a crafted Base64-encoded skin texture URL via the /give command, an...

2.4CVSS5.9AI score0.00158EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/11 9:25 p.m.15 views

CVE-2026-42188

Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition. Prior to 2.9.3, a server-side request forgery SSRF vulnerability exists in Geyser’s handling of Bedrock player head texture data. By supplying a crafted Base64-encoded skin texture URL via the /give command, an...

2.4CVSS5.9AI score0.00158EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.14 views

Geyser 代码问题漏洞

Geyser is a cross-platform game version bridging proxy tool developed by GeyserMC. Versions of Geyser prior to 2.9.3 contained code vulnerabilities. These vulnerabilities stemmed from server-side request forgeing when processing texture data for players’ heads in Minecraft. This allowed attackers...

2.4CVSS6AI score0.00158EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.10 views

PT-2026-35901

Missing Authorization vulnerability in StellarWP GiveWP give allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GiveWP: from n/a through = 4.14.5...

5.3CVSS5.1AI score0.00191EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/04/21 3:41 p.m.9 views

WordPress GiveWP plugin <= 4.14.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by HuajiHD in WordPress Plugin GiveWP versions = 4.14.2...

5.8AI score0.00175EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2002-1005

Malware in sbrugna...

4.6CVSS6.4AI score0.01625EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2025-4394

Malicious code in bioql PyPI...

5.8CVSS8.7AI score0.00304EPSS
Exploits0References2
OSV
OSV
added 2025/08/14 6:52 p.m.5 views

MAL-2025-21496 Malicious code in give-advice-10th (npm)

The package give-advice-10th was found to contain malicious code...

7.2AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.4 views

Malicious code in give-advice-10th (npm)

The package give-advice-10th was found to contain malicious code...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 9:25 a.m.4 views

CVE-2024-3714

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'giveform' shortcode when used with a legacy form in all versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping on use...

6.4CVSS6AI score0.00283EPSS
Exploits0References1
Rows per page
Query Builder