Lucene search
K

371 matches found

cve
cve
added 2025/01/16 8:6 p.m.59 views

CVE-2025-23743

CVE-2025-23743 refers to a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Social Analytics (Martijn Scheybeler) that enables Stored XSS. The CVE description and the Red Hat entry both confirm the issue and its association with Social Analytics; affected version scope is S...

7.1CVSS7.2AI score0.00178EPSS
Exploits0References1
cvelist
cvelist
added 2025/01/16 8:6 p.m.24 views

CVE-2025-23743 WordPress Social Analytics plugin <= 0.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in MartijnScheijbeler Social Analytics social-analytics allows Stored XSS.This issue affects Social Analytics: from n/a through = 0.2...

7.1CVSS0.00178EPSS
Exploits0References1
nvd
nvd
added 2025/01/07 11:15 a.m.14 views

CVE-2025-22342

Cross-Site Request Forgery CSRF vulnerability in Jenst WP Simple Sitemap wp-simple-sitemap allows Stored XSS.This issue affects WP Simple Sitemap: from n/a through = 0.2...

7.1CVSS0.00146EPSS
Exploits0References1
cve
cve
added 2024/12/16 2:13 p.m.40 views

CVE-2024-54438

CVE-2024-54438 affects the Gaxx Keywords WordPress plugin (GAxx Keywords) and is described as a CSRF to Stored XSS vulnerability affecting versions from n/a up through 0.2. Connected sources (Wordfence WordPress Vulnerability Details) indicate this CVE is currently Unpatched, with no exploitation...

7.1CVSS7.2AI score0.00194EPSS
Exploits0References1
cnnvd
cnnvd
added 2024/11/23 12:0 a.m.3 views

WordPress plugin Twitter Follow Button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

6.4CVSS7.5AI score0.00385EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2024/11/10 12:0 a.m.5 views

PT-2024-34716 · Unknown · Ml Responsive Audio Player With Playlist Shortcode

Name of the Vulnerable Software and Affected Versions: ML Responsive Audio player with playlist Shortcode versions 0.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS...

6.5CVSS5.7AI score0.00253EPSS
Exploits0References6
cnnvd
cnnvd
added 2024/11/09 12:0 a.m.4 views

WordPress plugin Search order by product SKU for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

7.1CVSS7.6AI score0.00259EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2024/11/09 12:0 a.m.5 views

PT-2024-34840 · Unknown · Woocommerce

Name of the Vulnerable Software and Affected Versions: Search order by product SKU for WooCommerce versions 0.2 and earlier Description: The issue is related to an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS,...

7.1CVSS5.8AI score0.00259EPSS
Exploits0References5
cnnvd
cnnvd
added 2024/07/11 12:0 a.m.4 views

WordPress plugin Bible Text security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, WordPress is a blogging platform developed in PHP. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin...

5.4CVSS6.4AI score0.00312EPSS
Exploits1References2
rustsec
rustsec
added 2024/07/07 12:0 p.m.7 views

phonenumber: panic on parsing crafted phonenumber inputs

Impact The phonenumber parsing code may panic due to a reachable assert! guard on the phonenumber string. In a typical deployment of rust-phonenumber, this may get triggered by feeding a maliciously crafted phonenumber, e.g. over the network, specifically strings of the form...

8.6CVSS7.3AI score0.00711EPSS
Exploits0Affected Software1
patchstack
patchstack
added 2024/06/24 9:50 a.m.5 views

WordPress Bible Text plugin <= 0.2 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Bible Text versions = 0.2...

5.4CVSS6.1AI score0.00312EPSS
Exploits1References2Affected Software1
wpexploit
wpexploit
added 2024/06/11 12:0 a.m.133 views

Sitetweet <= 0.2 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack The PoC will be displayed on June 25, 2024, to give users the time to update...

5.9AI score0.00345EPSS
Exploits2
patchstack
patchstack
added 2024/05/30 12:0 a.m.10 views

WordPress Site Favicon Plugin <= 0.2 is vulnerable to Cross Site Scripting (XSS)

Software Site Favicon Type Plugin Vulnerable versions = 0.2 Fixed in 0.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35642 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 793a8085c766 Credits Cronus Required privilege Administrator...

5.9CVSS6.6AI score0.00259EPSS
Exploits0References2Affected Software1
ptsecurity
ptsecurity
added 2024/04/15 12:0 a.m.6 views

PT-2024-23761 · Unknown · Broken Images

Name of the Vulnerable Software and Affected Versions: Broken Images versions 0.2 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Cross-Site Scripting XSS in Broken Images. This means an attacker can trick a user into performing unintended actions...

7.1CVSS8.7AI score0.00195EPSS
Exploits0References4
cnnvd
cnnvd
added 2024/04/08 12:0 a.m.7 views

NVIDIA ChatRTX 跨站脚本漏洞

NVIDIA ChatRTX is a content personalization chatbot from NVIDIA Corporation. A security vulnerability exists in NVIDIA ChatRTX version 0.2 and prior versions, which originated from a vulnerability that allows an attacker to run a malicious script in a user's browser, resulting in code execution,...

6.5CVSS6.8AI score0.0058EPSS
Exploits0References3
patchstack
patchstack
added 2024/03/29 11:28 a.m.3 views

WordPress Broken Images plugin <= 0.2 - CSRF to XSS vulnerability

CSRF to XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin Broken Images versions = 0.2...

7.1CVSS8AI score0.00195EPSS
Exploits0Affected Software1
nessus
nessus
added 2024/02/29 12:0 a.m.23 views

CentOS 9 : pki-core-11.3.0-0.2.beta1.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the pki- core-11.3.0-0.2.beta1.el9 build changelog. - Improper authentication/authorization with caServerKeygenDirUserCert profile CVE-2022-2393 Note that Nessus has not tested for this iss...

5.7CVSS6.3AI score0.00235EPSS
Exploits0References2
github
github
added 2024/01/17 8:31 p.m.16 views

ferris-says has undefined behavior when not using UTF-8

Affected versions receive a &u8 from the caller through a safe API, and pass it directly to the unsafe str::fromutf8unchecked function. The behavior of ferrissays::say is undefined if the bytes from the caller don't happen to be valid UTF-8. The flaw was corrected in ferris-says21 by using the sa...

7AI score
Exploits0References4Affected Software1
attackerkb
attackerkb
added 2023/12/30 8:15 a.m.2 views

CVE-2023-52257

LogoBee 0.2 allows updates.php?id= XSS...

6.1CVSS5.8AI score0.00411EPSS
Exploits1References2
nvd
nvd
added 2023/12/30 8:15 a.m.9 views

CVE-2023-52257

LogoBee 0.2 allows updates.php?id= XSS...

6.1CVSS0.00411EPSS
Exploits1References1
Rows per page
Query Builder