Lucene search
K

192 matches found

Patchstack
Patchstack
added 2026/06/10 8:48 a.m.10 views

WordPress Doctreat Core plugin <= 1.6.8 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Foxyyy in WordPress Plugin Doctreat Core versions = 1.6.8...

9.8CVSS5.5AI score0.00494EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/06/10 8:28 a.m.13 views

EUVD-2025-210104

The Doctreat Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.6.8. This is due to the doctreatprocessregistration function not properly restricting the roles that a user can register with. This makes it possible for unauthenticated attackers ...

9.8CVSS5.5AI score0.00494EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/10 8:28 a.m.47 views

CVE-2025-6254 Doctreat Core <= 1.6.8 - Unauthenticated Privilege Escalation

The Doctreat Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.6.8. This is due to the doctreatprocessregistration function not properly restricting the roles that a user can register with. This makes it possible for unauthenticated attackers ...

9.8CVSS0.00494EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.9 views

CVE-2026-41200

STIG Manager is an API and web client for managing Security Technical Implementation Guides STIG assessments of Information Systems. Versions 1.5.10 through 1.6.7 have a reflected Cross-Site Scripting XSS vulnerability in the OIDC authentication error handling code in src/init.js and...

8.5CVSS6AI score0.00332EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/05/02 5:49 a.m.78 views

Exploit for CVE-2026-41200

CVE-2026-41200 — STIG Manager OIDC Reflected XSS PoC Conceptu...

8.5CVSS6.1AI score0.00332EPSS
Exploits1
NVD
NVD
added 2026/04/23 2:16 a.m.5 views

CVE-2026-41200

STIG Manager is an API and web client for managing Security Technical Implementation Guides STIG assessments of Information Systems. Versions 1.5.10 through 1.6.7 have a reflected Cross-Site Scripting XSS vulnerability in the OIDC authentication error handling code in src/init.js and...

8.5CVSS0.00332EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/23 12:40 a.m.6 views

EUVD-2026-25158

STIG Manager is an API and web client for managing Security Technical Implementation Guides STIG assessments of Information Systems. Versions 1.5.10 through 1.6.7 have a reflected Cross-Site Scripting XSS vulnerability in the OIDC authentication error handling code in src/init.js and...

8.5CVSS6.1AI score0.00332EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/23 12:40 a.m.5 views

CVE-2026-41200

STIG Manager is an API and web client for managing Security Technical Implementation Guides STIG assessments of Information Systems. Versions 1.5.10 through 1.6.7 have a reflected Cross-Site Scripting XSS vulnerability in the OIDC authentication error handling code in src/init.js and...

8.5CVSS6.1AI score0.00332EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/04/23 12:40 a.m.15 views

CVE-2026-41200

STIG Manager versions 1.5.10–1.6.7 contain a reflected XSS in OIDC error handling (src/init.js, public/reauth.html) where error and error_description are written to the DOM via innerHTML without escaping. An attacker who composes a malicious redirect URL can cause JavaScript to run in the victim’...

8.5CVSS6.1AI score0.00332EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.4 views

PT-2026-34595

STIG Manager is an API and web client for managing Security Technical Implementation Guides STIG assessments of Information Systems. Versions 1.5.10 through 1.6.7 have a reflected Cross-Site Scripting XSS vulnerability in the OIDC authentication error handling code in src/init.js and...

8.5CVSS6.1AI score0.00332EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:13 p.m.6 views

CVE-2025-12473

The RTMKit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'themebuilder' parameter in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS6AI score0.00211EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/21 3:27 a.m.2 views

CVE-2026-1278 Mandatory Field <= 1.6.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Fields

The Mandatory Field plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...

4.4CVSS5.9AI score0.00195EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/21 3:27 a.m.30 views

CVE-2026-1278 Mandatory Field <= 1.6.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Fields

The Mandatory Field plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...

4.4CVSS0.00195EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/21 3:27 a.m.2 views

CVE-2026-1278

The Mandatory Field plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...

4.4CVSS5.9AI score0.00195EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.8 views

WordPress plugin Mandatory Field 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.4CVSS5.7AI score0.00195EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2026/03/16 8:51 p.m.8 views

aad-fastapi-dl37 (>=1.0.0 <=1.0.2), agentiq (>=1.2.0a20250730 <=1.2.0rc4) +225 more potentially affected by CVE-2026-27962 via authlib (>=1.0.0 <=1.6.8)

authlib PYPI version =1.0.0, =1.0.0, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.4.0, =0.1.0, =0.5.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0rc4 and more Source cves: CVE-2026-27962 Source advisory:...

9.1CVSS7.7AI score0.00548EPSS
Exploits1
Patchstack
Patchstack
added 2026/03/11 9:37 a.m.7 views

WordPress RTMKit plugin <= 1.6.8 - Reflected Cross-Site Scripting via 'themebuilder' Parameter vulnerability

Reflected Cross-Site Scripting via 'themebuilder' Parameter vulnerability discovered by LionTree in WordPress Plugin RTMKit versions = 1.6.8...

6.1CVSS5.8AI score0.00211EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/03/11 2:16 a.m.6 views

CVE-2025-12473

The RTMKit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'themebuilder' parameter in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS0.00211EPSS
Exploits0References4
CVE
CVE
added 2026/03/11 1:22 a.m.17 views

CVE-2025-12473

CVE-2025-12473 refers to the RTMKit WordPress plugin (rometheme-for-elementor) with a Reflected Cross‑Site Scripting flaw via the themebuilder parameter in all versions up to 1.6.8. Documents confirm the vulnerability allows unauthenticated attackers to inject arbitrary scripts on pages executed ...

6.1CVSS5.7AI score0.00211EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/11 1:22 a.m.3 views

CVE-2025-12473

The RTMKit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'themebuilder' parameter in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS5.7AI score0.00211EPSS
Exploits0References5
Rows per page
Query Builder