Lucene search
K

29 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-49829

Malicious code in bioql PyPI...

5.1CVSS4AI score0.00427EPSS
Exploits1References4
OSV
OSV
added 2025/05/30 6:15 a.m.4 views

CVE-2025-4429

The Gearside Developer Dashboard WordPress plugin through 1.0.72 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS5.8AI score0.00229EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 11:40 a.m.15 views

CVE-2025-0709

A vulnerability was found in Dcat-Admin 2.2.1-beta. It has been rated as problematic. This issue affects some unknown processing of the file /admin/auth/roles of the component Roles Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

5.1CVSS6.2AI score0.00368EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/13 11:0 p.m.29 views

CVE-2025-4551

A vulnerability, which was classified as problematic, was found in ContiNew Admin up to 3.6.0. Affected is an unknown function of the file /dev-api/common/file. The manipulation of the argument File leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been...

5.1CVSS6.3AI score0.00306EPSS
Exploits1References1
OSV
OSV
added 2025/01/24 8:31 p.m.7 views

CVE-2025-0709 Dcat-Admin Roles Page roles cross site scripting

A vulnerability was found in Dcat-Admin 2.2.1-beta. It has been rated as problematic. This issue affects some unknown processing of the file /admin/auth/roles of the component Roles Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

5.1CVSS3.7AI score0.00368EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2024/09/30 6:0 a.m.16 views

CVE-2024-8283 Slider by 10Web < 1.2.59 - Admin+ Stored XSS

The Slider by 10Web WordPress plugin before 1.2.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.4AI score0.00375EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/08/05 6:0 a.m.33 views

CVE-2024-3636 Pinpoint Booking System < 2.9.9.4.8 - Admin+ Stored XSS

The Pinpoint Booking System WordPress plugin before 2.9.9.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.00369EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/05/23 6:0 a.m.20 views

CVE-2024-2220 Button contact VR <= 4.7 - Admin+ Stored XSS

The Button contact VR WordPress plugin through 4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.8AI score0.0033EPSS
Exploits2References1
OSV
OSV
added 2024/05/07 6:15 a.m.5 views

CVE-2024-3628

The EasyEvent WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

3.8CVSS5.8AI score0.00435EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/04/15 5:0 a.m.19 views

CVE-2024-1660 Top Bar < 3.0.5 - Admin+ Stored XSS

The Top Bar WordPress plugin before 3.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.4AI score0.00441EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/04/01 5:0 a.m.20 views

CVE-2024-2278 WooCommerce Product Filter < 1.4.4 - Admin+ Stored XSS

Themify WordPress plugin before 1.4.4 does not sanitise and escape some of its Filters settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.7AI score0.0042EPSS
Exploits2References1
NVD
NVD
added 2023/10/27 8:15 a.m.26 views

CVE-2023-46192

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Internet Marketing Ninjas Internal Link Building plugin = 1.2.3 versions...

5.9CVSS5.4AI score0.00316EPSS
Exploits0References1
OSV
OSV
added 2023/10/02 10:15 a.m.5 views

CVE-2023-44239

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Jobin Jose WWM Social Share On Image Hover plugin = 2.2 versions...

4.8CVSS7.3AI score0.00336EPSS
Exploits0References1
wpexploit
wpexploit
added 2023/07/10 12:0 a.m.155 views

Short URL < 1.6.5 - Admin+ Cross Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. In the plugin settings, add the POC alert1 to the...

6.1AI score0.00497EPSS
Exploits2
Cvelist
Cvelist
added 2023/06/19 10:52 a.m.20 views

CVE-2023-2812 Ultimate Dashboard < 3.7.6 - Admin+ Stored XSS

The Ultimate Dashboard WordPress plugin before 3.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5AI score0.0047EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2022/09/19 12:0 a.m.14 views

reSmush.it Image Optimizer < 0.4.6 - Admin+ Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when unfilteredhtml is disallowed. PoC POST /wp-admin/options.php HTTP/1.1 Accept:...

4.8CVSS1.7AI score0.00506EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2022/07/11 12:0 a.m.184 views

Event Timeline <= 1.1.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape Timeline Text, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed Create/edit a Timeline, put the following payload in the "Text" field at the bottom: alert/XSS/ Click save...

4.8CVSS4.9AI score0.00511EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/27 12:0 a.m.253 views

Page Generator Plugin < 1.6.5 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Got to Page Generator - Keywords - Add Keyword and put the following payload in the "Terms" field then...

4.8CVSS0.5AI score0.00552EPSS
Exploits2
Cvelist
Cvelist
added 2022/06/06 8:50 a.m.31 views

CVE-2022-1394 Photo Gallery < 1.6.4 - Admin+ Stored Cross-Site Scripting

The Photo Gallery by 10Web WordPress plugin before 1.6.4 does not properly validate and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed...

5AI score0.00995EPSS
Exploits2References1
OSV
OSV
added 2022/05/30 9:15 a.m.8 views

CVE-2022-1645

The Amazon Link WordPress plugin through 3.2.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

4.8CVSS5.8AI score0.00565EPSS
Exploits2References1
Rows per page
Query Builder