Lucene search
K

10 matches found

EUVD
EUVD
added 2026/06/06 3:28 a.m.12 views

EUVD-2026-34959

The WP Maps – Google Maps,OpenStreetMap,Mapbox,Store Locator,Listing,Directory & Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'locationmessages' parameter in all versions up to, and including, 4.9.4 due to insufficient input sanitization and output escaping...

4.4CVSS5.7AI score0.00201EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/20 1:25 a.m.7 views

CVE-2026-6399

The General Options plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.1.0. This is due to the use of sanitizetextfield for output escaping in the Contact Number adcontactnumber field — a function that strips HTML tags but does not encode...

4.4CVSS6AI score0.0023EPSS
Exploits0References6
NVD
NVD
added 2026/04/22 9:16 a.m.4 views

CVE-2026-2719

The Private WP suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Exceptions' setting in all versions up to, and including, 0.4.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.0029EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/21 3:27 a.m.1 views

CVE-2026-2837

The Ricerca – advanced search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's settings in all versions up to, and including, 1.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

4.4CVSS5.9AI score0.00154EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/25 7:28 a.m.3 views

CVE-2025-13311 Just Highlight <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Highlight Color' Setting

The Just Highlight plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Highlight Color' setting in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

4.4CVSS4.7AI score0.0019EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/19 12:0 a.m.9 views

PT-2025-33892 · WordPress · Wp Crontrol

Name of the Vulnerable Software and Affected Versions: WP Crontrol versions 1.17.0 through 1.19.1 Description: The WP Crontrol plugin for WordPress is vulnerable to Server-Side Request Forgery via the wp remote request function. This allows authenticated attackers with Administrator-level access...

6.5CVSS6.3AI score0.00323EPSS
Exploits0References11
OSV
OSV
added 2024/08/12 1:38 p.m.4 views

CVE-2024-6692

The Easy Digital Downloads – Sell Digital Files & Subscriptions eCommerce Store + Payments Made Easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Agreement Text value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escapin...

3.1CVSS5.9AI score0.00356EPSS
Exploits0References2
OSV
OSV
added 2024/07/27 12:15 p.m.3 views

CVE-2024-6518

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for...

4.8CVSS5.9AI score
Exploits0References3
OSV
OSV
added 2024/02/13 10:16 p.m.7 views

CVE-2024-25119 Information Disclosure of Encryption Key in TYPO3 Install Tool

TYPO3 is an open source PHP based web content management system released under the GNU GPL. The plaintext value of $GLOBALS'SYS''encryptionKey' was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic hashes...

4.9CVSS5AI score0.00363EPSS
Exploits0References4
OSV
OSV
added 2023/09/03 12:15 p.m.3 views

CVE-2023-38518

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Visualmodo Borderless plugin = 1.4.8 versions...

4.8CVSS7.3AI score0.00316EPSS
Exploits0References1
Rows per page
Query Builder