Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

28 matches found

RedhatCVE
RedhatCVEadded 2025/10/28 2:38 a.m.5 views

CVE-2025-62971

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CrestaProject Attesa Extra attesa-extra allows Stored XSS.This issue affects Attesa Extra: from n/a through = 1.4.7...

6.5CVSS5.9AI score0.00151EPSS
Exploits0References1
NVD
NVDadded 2025/10/27 2:15 a.m.4 views

CVE-2025-62971

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CrestaProject Attesa Extra attesa-extra allows Stored XSS.This issue affects Attesa Extra: from n/a through = 1.4.7...

6.5CVSS0.00151EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/27 1:34 a.m.4 views

EUVD-2025-35974

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CrestaProject Attesa Extra attesa-extra allows Stored XSS.This issue affects Attesa Extra: from n/a through = 1.4.5...

6.5CVSS5.5AI score0.00151EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/10/27 1:34 a.m.10 views

CVE-2025-62971 WordPress Attesa Extra plugin <= 1.4.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CrestaProject Attesa Extra attesa-extra allows Stored XSS.This issue affects Attesa Extra: from n/a through = 1.4.7...

6.5CVSS0.00151EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/10/27 1:34 a.m.3 views

CVE-2025-62971 WordPress Attesa Extra plugin <= 1.4.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CrestaProject Attesa Extra attesa-extra allows Stored XSS.This issue affects Attesa Extra: from n/a through = 1.4.7...

6.5CVSS5.2AI score0.00151EPSS
Exploits0References1
CVE
CVEadded 2025/10/27 1:34 a.m.14 views

CVE-2025-62971

CVE-2025-62971 is a stored XSS vulnerability affecting CrestaProject Attesa Extra WordPress plugin (Attesa Extra) versions up to and including 1.4.5. Connected sources corroborate the flaw and specify stored XSS in input handling during web page generation, impacting Attesa Extra versions n/a thr...

6.5CVSS5.9AI score0.00151EPSS
Exploits0References1
CNNVD
CNNVDadded 2025/10/27 12:0 a.m.2 views

WordPress plugin Attesa Extra 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

6.5CVSS5.8AI score0.00151EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/10/27 12:0 a.m.5 views

PT-2025-43843

Name of the Vulnerable Software and Affected Versions CrestaProject Attesa Extra versions through 1.4.5 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Cross-site Scripting XSS issue. This specific instance is a Stored XSS,...

6.5CVSS5.9AI score0.00151EPSS
Exploits0References3
Patchstack
Patchstackadded 2025/10/19 3:11 a.m.8 views

WordPress Attesa Extra plugin <= 1.4.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Attesa Extra versions = 1.4.7...

6.5CVSS5.9AI score0.00151EPSS
Exploits0Affected Software1
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2024-33246

Malicious code in bioql PyPI...

4.3CVSS8.6AI score0.00294EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.6 views

EUVD-2024-30396

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.0032EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/23 10:17 a.m.9 views

CVE-2024-32594

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AttesaWP Attesa Extra allows Stored XSS.This issue affects Attesa Extra: from n/a through 1.3.9...

6.5CVSS5.2AI score0.0032EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/23 8:21 a.m.4 views

CVE-2024-10688

The Attesa Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.2 via the 'attesa-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level...

4.3CVSS6.7AI score0.00294EPSS
Exploits0References1
Patchstack
Patchstackadded 2024/11/26 12:23 a.m.4 views

WordPress Attesa Extra plugin <= 1.4.2 - Authenticated (Contributor+) Post Disclosure vulnerability

Authenticated Contributor+ Post Disclosure vulnerability discovered by Francesco Carlucci in WordPress Plugin Attesa Extra versions = 1.4.2...

4.3CVSS7AI score0.00294EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded 2024/11/26 12:0 a.m.27 views

WordPress Attesa Extra Plugin <= 1.4.2 is vulnerable to Broken Access Control

Software Attesa Extra Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Access Control CVE CVE-2024-10688 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5de7d31066fa Credits Francesco...

4.3CVSS6.6AI score0.00294EPSS
Exploits0References3Affected Software1
NVD
NVDadded 2024/11/09 7:15 a.m.11 views

CVE-2024-10688

The Attesa Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.2 via the 'attesa-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level...

4.3CVSS0.00294EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2024/11/09 6:41 a.m.6 views

CVE-2024-10688 Attesa Extra <= 1.4.2 - Authenticated (Contributor+) Post Disclosure

The Attesa Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.2 via the 'attesa-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level...

4.3CVSS6.8AI score0.00294EPSS
Exploits0References2
CVE
CVEadded 2024/11/09 6:41 a.m.49 views

CVE-2024-10688

CVE-2024-10688 affects WordPress Attesa Extra plugin up to version 1.4.2, where insufficient restrictions on the attesa-template shortcode allow authenticated users with Contributor+ access to disclose data from password‑protected, private, or draft posts. Root cause is broken access control on w...

4.3CVSS4.4AI score0.00294EPSS
Exploits0References2
CNNVD
CNNVDadded 2024/11/09 12:0 a.m.3 views

WordPress plugin Attesa Extra 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS8.1AI score0.00294EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2024/11/08 12:0 a.m.8 views

PT-2024-16463 · WordPress · Attesa Extra

Name of the Vulnerable Software and Affected Versions: Attesa Extra plugin for WordPress versions up to, and including, 1.4.2 Description: The issue concerns insufficient restrictions on which posts can be included via the attesa-template shortcode, leading to Information Exposure. This allows...

4.3CVSS7.1AI score0.00294EPSS
Exploits0References9
Rows per page
Query Builder