Lucene search
K

4 matches found

Patchstack
Patchstack
added 2025/06/13 6:40 a.m.6 views

WordPress IndieBlocks plugin <= 0.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via kind Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via kind Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin IndieBlocks versions = 0.13.2...

6.4CVSS5.5AI score0.00209EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/06/13 3:15 a.m.8 views

CVE-2025-5950

The IndieBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘kind’ parameter in all versions up to, and including, 0.13.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

5.4CVSS5.9AI score0.00209EPSS
Exploits0References3
Circl
Circl
added 2025/06/13 2:34 a.m.26 views

CVE-2025-5950

creationtimestamp| type| source ---|---|--- 2025-06-13 02:34:12+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/18253 2025-06-13 05:04:29+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lrhnxl7so52p...

6.4CVSS4.8AI score0.00209EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/13 1:47 a.m.14 views

CVE-2025-5950 IndieBlocks <= 0.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via kind Parameter

The IndieBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘kind’ parameter in all versions up to, and including, 0.13.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

6.4CVSS0.00209EPSS
Exploits0References4
Rows per page
Query Builder