Lucene search
K

4 matches found

EUVD
EUVD
added 2026/06/13 7:51 a.m.13 views

EUVD-2026-36648

The Canvas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above,...

6.4CVSS5.5AI score0.00199EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/13 7:51 a.m.7 views

CVE-2026-9629 Canvas <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tag' Block Attribute

The Canvas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above,...

6.4CVSS5.5AI score0.00199EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/06/12 7:4 p.m.5 views

WordPress Canvas plugin <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Theme Canvas versions = 2.5.2...

6.4CVSS5.2AI score0.00199EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2023/11/07 8:59 a.m.5 views

grafana: persistent xss in grafana core plugins

A flaw was found in The GeoMap and Canvas plugins of Grafana. The GeoMap and Canvas plugins are core plugins in Grafana, which means that all Grafana instances have GeoMap and Canvas installed. These two plugins are vulnerable to Cross-site scripting, where an attacker with an Editor role can add...

7.3CVSS7.3AI score0.00779EPSS
Exploits0References5
Rows per page
Query Builder