Lucene search
K

17 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2025-11585

Malicious code in bioql PyPI...

7.5CVSS8.2AI score0.00375EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2023-12240

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.00649EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:53 a.m.9 views

CVE-2023-0150

The Cloak Front End Email WordPress plugin before 1.9.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.5AI score0.00649EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/04/25 3:33 p.m.7 views

CVE-2025-26968

Missing Authorization vulnerability in webbernaut Cloak Front End Email allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cloak Front End Email: from n/a through 1.9.5...

7.5CVSS8.6AI score0.00375EPSS
Exploits0References1
NVD
NVD
added 2025/04/17 4:15 p.m.8 views

CVE-2025-26968

Missing Authorization vulnerability in webbernaut Cloak Front End Email allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cloak Front End Email: from n/a through 1.9.5...

7.5CVSS0.00375EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/17 3:17 p.m.24 views

CVE-2025-26968 WordPress Cloak Front End Email <= 1.9.5 - Broken Access Control Vulnerability

Missing Authorization vulnerability in webbernaut Cloak Front End Email allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cloak Front End Email: from n/a through 1.9.5...

7.5CVSS0.00375EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/17 3:17 p.m.7 views

CVE-2025-26968 WordPress Cloak Front End Email <= 1.9.5 - Broken Access Control Vulnerability

Missing Authorization vulnerability in webbernaut Cloak Front End Email allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cloak Front End Email: from n/a through 1.9.5...

7.5CVSS6.9AI score0.00375EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/04/17 11:2 a.m.5 views

WordPress Cloak Front End Email <= 1.9.5 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by muhammad yudha Patchstack Alliance in WordPress Plugin Cloak Front End Email versions = 1.9.5...

7.5CVSS8.3AI score0.00375EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/17 12:0 a.m.6 views

PT-2025-16976 · Webbernaut · Webbernaut Cloak Front End Email

Name of the Vulnerable Software and Affected Versions: webbernaut Cloak Front End Email versions 1.9.5 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. This can be exploited in th...

7.5CVSS7.8AI score0.00375EPSS
Exploits0References3
Prion
Prion
added 2023/02/06 8:15 p.m.17 views

Cross site scripting

The Cloak Front End Email WordPress plugin before 1.9.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

4.9CVSS5.4AI score0.00649EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/06 7:59 p.m.9 views

CVE-2023-0150 Cloak Front End Email < 1.9.2 - Contributor+ Stored XSS

The Cloak Front End Email WordPress plugin before 1.9.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6AI score0.00649EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/02/06 7:59 p.m.21 views

CVE-2023-0150 Cloak Front End Email < 1.9.2 - Contributor+ Stored XSS

The Cloak Front End Email WordPress plugin before 1.9.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.5AI score0.00649EPSS
Exploits2References1
CVE
CVE
added 2023/02/06 7:59 p.m.73 views

CVE-2023-0150

The CVE-2023-0150 entry concerns the Cloak Front End Email WordPress plugin (versions

5.4CVSS5.3AI score0.00649EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2023/02/06 12:0 a.m.9 views

WordPress Plugin Cloak Front End Email 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS5.4AI score0.00649EPSS
Exploits2References2
wpexploit
wpexploit
added 2023/01/11 12:0 a.m.116 views

Cloak Front End Email < 1.9.2 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks email name='" onmouseover="alert1"...

5.4CVSS0.5AI score0.00649EPSS
Exploits2
Patchstack
Patchstack
added 2023/01/11 12:0 a.m.13 views

WordPress Cloak Front End Email Plugin <= 1.9.1 is vulnerable to Cross Site Scripting (XSS)

Software Cloak Front End Email Type Plugin Vulnerable versions = 1.9.1 Fixed in 1.9.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0150 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 8e7d5eb708ad Credits István Márto...

5.4CVSS5.6AI score0.00649EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/11 12:0 a.m.33 views

Cloak Front End Email < 1.9.2 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC email name='" onmouseover="alert1"...

5.4CVSS2.6AI score0.00649EPSS
Exploits2Affected Software1
Rows per page
Query Builder