Lucene search
K

73 matches found

Vulnrichment
Vulnrichment
added 2025/11/12 11:5 a.m.2 views

CVE-2025-11454 Specific Content For Mobile – Customize the mobile version without redirections <= 0.5.5 - Authenticated (Contributor+) SQL Injection

The Specific Content For Mobile – Customize the mobile version without redirections plugin for WordPress is vulnerable to SQL Injection via the eosscfmduplicatepostasdraft function in all versions up to, and including, 0.5.5 due to insufficient escaping on the user supplied parameter and lack of...

6.5CVSS6.1AI score0.00285EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/10/05 3:25 p.m.4 views

WordPress Nelio Content plugin <= 4.0.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abu Hurayra in WordPress Plugin Nelio Content versions = 4.0.5...

8.1CVSS7AI score0.00301EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-34352

Malicious code in bioql PyPI...

6.4CVSS7.2AI score0.00313EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/05 1:45 p.m.2 views

CVE-2025-58857 WordPress Table of content Plugin <= 1.5.3.1 - Cross Site Request Forgery (CSRF) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in KaizenCoders Table of content content-table allows Stored XSS.This issue affects Table of content: from n/a through = 1.5.3.1...

7.1CVSS5.9AI score0.00219EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/05 1:45 p.m.11 views

CVE-2025-58851 WordPress Boxed Content Plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DigitalCourt Boxed Content boxed-content allows Stored XSS.This issue affects Boxed Content: from n/a through = 1.0...

6.5CVSS0.0019EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/09/05 1:37 p.m.5 views

WordPress Boxed Content Plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Mika in WordPress Plugin Boxed Content versions = 1.0...

6.5CVSS6AI score0.0019EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/09/05 12:0 a.m.6 views

WordPress plugin Table of content cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

7.1CVSS5.7AI score0.00219EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/08/15 11:14 p.m.7 views

WordPress elink – Embed Content plugin <= 1.1.0 - Authenticated (Contributor+) Insufficient Input Validation vulnerability

Authenticated Contributor+ Insufficient Input Validation vulnerability discovered by Shreyas Malhotra shreyas-malhotra in WordPress Plugin elink Embed Content versions = 1.1.0...

6.4CVSS6.7AI score0.00228EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/08/14 10:43 p.m.6 views

WordPress Structured Content plugin < 1.7.0 - Contributor Stored XSS vulnerability

Contributor Stored XSS vulnerability discovered by Krugov Aryom in WordPress Plugin Structured Content versions 1.7.0...

5.4CVSS6AI score0.00157EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/08/14 6:0 a.m.22 views

CVE-2025-3414

CVE-2025-3414 affects WordPress plugin Structured Content (JSON-LD) for the wpsc block, vulnerable before 1.7.0. The issue is that block options are not consistently validated/escaped before being output in a page/post where the block is embedded, enabling stored XSS by users with contributor rol...

5.4CVSS6AI score0.00157EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/14 12:0 a.m.6 views

PT-2025-33125 · WordPress · Structured Content (Json-Ld) #Wpsc

Name of the Vulnerable Software and Affected Versions: Structured Content JSON-LD wpsc WordPress plugin versions prior to 1.7.0 Description: The Structured Content JSON-LD wpsc WordPress plugin does not validate and escape certain block options before displaying them within a page or post,...

5.4CVSS5.8AI score0.00157EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/07/24 9:22 a.m.4 views

CVE-2025-4608 Structured Content <= 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via sc_fs_local_business Shortcode

The Structured Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's scfslocalbusiness shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.6AI score0.00393EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/07/24 12:0 a.m.3 views

PT-2025-30643 · WordPress · Structured Content

Name of the Vulnerable Software and Affected Versions: Structured Content plugin for WordPress versions prior to 1.6.5 Description: The Structured Content plugin for WordPress is susceptible to Stored Cross-Site Scripting through the plugin’s sc fs local business shortcode. Insufficient input...

6.4CVSS5.7AI score0.00393EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 9:26 a.m.6 views

CVE-2024-12153

The GDY Modular Content plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 0.9.92. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

6.1CVSS7.4AI score0.00427EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/17 12:0 a.m.2 views

WordPress plugin Flagged Content 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabili...

7.1CVSS8.2AI score0.00235EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/10 12:0 a.m.5 views

WordPress plugin Insert or Embed Articulate Content into WordPress 代码问题漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A code issue vulnerability exists in the WordPress plugin Insert or...

9.1CVSS8.7AI score0.00386EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/04/01 2:51 p.m.4 views

CVE-2025-31780 WordPress Append Content plugin <= 2.1.1 - CSRF to Settings Change vulnerability

Missing Authorization vulnerability in Andy Stratton Append Content allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Append Content: from n/a through 2.1.1...

6.5CVSS7.1AI score0.00475EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/03/27 11:18 a.m.5 views

WordPress Structured Content plugin <= 1.6.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin Structured Content versions = 1.6.3...

6.5CVSS8.3AI score0.00271EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/27 10:55 a.m.6 views

CVE-2025-30918 WordPress Structured Content plugin <= 1.6.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Gordon Böhme Structured Content structured-content allows Stored XSS.This issue affects Structured Content: from n/a through = 1.6.3...

6.5CVSS7.3AI score0.00271EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/04 12:0 a.m.3 views

WordPress plugin Structured Content 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabili...

6.4CVSS8.2AI score0.00256EPSS
Exploits0References6
Rows per page
Query Builder