Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/04/28 6:45 a.m.4 views

CVE-2026-4805 Woostify <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lity.js Library via data-lity Attribute in Custom HTML Block

The Woostify plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.0 This is due to insufficient input sanitization and output escaping in the bundled Lity.js lightbox library, where user-controlled input from the href attribute is concatenated...

6.4CVSS5.5AI score0.00206EPSS
Exploits0References7
OSV
OSV
added 2026/04/28 6:45 a.m.4 views

CVE-2026-4805 Woostify <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lity.js Library via data-lity Attribute in Custom HTML Block

The Woostify plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.0 This is due to insufficient input sanitization and output escaping in the bundled Lity.js lightbox library, where user-controlled input from the href attribute is concatenated...

6.4CVSS6.1AI score0.00206EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/04/28 6:45 a.m.29 views

CVE-2026-4805 Woostify <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lity.js Library via data-lity Attribute in Custom HTML Block

The Woostify plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.0 This is due to insufficient input sanitization and output escaping in the bundled Lity.js lightbox library, where user-controlled input from the href attribute is concatenated...

6.4CVSS0.00206EPSS
Exploits0References7
CVE
CVE
added 2026/04/28 6:45 a.m.19 views

CVE-2026-4805

CVE-2026-4805 affects the WordPress Woostify theme (versions

6.4CVSS5.5AI score0.00206EPSS
Exploits0References7
Rows per page
Query Builder