Lucene search
K

362 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 9:20 a.m.6 views

CVE-2024-3520

The Country State City Dropdown CF7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tccscapatchsettings function in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with subscriber access...

4.3CVSS5.1AI score0.00445EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:40 a.m.6 views

CVE-2023-5110

The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'bsk-pdfm-category-dropdown' shortcode in versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS6.1AI score0.00449EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:25 p.m.6 views

CVE-2021-25113

The Dropdown Menu Widget WordPress plugin through 1.9.7 does not have authorisation and CSRF checks when saving its settings, allowing low privilege users such as subscriber to update them. Due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues...

5.4CVSS6.1AI score0.00595EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:17 a.m.5 views

CVE-2013-2704

Cross-site request forgery CSRF vulnerability in the Dropdown Menu Widget plugin 1.9.1 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting XSS sequences...

6.8CVSS6.8AI score0.00954EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:25 a.m.7 views

CVE-2019-10085

In Apache Allura prior to 1.11.0, a vulnerability exists for stored XSS on the user dropdown selector when creating or editing tickets. The XSS executes when a user engages with that dropdown on that page...

6.1CVSS5.8AI score0.0514EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/09 3:25 p.m.7 views

CVE-2025-47451

Cross-Site Request Forgery CSRF vulnerability in silverplugins217 Product Quantity Dropdown For Woocommerce product-quantity-dropdown-for-woocommerce allows Cross Site Request Forgery.This issue affects Product Quantity Dropdown For Woocommerce: from n/a through = 1.2...

4.3CVSS7.2AI score0.0014EPSS
Exploits0References1
NVD
NVD
added 2025/05/07 3:15 p.m.6 views

CVE-2025-47451

Cross-Site Request Forgery CSRF vulnerability in silverplugins217 Product Quantity Dropdown For Woocommerce product-quantity-dropdown-for-woocommerce allows Cross Site Request Forgery.This issue affects Product Quantity Dropdown For Woocommerce: from n/a through = 1.2...

4.3CVSS0.0014EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/07 12:0 a.m.3 views

PT-2025-20087 · WordPress · Product Quantity Dropdown For Woocommerce

Name of the Vulnerable Software and Affected Versions: Product Quantity Dropdown For Woocommerce versions 1.2 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows Cross Site Request Forgery. Recommendations: For versions 1.2 and earlier, update to a...

4.3CVSS5.5AI score0.0014EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/05/07 12:0 a.m.5 views

WordPress plugin Product Quantity Dropdown For Woocommerce 跨站请求伪造漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in WordPress plugin Product Quanti...

4.3CVSS5.8AI score0.0014EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/26 5:17 p.m.12 views

CVE-2025-46478

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in metaloha Dropdown Content dropdown-content allows Stored XSS.This issue affects Dropdown Content: from n/a through = 1.0.2...

7.1CVSS7.2AI score0.00228EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/04/24 5:4 p.m.4 views

WordPress Dropdown Content plugin <= 1.0.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Dropdown Content versions = 1.0.2...

7.1CVSS7.1AI score0.00228EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/04/24 4:15 p.m.12 views

CVE-2025-46478

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in metaloha Dropdown Content dropdown-content allows Stored XSS.This issue affects Dropdown Content: from n/a through = 1.0.2...

7.1CVSS0.00228EPSS
Exploits0References1
CVE
CVE
added 2025/04/24 4:8 p.m.45 views

CVE-2025-46478

CVE-2025-46478 : WordPress plugin Dropdown Content is affected by a stored XSS due to improper input neutralization during page generation. Affected versions are up to 1.0.2 (n/a through 1.0.2). The Connected documents confirm this is a stored XSS vulnerability and indicate no publicly available ...

7.1CVSS7.2AI score0.00228EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/24 4:8 p.m.15 views

CVE-2025-46478 WordPress Dropdown Content plugin <= 1.0.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in metaloha Dropdown Content dropdown-content allows Stored XSS.This issue affects Dropdown Content: from n/a through = 1.0.2...

7.1CVSS0.00228EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/24 4:8 p.m.4 views

CVE-2025-46478 WordPress Dropdown Content <= 1.0.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in metaloha Dropdown Content allows Stored XSS. This issue affects Dropdown Content: from n/a through 1.0.2...

7.1CVSS6.8AI score0.00228EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/24 12:0 a.m.3 views

WordPress plugin Dropdown Content 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

7.1CVSS6.9AI score0.00228EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/24 12:0 a.m.4 views

PT-2025-17792 · Unknown · Metaloha Dropdown Content

Name of the Vulnerable Software and Affected Versions: metaloha Dropdown Content versions n/a through 1.0.2 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS in metaloha Dropdown Content...

7.1CVSS7AI score0.00228EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/04/23 3:40 p.m.5 views

Malicious code in @sporta-technology/d11-web-components.list-item.list-item-dropdown (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/04/23 3:40 p.m.5 views

Malicious code in @sporta-technology/d11-web-components.dropdown (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2025/04/23 3:40 p.m.3 views

MAL-2025-3326 Malicious code in @sporta-technology/d11-web-components.dropdown (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
Rows per page
Query Builder