Lucene search
K

189 matches found

Positive Technologies
Positive Technologies
added 2025/04/05 12:0 a.m.5 views

PT-2025-15055 · WordPress · Zoomsounds

Name of the Vulnerable Software and Affected Versions: ZoomSounds plugin for WordPress versions up to, and including, 6.91 Description: The issue is related to Stored Cross-Site Scripting via shortcodes due to insufficient input sanitization and output escaping on user-supplied attributes. This...

6.4CVSS6.3AI score0.00211EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2025/04/04 5:22 a.m.10 views

CVE-2024-13898 Simple Banner <= 3.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Simple Banner – Easily add multiple Banners/Bars/Notifications/Announcements to the top or bottom of your website plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.5 due to insufficient input sanitization and output...

4.4CVSS6AI score0.00223EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/03/27 11:39 a.m.7 views

CVE-2025-2635

The Digital License Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of removequeryarg function without appropriate escaping on the URL in all versions up to, and including, 1.7.3. This makes it possible for unauthenticated attackers to inject arbitrary...

6.1CVSS6.4AI score0.00308EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/20 12:0 a.m.5 views

CBL Mariner 2.0 Security Update: vitess (CVE-2024-53257)

The version of vitess installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-53257 advisory. - Vitess is a database clustering system for horizontal scaling of MySQL. The /debug/querylogz and /debug/env...

4.9CVSS6.5AI score0.00428EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/02/26 12:0 a.m.6 views

WordPress plugin WP Extra Fields 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

7.1CVSS8.9AI score0.00352EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/02/25 5:49 p.m.22 views

Solid Lacks Escaping of HTML in JSX Fragments allows for Cross-Site Scripting (XSS)

Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. For instance, ?text= would trigger XSS here. js const text = createResource = return new...

7.3CVSS5.8AI score0.00303EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/02/21 9:12 p.m.50 views

CVE-2025-27109 Lack of Escaping of HTML in JSX Fragments allows for Cross-site Scripting in solid-js

solid-js is a declarative, efficient, and flexible JavaScript library for building user interfaces. In affected versions Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. This issue has...

7.3CVSS0.00303EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/02/12 12:0 a.m.6 views

PT-2025-6433 · WordPress · Woocommerce Brands Plugin

Name of the Vulnerable Software and Affected Versions: Woocommerce Brands Plugin versions up to, and including, 1.3.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's product brand shortcode due to insufficient input sanitization and output escaping on user-suppli...

6.4CVSS7.9AI score0.00349EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/02/05 3:7 a.m.9 views

CVE-2024-6753

The Social Auto Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mapTypes’ parameter in the 'wpwautopostermapwordpressposttype' AJAX function in all versions up to, and including, 5.3.14 due to insufficient input sanitization and output escaping. This makes it...

7.2CVSS6.1AI score0.00829EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:16 a.m.15 views

CVE-2024-4869

The WP Cookie Consent for GDPR, CCPA & ePrivacy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Client-IP’ header in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

7.2CVSS6.1AI score0.00377EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/03 6:0 a.m.8 views

CVE-2024-13347 Essential WP Real Estate <= 1.1.3 - Reflected XSS

The Essential WP Real Estate WordPress plugin through 1.1.3 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting...

6.7AI score0.00574EPSS
Exploits1References1
NVD
NVD
added 2025/01/30 6:15 a.m.10 views

CVE-2024-12400

The tourmaster WordPress plugin before 5.3.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting...

7.1CVSS0.00264EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2025/01/08 12:0 a.m.9 views

10CentMail <= 2.1.50 - Reflected Cross-Site Scripting

Description The 10CentMail plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.1.50 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

7.1CVSS6.3AI score0.00254EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/21 12:0 a.m.4 views

WordPress plugin GTPayment Donations 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

6.1CVSS8.6AI score0.00175EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/12/12 3:23 a.m.18 views

CVE-2024-12338 Website Toolbox Community <= 2.0.1 - Reflected Cross-Site Scripting via websitetoolbox_username

The Website Toolbox Community plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘websitetoolboxusername’ parameter in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...

6.1CVSS0.00397EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/11/20 11:3 a.m.10 views

CVE-2024-10872 Getwid – Gutenberg Blocks <= 2.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the template-post-custom-field block in all versions up to, and including, 2.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

6.4CVSS5.8AI score0.00306EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/11/20 12:0 a.m.9 views

PT-2024-16624 · Pdfcrowd · Save As Pdf Plugin

Name of the Vulnerable Software and Affected Versions: Save as PDF Plugin by Pdfcrowd versions up to, and including, 4.2.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'save as pdf pdfcrowd' shortcode due to insufficient input sanitization and output escaping ...

6.4CVSS7.9AI score0.0027EPSS
Exploits0References8
OSV
OSV
added 2024/10/18 5:15 a.m.4 views

CVE-2024-8740

The GetResponse Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.5.6. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS6AI score0.00382EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/10/15 12:0 a.m.5 views

PT-2024-39740 · WordPress · Locatoraid Store Locator

Name of the Vulnerable Software and Affected Versions: Locatoraid Store Locator plugin for WordPress versions up to, and including, 3.9.47 Description: The issue is related to Reflected Cross-Site Scripting via $ POST keys due to insufficient input sanitization and output escaping. This allows...

6.1CVSS6.8AI score0.00355EPSS
Exploits0References7
Cvelist
Cvelist
added 2024/09/26 2:3 a.m.49 views

CVE-2024-8803 Bulk NoIndex & NoFollow Toolkit <= 2.15 - Reflected Cross-Site Scripting

The Bulk NoIndex & NoFollow Toolkit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.15. This makes it possible for unauthenticated attackers to inject arbitrary we...

6.1CVSS0.0037EPSS
Exploits0References3
Rows per page
Query Builder