Lucene search
K

189 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 6:54 a.m.9 views

CVE-2024-11456

The Run Contests, Raffles, and Giveaways with ContestsWP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.0.3. This makes it possible for unauthenticated attackers to...

6.1CVSS6.4AI score0.00416EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:40 a.m.9 views

CVE-2024-10890

The WPAdverts – Classifieds Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.1.7. This makes it possible for unauthenticated attackers to injec...

6.1CVSS6.3AI score0.00572EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:40 a.m.6 views

CVE-2024-7822

The Quick Code WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

6.1CVSS6AI score0.00177EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:4 a.m.9 views

CVE-2023-37302

An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate from resources/wikibase/templates.js for quotes which can be in a title attribute...

6.1CVSS5.6AI score0.00689EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 3:56 a.m.3 views

CVE-2023-3492

The WP Shopping Pages WordPress plugin through 1.14 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

6.8CVSS5.8AI score0.00327EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:54 a.m.6 views

CVE-2023-1373

The W4 Post List WordPress plugin before 2.4.6 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting...

6.1CVSS6.6AI score0.00458EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:6 a.m.10 views

CVE-2023-6737

The Enable Media Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the SHORTPIXELDEBUG parameter in all versions up to, and including, 4.1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6.3AI score0.00493EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:13 a.m.8 views

CVE-2022-43425

Jenkins Custom Checkbox Parameter Plugin 1.4 and earlier does not escape the name and description of Custom Checkbox Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS5.5AI score0.00772EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:4 a.m.6 views

CVE-2022-25189

Jenkins Custom Checkbox Parameter Plugin 1.1 and earlier does not escape parameter names of custom checkbox parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS5.4AI score0.00598EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:18 p.m.6 views

CVE-2022-1528

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.9 does not escape the current URL before putting it back in a JavaScript context, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.5AI score0.00757EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:31 p.m.11 views

CVE-2020-36173

The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields...

5.3CVSS7.1AI score0.01117EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:18 p.m.8 views

CVE-2020-2106

Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view, resulting in a stored XSS vulnerability exploitable by users able to change job configurations...

5.4CVSS5.9AI score0.00735EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 1:18 a.m.4 views

CVE-2017-1002201

In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially executing code...

6.1CVSS6.5AI score0.01452EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.4 views

WordPress plugin Polls CP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

5.4CVSS5.9AI score0.00254EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/05/02 12:0 a.m.25 views

PT-2025-18762 · WordPress · Wpml

Name of the Vulnerable Software and Affected Versions: WPML plugin for WordPress versions 3.6.0 through 4.7.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's wpml language switcher shortcode due to insufficient input sanitization and output escaping on...

6.4CVSS6.2AI score0.00247EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/04/26 9:7 a.m.19 views

CVE-2025-2543

The Advanced Accordion Gutenberg Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 5.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-lev...

6.4CVSS7.4AI score0.00265EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/22 12:0 a.m.4 views

WordPress plugin Tax Switch for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS6.7AI score0.00262EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/04/16 12:0 a.m.4 views

WordPress plugin Form Maker by 10Web 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

4.8CVSS5.9AI score0.00239EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/04/15 12:0 a.m.3 views

WordPress plugin Widget for Social Page Feeds 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.8CVSS5.9AI score0.00239EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/04/09 6:0 a.m.7 views

CVE-2024-8243 Plugin Upgrade Time Out <= 1.0 - Stored XSS via CSRF

The WordPress/Plugin Upgrade Time Out Plugin WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

5.7AI score0.00146EPSS
Exploits1References1
Rows per page
Query Builder