Lucene search
K

190 matches found

Positive Technologies
Positive Technologies
added 2025/06/26 12:0 a.m.5 views

PT-2025-26914 · WordPress · E.Nigma Buttons

Name of the Vulnerable Software and Affected Versions: e.nigma buttons plugin for WordPress versions up to, and including, 1.1.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'button' shortcode due to insufficient input sanitization and output escaping on...

6.4CVSS5.9AI score0.00182EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/06/14 12:0 a.m.5 views

PT-2025-25475 · WordPress · Streamweasels Kick Integration

Name of the Vulnerable Software and Affected Versions: StreamWeasels Kick Integration plugin for WordPress versions up to, and including, 1.1.3 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated...

6.4CVSS5.6AI score0.00231EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/05/30 1:47 a.m.16 views

CVE-2025-25029

IBM Security Guardium 12.0 could allow a privileged user to download any file on the system due to improper escaping of input...

6.5CVSS6.5AI score0.00294EPSS
Exploits0References1
OSV
OSV
added 2025/05/29 9:15 a.m.4 views

CVE-2025-4670

The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's eddreceipt shortcode in all versions up to, and including, 3.3.8.1 due to insufficient input sanitization and output escaping on user...

5.4CVSS6AI score0.00284EPSS
Exploits0References3
NVD
NVD
added 2025/05/28 2:15 a.m.14 views

CVE-2025-25029

IBM Security Guardium 12.0 could allow a privileged user to download any file on the system due to improper escaping of input...

6.5CVSS0.00294EPSS
Exploits0References1
CVE
CVE
added 2025/05/24 1:41 a.m.59 views

CVE-2024-13427

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is affected by CVE-2024-13427: a Stored Cross-Site Scripting vulnerability in the Button widget. Root cause: insufficient input sanitization and output escaping on user-supplied attributes. Affected versions: all up ...

6.4CVSS5.8AI score0.00263EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:45 a.m.6 views

CVE-2024-9444

The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-lev...

6.4CVSS5AI score0.00302EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:40 a.m.7 views

CVE-2024-8629

The WooCommerce Multilingual & Multicurrency with WPML plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 5.3.7. This makes it possible for unauthenticated attackers to...

6.1CVSS6.4AI score0.00414EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:20 a.m.12 views

CVE-2024-3265

The Advanced Search WordPress plugin through 1.1.6 does not properly escape parameters appended to an SQL query, making it possible for users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress configurations...

4.7CVSS7.8AI score0.00422EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:16 a.m.12 views

CVE-2024-2761

The Genesis Blocks WordPress plugin before 3.1.3 does not properly escape data input provided to some of its blocks, allowing using with at least contributor privileges to conduct Stored XSS attacks...

6.8CVSS5.8AI score0.00665EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:49 a.m.9 views

CVE-2024-7629

The Responsive video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's video settings function in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

6.4CVSS5.8AI score0.00263EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:43 a.m.6 views

CVE-2024-21730

The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector...

5.4CVSS6.7AI score0.00424EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:35 a.m.17 views

CVE-2024-3903

The Add Custom CSS and JS WordPress plugin through 1.20 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in as author and above add Stored XSS payloads via a CSRF attack...

7.1CVSS5.8AI score0.00212EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:23 a.m.10 views

CVE-2024-1534

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.8AI score0.0032EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:20 a.m.9 views

CVE-2024-8052

The Review Ratings WordPress plugin through 1.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

6.1CVSS5.8AI score0.00193EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:19 a.m.5 views

CVE-2024-10872

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the template-post-custom-field block in all versions up to, and including, 2.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

6.4CVSS5.8AI score0.00306EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:14 a.m.7 views

CVE-2024-9385

The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 7.6.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

6.1CVSS5.6AI score0.0037EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:58 a.m.9 views

CVE-2024-33859

An issue was discovered in Logpoint before 7.4.0. HTML code sent through logs wasn't being escaped in the "Interesting Field" Web UI, leading to XSS...

6.1CVSS6.9AI score0.00311EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:50 a.m.5 views

CVE-2024-11707

The My auctions allegro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 3.6.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

6.1CVSS6.4AI score0.00358EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:19 a.m.5 views

CVE-2024-8054

The MM-Breaking News WordPress plugin through 0.7.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

6.1CVSS5.8AI score0.002EPSS
Exploits1References1
Rows per page
Query Builder