Lucene search
K

382 matches found

Positive Technologies
Positive Technologies
added 2025/06/19 12:0 a.m.5 views

PT-2025-26209 · WordPress · Football-Pool

Name of the Vulnerable Software and Affected Versions: Football Pool plugin for WordPress versions up to, and including, 2.12.4 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows authenticated...

5.5CVSS5.7AI score0.00214EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/05/23 10:35 a.m.8 views

CVE-2024-8917

The AnWP Football Leagues plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.16.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access an...

6.4CVSS5.8AI score0.0037EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:3 a.m.7 views

CVE-2024-29802

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Antoine Hurkmans Football Pool allows Stored XSS.This issue affects Football Pool: from n/a through 2.11.3...

6.5CVSS5.2AI score0.0036EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:27 a.m.15 views

CVE-2024-43139

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Antoine Hurkmans Football Pool allows Stored XSS.This issue affects Football Pool: from n/a through 2.11.9...

6.5CVSS6.8AI score0.00245EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:38 a.m.8 views

CVE-2024-43130

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Antoine Hurkmans Football Pool allows Stored XSS.This issue affects Football Pool: from n/a through 2.11.10...

5.9CVSS6.8AI score0.00259EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/29 12:9 p.m.10 views

CVE-2025-30764

Cross-Site Request Forgery CSRF vulnerability in AntoineH Football Pool football-pool allows Cross Site Request Forgery.This issue affects Football Pool: from n/a through = 2.12.2...

4.3CVSS7.2AI score0.00186EPSS
Exploits0References1
NVD
NVD
added 2025/03/27 11:15 a.m.12 views

CVE-2025-30764

Cross-Site Request Forgery CSRF vulnerability in AntoineH Football Pool football-pool allows Cross Site Request Forgery.This issue affects Football Pool: from n/a through = 2.12.2...

4.3CVSS0.00186EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/27 10:54 a.m.19 views

CVE-2025-30764 WordPress Football Pool plugin <= 2.12.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery CSRF vulnerability in AntoineH Football Pool football-pool allows Cross Site Request Forgery.This issue affects Football Pool: from n/a through = 2.12.2...

4.3CVSS0.00186EPSS
Exploits0References1
CVE
CVE
added 2025/03/27 10:54 a.m.40 views

CVE-2025-30764

CVE-2025-30764 is a CSRF to settings update vulnerability in the Football Pool WordPress plugin. Affected product: Football Pool (WordPress) up to version 2.12.2 (initial description states from n/a through 2.12.2). The connected document confirms the issue as Cross-Site Request Forgery to Settin...

4.3CVSS7.2AI score0.00186EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/27 10:54 a.m.6 views

CVE-2025-30764 WordPress Football Pool plugin <= 2.12.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery CSRF vulnerability in AntoineH Football Pool football-pool allows Cross Site Request Forgery.This issue affects Football Pool: from n/a through = 2.12.2...

4.3CVSS7.3AI score0.00186EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/27 12:0 a.m.4 views

WordPress plugin Football Pool 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

4.3CVSS8.6AI score0.00186EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/03/26 11:41 p.m.5 views

WordPress Football Pool plugin <= 2.12.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross Site Request Forgery CSRF to Settings Change vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Football Pool versions = 2.12.2...

4.3CVSS6.9AI score0.00186EPSS
Exploits0Affected Software1
Openbugbounty
Openbugbounty
added 2025/03/17 12:51 p.m.6 views

football-aktuell.de Cross Site Scripting vulnerability OBB-4037249

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
NVD
NVD
added 2024/09/25 1:15 a.m.17 views

CVE-2024-8917

The AnWP Football Leagues plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.16.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access an...

6.4CVSS0.0037EPSS
Exploits0References5
OSV
OSV
added 2024/09/25 1:15 a.m.5 views

CVE-2024-8917

The AnWP Football Leagues plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.16.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access an...

5.4CVSS5.9AI score0.0037EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/09/25 12:0 a.m.5 views

WordPress plugin AnWP Football Leagues 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site scripting...

6.4CVSS5.9AI score0.0037EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/09/24 6:40 a.m.21 views

CVE-2024-8917 AnWP Football Leagues <= 0.16.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The AnWP Football Leagues plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.16.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access an...

6.4CVSS0.0037EPSS
Exploits0References5
CVE
CVE
added 2024/09/24 6:40 a.m.51 views

CVE-2024-8917

CVE-2024-8917 affects the WordPress plugin AnWP Football Leagues. It enables a Stored XSS via SVG file uploads in all versions up to and including 0.16.7 due to insufficient input sanitization and output escaping. Exploitation requires Author-level access or higher . A patch exists: upgrade to ve...

6.4CVSS5.5AI score0.0037EPSS
Exploits0References5Affected Software1
Patchstack
Patchstack
added 2024/09/24 1:7 a.m.6 views

WordPress AnWP Football Leagues plugin <= 0.16.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin AnWP Football Leagues versions = 0.16.7...

6.4CVSS5.8AI score0.0037EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/09/24 12:0 a.m.10 views

WordPress AnWP Football Leagues Plugin <= 0.16.7 is vulnerable to Cross Site Scripting (XSS)

Software AnWP Football Leagues Type Plugin Vulnerable versions = 0.16.7 Fixed in 0.16.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8917 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1862a8d1a35e Credits Francesco Carluc...

6.4CVSS5.8AI score0.0037EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder