Lucene search
K

12 matches found

Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.8 views

PT-2026-1963

Name of the Vulnerable Software and Affected Versions AMP for WP plugin for WordPress versions prior to 1.1.11 Description The AMP for WP plugin for WordPress is susceptible to Stored Cross-Site Scripting through SVG file uploads. Insufficient sanitization of SVG file content allows for the...

6.4CVSS5.5AI score0.00188EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-10263

Malware in sbrugna...

4.8CVSS5.2AI score0.00535EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 7:50 a.m.8 views

CVE-2018-20838

ampforwpsavestepsdata in the AMP for WP plugin before 0.9.97.21 for WordPress allows stored XSS...

5.4CVSS6.8AI score0.01078EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/15 8:7 p.m.12 views

CVE-2024-7759 PWA For WP & AMP < 1.7.72 Administrator+ Stored XSS

The PWA for WP WordPress plugin before 1.7.72 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.00266EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/04/04 3:58 p.m.15 views

CVE-2025-32179 WordPress Maps for WP Plugin <= 1.2.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in icopydoc Maps for WP maps-for-wp allows Stored XSS.This issue affects Maps for WP: from n/a through = 1.2.4...

6.5CVSS0.00341EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/23 9:32 a.m.14 views

CVE-2024-13648

The Maps for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'MapOnePoint' shortcode in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.8AI score0.00278EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/21 9:21 a.m.12 views

CVE-2024-13648 Maps for WP <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Maps for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'MapOnePoint' shortcode in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00278EPSS
Exploits0References3
CVE
CVE
added 2025/02/21 9:21 a.m.51 views

CVE-2024-13648

The CVE-2024-13648 entry for Maps for WP is supported by connected Wordfence details that describe a Stored Cross-Site Scripting via the MapOnePoint shortcode in all versions up to 1.2.4, exploitable by authenticated users with contributor+ privileges. The underlying issue is insufficient input s...

6.4CVSS5.7AI score0.00278EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/12/12 3:23 a.m.54 views

CVE-2024-11419

CVE-2024-11419 affects the Password for WP WordPress plugin (versions up to and including 1.3). The vulnerability arises from missing or incorrect nonce validation in get3_init_admin_page(), enabling unauthenticated attackers to update plugin settings and inject script via forged requests. Wordfe...

6.1CVSS7.2AI score0.00208EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/03/21 3:29 p.m.24 views

CVE-2024-27967 WordPress DSGVO All in one for WP plugin <= 4.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Michael Leithold DSGVO All in one for WP.This issue affects DSGVO All in one for WP: from n/a through 4.3...

4.3CVSS7AI score0.00227EPSS
Exploits0References1
CVE
CVE
added 2019/05/13 4:4 a.m.62 views

CVE-2018-20838

Summary: CVE-2018-20838 concerns the WordPress AMP for WP plugin. The vulnerability, described as a stored XSS in the function ampforwp_save_steps_data, affects versions before 0.9.97.21. The underlying issue is lack of proper validation of client-side data in the plugin, enabling an attacker to ...

5.4CVSS5.5AI score0.01078EPSS
Exploits1References4Affected Software1
CNVD
CNVD
added 2019/05/13 12:0 a.m.3 views

WordPress AMP for WP Plugin Cross-Site Scripting Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in ampforwpsavestepsdata in WordPress AMP for WP plugin versions...

5.4CVSS6.3AI score0.01078EPSS
Exploits1References1
Rows per page
Query Builder