Lucene search
+L

77 matches found

cvelist
cvelist
added 2025/06/09 6:0 a.m.20 views

CVE-2025-3582 Newsletter < 8.8.5 - Admin+ Stored XSS via Form

The Newsletter WordPress plugin before 8.85 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.0022EPSS
Exploits1References1
cnnvd
cnnvd
added 2025/06/09 12:0 a.m.8 views

WordPress plugin Newsletter security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

4.8CVSS5.7AI score0.0022EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/23 3:3 a.m.7 views

CVE-2023-1982

The Front Editor WordPress plugin through 4.0.4 does not sanitize and escape some of its form settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.3AI score0.00379EPSS
Exploits2References1
redhatcve
redhatcve
added 2025/05/22 8:31 p.m.6 views

CVE-2021-25105

The Ivory Search WordPress plugin before 5.4.1 does not escape some of the Form settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.9AI score0.00598EPSS
Exploits2References1
redhatcve
redhatcve
added 2025/05/04 6:7 a.m.31 views

CVE-2025-3513

The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS5.7AI score0.00274EPSS
Exploits1References1
osv
osv
added 2025/05/02 6:15 a.m.7 views

CVE-2025-3514

The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS7.3AI score0.00219EPSS
Exploits1References1
nvd
nvd
added 2025/05/02 6:15 a.m.13 views

CVE-2025-3513

The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS0.00274EPSS
Exploits1References1
osv
osv
added 2025/05/02 6:15 a.m.6 views

CVE-2025-3513

The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS5.8AI score0.00274EPSS
Exploits1References1
cnnvd
cnnvd
added 2025/05/02 12:0 a.m.7 views

WordPress plugin SureForms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

3.5CVSS5.7AI score0.00274EPSS
Exploits1References2
redhatcve
redhatcve
added 2025/02/05 1:8 a.m.9 views

CVE-2024-46998

baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Edit Email Form Settings Feature. Version 5.1.2 fixes the issue...

7.1CVSS6.1AI score0.00328EPSS
Exploits0
osv
osv
added 2025/01/13 6:15 a.m.4 views

CVE-2024-12566

The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

4.8CVSS5.8AI score0.00292EPSS
Exploits1References1
cnnvd
cnnvd
added 2025/01/13 12:0 a.m.5 views

WordPress plugin Email Subscribers by Icegram Express 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability exists in the WordPress plugin...

4.8CVSS8.2AI score0.00292EPSS
Exploits1References1
cnnvd
cnnvd
added 2025/01/13 12:0 a.m.3 views

WordPress plugin Email Subscribers by Icegram Express 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability exists in the WordPress plugin...

4.8CVSS8.2AI score0.00292EPSS
Exploits1References1
jvn
jvn
added 2024/10/25 6:7 a.m.4 views

Multiple vulnerabilities in baserCMS

Overview baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability due to inappropriate Slug handling on Article Edit CWE-79 - CVE-2024-46996 Stored cross-site scripting vulnerability on Edit Email Form Settings CWE-79 ...

7.1CVSS5.9AI score0.00328EPSS
Exploits0References8
jvn
jvn
added 2024/10/25 12:0 a.m.41 views

JVN#00876083: Multiple vulnerabilities in baserCMS

baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability due to inappropriate Slug handling on Article Edit CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score 5.4 CVE-2024-46996 Stored cross-site scripting...

7.1CVSS6.3AI score0.00328EPSS
Exploits0
snyk
snyk
added 2024/10/24 7:41 p.m.1 views

Cross-site Scripting (XSS)

Overview baserproject/basercms is a Content management system based on CakePHP. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Edit Email Form Settings feature. An attacker can manipulate the web page content or hijack user sessions. Details Cross-site...

7.1CVSS5.3AI score0.00328EPSS
Exploits0References2
nvd
nvd
added 2024/10/24 7:15 p.m.41 views

CVE-2024-46998

baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Edit Email Form Settings Feature. Version 5.1.2 fixes the issue...

7.1CVSS0.00328EPSS
Exploits0References2
cve
cve
added 2024/10/24 6:52 p.m.65 views

CVE-2024-46998

CVE-2024-46998 affects baserCMS with a cross-site scripting (XSS) vulnerability in the Edit Email Form Settings feature. Multiple connected sources confirm the issue resides in baserCMS and can permit script execution under certain conditions. The issue is addressed in newer baserCMS releases: up...

7.1CVSS5.7AI score0.00328EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2024/10/24 6:52 p.m.43 views

CVE-2024-46998 baserCMS has a Cross-site Scripting (XSS) Vulnerability in Edit Email Form Settings Feature

baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Edit Email Form Settings Feature. Version 5.1.2 fixes the issue...

7.1CVSS0.00328EPSS
Exploits0References2
osv
osv
added 2024/10/24 6:52 p.m.29 views

CVE-2024-46998 baserCMS has a Cross-site Scripting (XSS) Vulnerability in Edit Email Form Settings Feature

baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Edit Email Form Settings Feature. Version 5.1.2 fixes the issue...

7.1CVSS5.8AI score0.00328EPSS
Exploits0References4
Rows per page
Query Builder