Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

62 matches found

Patchstack
Patchstackadded 2025/12/31 12:0 a.m.6 views

WordPress Frontend Dashboard plugin 1.5.10 - 2.2.7 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via ajax_request Function vulnerability

WordPress Frontend Dashboard plugin 1.5.10 - 2.2.7 - Missing Authorization to Authenticated Subscriber+ Account Takeover/Privilege Escalation via ajaxrequest Function vulnerability discovered by kr0d in WordPress Plugin Frontend Dashboard versions 1.5.10-2.2.7...

8.8CVSS5.9AI score0.00394EPSS
Exploits0References1Affected Software1
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2024-30513

Malicious code in bioql PyPI...

7.5CVSS6.5AI score0.00484EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2025-12076

Malicious code in bioql PyPI...

9.3CVSS9.1AI score0.00233EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2024-26770

Malicious code in bioql PyPI...

6.5CVSS8.6AI score0.00197EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2025-17258

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00143EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/06/08 1:19 p.m.4 views

CVE-2025-49310

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in M A Vinoth Kumar Frontend Dashboard frontend-dashboard allows Stored XSS.This issue affects Frontend Dashboard: from n/a through = 2.2.8...

6.5CVSS5.9AI score0.00143EPSS
Exploits0References1
NVD
NVDadded 2025/06/06 1:15 p.m.2 views

CVE-2025-49310

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in M A Vinoth Kumar Frontend Dashboard frontend-dashboard allows Stored XSS.This issue affects Frontend Dashboard: from n/a through = 2.2.8...

6.5CVSS0.00143EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/06/06 12:53 p.m.5 views

CVE-2025-49310 WordPress Frontend Dashboard <= 2.2.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in M A Vinoth Kumar Frontend Dashboard allows Stored XSS. This issue affects Frontend Dashboard: from n/a through 2.2.8...

6.5CVSS6.7AI score0.00143EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/06/06 12:53 p.m.13 views

CVE-2025-49310 WordPress Frontend Dashboard plugin <= 2.2.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in M A Vinoth Kumar Frontend Dashboard frontend-dashboard allows Stored XSS.This issue affects Frontend Dashboard: from n/a through = 2.2.8...

6.5CVSS0.00143EPSS
Exploits0References1
CVE
CVEadded 2025/06/06 12:53 p.m.34 views

CVE-2025-49310

CVE-2025-49310: Stored XSS in the Frontend Dashboard WordPress plugin (Frontend Dashboard) allowed authenticated users to inject scripts via improper input neutralization during web page generation; affects Frontend Dashboard v1.0 through 2.2.8 (auth+); patched in v2.2.8.

6.5CVSS5.9AI score0.00143EPSS
Exploits0References1
CNNVD
CNNVDadded 2025/06/06 12:0 a.m.1 views

WordPress plugin Frontend Dashboard 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS6.1AI score0.00143EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/06/06 12:0 a.m.1 views

PT-2025-24238 · Unknown · M A Vinoth Kumar Frontend Dashboard

Name of the Vulnerable Software and Affected Versions: M A Vinoth Kumar Frontend Dashboard versions n/a through 2.2.8 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS in the Frontend Dashboard...

6.5CVSS6.1AI score0.00143EPSS
Exploits0References3
Patchstack
Patchstackadded 2025/06/05 12:16 a.m.8 views

WordPress Frontend Dashboard plugin <= 2.2.8 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Frontend Dashboard versions = 2.2.8...

6.5CVSS6AI score0.00143EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVEadded 2025/05/23 8:55 a.m.8 views

CVE-2024-29775

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in vinoth06. Frontend Dashboard allows Stored XSS.This issue affects Frontend Dashboard: from n/a through 2.2.1...

6.5CVSS8.6AI score0.00197EPSS
Exploits0References1
CVE
CVEadded 2025/05/13 6:40 a.m.42 views

CVE-2025-4474

CVE-2025-4474 affects the WordPress Frontend Dashboard plugin (versions 1.0–2.2.7). A missing capability check in fed_admin_setting_form_function() allows authenticated users with Subscriber+ to overwrite the plugin’s register role, elevating privileges to administrator. Public references in Word...

8.8CVSS8.5AI score0.00332EPSS
Exploits0References5
Cvelist
Cvelistadded 2025/05/13 6:40 a.m.14 views

CVE-2025-4474 Frontend Dashboard 1.0 - 2.2.7 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via fed_admin_setting_form_function Function

The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the fedadminsettingformfunction function in versions 1.0 to 2.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to overwrite the...

8.8CVSS0.00332EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2025/05/13 6:40 a.m.9 views

CVE-2025-4474 Frontend Dashboard 1.0 - 2.2.7 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via fed_admin_setting_form_function Function

The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the fedadminsettingformfunction function in versions 1.0 to 2.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to overwrite the...

8.8CVSS8.5AI score0.00332EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2025/05/13 6:40 a.m.6 views

CVE-2025-4473 Frontend Dashboard 1.5.10 - 2.2.7 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via ajax_request Function

The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajaxrequest function in versions 1.0 to 2.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to control where the plugin sends...

8.8CVSS8.5AI score0.00394EPSS
Exploits0References6
Cvelist
Cvelistadded 2025/05/13 6:40 a.m.15 views

CVE-2025-4473 Frontend Dashboard 1.5.10 - 2.2.7 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via ajax_request Function

The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajaxrequest function in versions 1.0 to 2.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to control where the plugin sends...

8.8CVSS0.00394EPSS
Exploits0References6
CVE
CVEadded 2025/05/13 6:40 a.m.40 views

CVE-2025-4473

CVE-2025-4473 concerns the WordPress Frontend Dashboard plugin (versions 1.0–2.2.7). The issue is a missing capability check in the ajax_request() function, enabling authenticated users with Subscriber-level access or higher to redirect outgoing emails (e.g., SMTP) to an attacker-controlled serve...

8.8CVSS8.6AI score0.00394EPSS
Exploits0References6
Rows per page
Query Builder