Lucene search
K

61 matches found

NVD
NVD
added 2025/11/11 4:15 a.m.5 views

CVE-2025-12672

The Flickr Show plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'divheight' parameter of the 'flickrshow' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS0.00211EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/11 3:30 a.m.3 views

CVE-2025-11860 Twitter Feed <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Twitter Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ottwitterfeed' shortcode in all versions up to, and including, 1.3.1. This is due to the plugin not properly sanitizing user input and output of the 'width' and 'height' parameters. This makes it possible...

6.4CVSS4.8AI score0.00176EPSS
Exploits0References2
CVE
CVE
added 2025/11/11 3:30 a.m.22 views

CVE-2025-12672

The Flickr Show plugin for WordPress is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the flickrshow shortcode div_height parameter, impacting all versions up to 1.5. Exploitation requires authenticated access at Contributor level or higher, enabling the attacker to inject scri...

6.4CVSS4.8AI score0.00211EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/11 3:30 a.m.3 views

CVE-2025-12672 Flickr Show <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Flickr Show plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'divheight' parameter of the 'flickrshow' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS4.7AI score0.00211EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/11 3:30 a.m.8 views

CVE-2025-12672 Flickr Show <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Flickr Show plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'divheight' parameter of the 'flickrshow' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS0.00211EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/11 3:30 a.m.5 views

CVE-2025-12754 Geopost <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Geopost plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'height' parameter of the 'geopost' shortcode in all versions up to, and including, 1.2. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS4.7AI score0.00211EPSS
Exploits0References3
CVE
CVE
added 2025/11/11 3:30 a.m.17 views

CVE-2025-12754

CVE-2025-12754 (Geopost WordPress plugin) : Concrete details are provided across multiple connected sources. The Geopost plugin (WordPress) is affected in all versions up to 1.2 and is vulnerable to Stored Cross-Site Scripting via the height parameter of the geopost shortcode. The root cause is i...

6.4CVSS4.8AI score0.00211EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.6 views

PT-2025-46257

Name of the Vulnerable Software and Affected Versions Twitter Feed plugin for WordPress versions up to and including 1.3.1 Description The Twitter Feed plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'ottwitter feed' shortcode. This occurs because the plugin does no...

6.4CVSS5.3AI score0.00176EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.7 views

PT-2025-46296

Name of the Vulnerable Software and Affected Versions Geopost plugin for WordPress versions prior to 1.3 Description The Geopost plugin for WordPress is susceptible to Stored Cross-Site Scripting through the height parameter of the 'geopost' shortcode. This is caused by inadequate input...

6.4CVSS5.4AI score0.00211EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/11/11 12:0 a.m.7 views

WordPress plugin Coon Google Maps 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Coon Maps plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data,...

6.4CVSS5.8AI score0.00211EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.7 views

PT-2025-46293

Name of the Vulnerable Software and Affected Versions Flickr Show plugin for WordPress versions prior to 1.6 Description The software is susceptible to Stored Cross-Site Scripting through the div height parameter of the 'flickrshow' shortcode. Insufficient input sanitization and output escaping...

6.4CVSS5.4AI score0.00211EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2010-4865

Malware in sbrugna...

4.3CVSS6.4AI score0.0173EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2014-4501

Malware in sbrugna...

4.3CVSS6.4AI score0.02046EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-25422

Malicious code in bioql PyPI...

6.4CVSS6.4AI score0.0023EPSS
Exploits0References5
NVD
NVD
added 2025/08/21 10:15 a.m.5 views

CVE-2025-8064

The Bible SuperSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘selectorheight’ parameter in all versions up to, and including, 6.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.0023EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/08/21 9:26 a.m.10 views

CVE-2025-8064 Bible SuperSearch <= 6.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via selector_height Parameter

The Bible SuperSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘selectorheight’ parameter in all versions up to, and including, 6.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.0023EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/08/21 9:26 a.m.4 views

CVE-2025-8064 Bible SuperSearch <= 6.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via selector_height Parameter

The Bible SuperSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘selectorheight’ parameter in all versions up to, and including, 6.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.9AI score0.0023EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/08/21 12:0 a.m.8 views

PT-2025-34202 · WordPress · Bible Supersearch

Name of the Vulnerable Software and Affected Versions: Bible SuperSearch plugin for WordPress versions prior to 6.0.2 Description: The Bible SuperSearch plugin for WordPress is susceptible to Stored Cross-Site Scripting via the selector height parameter. Insufficient input sanitization and output...

6.4CVSS6.2AI score0.0023EPSS
Exploits0References10
CVE
CVE
added 2025/08/02 8:24 a.m.20 views

CVE-2025-8391

CVE-2025-8391 – Magic Edge – Lite (WordPress) is a Stored Cross-Site Scripting vulnerability in the plugin for all versions up to 1.1.6, triggered by the height parameter due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at Contributor level or...

6.4CVSS5.5AI score0.00218EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/08/02 12:0 a.m.4 views

WordPress plugin Magic Edge – Lite 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site scripting...

6.4CVSS5.7AI score0.00218EPSS
Exploits0References4
Rows per page
Query Builder