Lucene search
K

67 matches found

attackerkb
attackerkb
added 2026/04/29 10:40 a.m.5 views

CVE-2026-42643

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in StellarWP Image Widget image-widget allows Stored XSS.This issue affects Image Widget: from n/a through = 4.4.11...

5.9CVSS5.2AI score0.00143EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/04/29 12:0 a.m.11 views

WordPress Plugin Image Widget 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.9CVSS5.6AI score0.00143EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/04/29 12:0 a.m.7 views

PT-2026-35902

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in StellarWP Image Widget image-widget allows Stored XSS.This issue affects Image Widget: from n/a through = 4.4.11...

5.9CVSS5.2AI score0.00143EPSS
Exploits0References1
euvd
euvd
added 2026/04/08 9:31 a.m.4 views

EUVD-2026-20129

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG Image Widget in versions up to and including 8.4.2. This is due to insufficient input sanitization and output escaping on SVG content fetched from remote URLs in the rendersvg...

6.4CVSS6.1AI score0.00387EPSS
Exploits0References9
nvd
nvd
added 2026/04/08 8:16 a.m.3 views

CVE-2026-4655

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG Image Widget in versions up to and including 8.4.2. This is due to insufficient input sanitization and output escaping on SVG content fetched from remote URLs in the rendersvg...

6.4CVSS0.00387EPSS
Exploits0References8
cvelist
cvelist
added 2026/04/08 7:43 a.m.20 views

CVE-2026-4655 Element Pack Addons for Elementor <= 8.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via SVG Image Widget

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG Image Widget in versions up to and including 8.4.2. This is due to insufficient input sanitization and output escaping on SVG content fetched from remote URLs in the rendersvg...

6.4CVSS0.00387EPSS
Exploits0References8
cve
cve
added 2026/04/08 7:43 a.m.8 views

CVE-2026-4655

The CVE concerns the WordPress plugin Element Pack Addons for Elementor (SVG Image Widget) up to version 8.4.2. Root cause: render_svg() fetches SVG content from remote URLs using wp_safe_remote_get() and echoes it without proper sanitization beyond a regex that only adds attributes to the SVG ta...

6.4CVSS6.1AI score0.00387EPSS
Exploits0References8
vulnrichment
vulnrichment
added 2026/04/08 7:43 a.m.1 views

CVE-2026-4655 Element Pack Addons for Elementor <= 8.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via SVG Image Widget

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG Image Widget in versions up to and including 8.4.2. This is due to insufficient input sanitization and output escaping on SVG content fetched from remote URLs in the rendersvg...

6.4CVSS6.1AI score0.00387EPSS
Exploits0References8
patchstack
patchstack
added 2026/04/08 3:28 a.m.6 views

WordPress Element Pack Addons for Elementor plugin <= 8.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via SVG Image Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via SVG Image Widget vulnerability discovered by Webbernaut in WordPress Plugin Element Pack Elementor Addons versions = 8.4.2...

6.4CVSS5.9AI score0.00387EPSS
Exploits0References1Affected Software1
redhatcve
redhatcve
added 2026/01/07 9:14 a.m.7 views

CVE-2024-2202

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the legacy Image widget in all versions up to, and including, 2.29.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.8AI score0.0043EPSS
Exploits0References1
cvelist
cvelist
added 2025/12/13 8:21 a.m.27 views

CVE-2025-8687 Enter Addons <= 2.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown and Image Comparison Widgets

The Enter Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown and Image Comparison widgets in all versions up to, and including, 2.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00189EPSS
Exploits0References3
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-26919

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.0019EPSS
Exploits0References1
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-27162

Malicious code in bioql PyPI...

6.4CVSS8.8AI score0.0043EPSS
Exploits0References3
redhatcve
redhatcve
added 2025/09/07 2:33 p.m.6 views

CVE-2025-58858

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPBean WPB Image Widget wpb-image-widget allows Stored XSS.This issue affects WPB Image Widget: from n/a through = 1.1...

6.5CVSS5.9AI score0.0019EPSS
Exploits0References1
nvd
nvd
added 2025/09/05 2:16 p.m.15 views

CVE-2025-58858

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPBean WPB Image Widget wpb-image-widget allows Stored XSS.This issue affects WPB Image Widget: from n/a through = 1.1...

6.5CVSS0.0019EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/09/05 1:45 p.m.4 views

CVE-2025-58858 WordPress WPB Image Widget Plugin <= 1.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPBean WPB Image Widget wpb-image-widget allows Stored XSS.This issue affects WPB Image Widget: from n/a through = 1.1...

6.5CVSS5.9AI score0.0019EPSS
Exploits0References1
cve
cve
added 2025/09/05 1:45 p.m.13 views

CVE-2025-58858

CVE-2025-58858 affects the WordPress plugin WPB Image Widget (versions up to 1.1). It is a stored XSS caused by improper neutralization of input during web page generation. The impact is stored script execution in pages that render the widget. No exploitation details are provided in the documents...

6.5CVSS5.9AI score0.0019EPSS
Exploits0References1
cvelist
cvelist
added 2025/09/05 1:45 p.m.14 views

CVE-2025-58858 WordPress WPB Image Widget Plugin <= 1.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPBean WPB Image Widget wpb-image-widget allows Stored XSS.This issue affects WPB Image Widget: from n/a through = 1.1...

6.5CVSS0.0019EPSS
Exploits0References1
patchstack
patchstack
added 2025/09/05 1:39 p.m.7 views

WordPress WPB Image Widget Plugin <= 1.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Mika in WordPress Plugin WPB Image Widget versions = 1.1...

6.5CVSS6AI score0.0019EPSS
Exploits0Affected Software1
cnnvd
cnnvd
added 2025/09/05 12:0 a.m.5 views

WordPress plugin WPB Image Widget 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS5.8AI score0.0019EPSS
Exploits0References1
Rows per page
Query Builder