Lucene search
K

67 matches found

Positive Technologies
Positive Technologies
added 2025/09/05 12:0 a.m.6 views

PT-2025-36197

Name of the Vulnerable Software and Affected Versions: WPBean WPB Image Widget versions through 1.1 Description: The WPBean WPB Image Widget software contains a flaw due to improper neutralization of input during web page generation, which results in a Stored Cross-site Scripting XSS issue...

6.5CVSS5.5AI score0.0019EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 10:9 a.m.9 views

CVE-2024-2132

The Ultimate Bootstrap Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Widget in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.0032EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:54 a.m.7 views

CVE-2024-10939

The Image Widget WordPress plugin before 4.4.11 does not sanitise and escape some of its Image Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.7AI score0.00324EPSS
Exploits1References1
Patchstack
Patchstack
added 2024/12/13 7:57 p.m.5 views

WordPress Image Widget plugin < 4.4.11 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Image Widget versions 4.4.11...

4.8CVSS6.1AI score0.00324EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2024/12/13 6:15 a.m.12 views

CVE-2024-10939

The Image Widget WordPress plugin before 4.4.11 does not sanitise and escape some of its Image Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS0.00324EPSS
Exploits1References1
OSV
OSV
added 2024/12/13 6:15 a.m.5 views

CVE-2024-10939

The Image Widget WordPress plugin before 4.4.11 does not sanitise and escape some of its Image Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS7.3AI score0.00324EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/12/13 6:0 a.m.12 views

CVE-2024-10939 Image Widget < 4.4.11 - Admin+ Stored XSS

The Image Widget WordPress plugin before 4.4.11 does not sanitise and escape some of its Image Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.8AI score0.00324EPSS
Exploits1References1
CVE
CVE
added 2024/12/13 6:0 a.m.48 views

CVE-2024-10939

CVE-2024-10939 affects the Image Widget WordPress plugin prior to 4.4.11. The flaw is improper sanitization/escaping of certain Image Widget settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in multisite setups). Red Hat, NVD/NIS...

4.8CVSS5.4AI score0.00324EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/12/13 6:0 a.m.21 views

CVE-2024-10939 Image Widget < 4.4.11 - Admin+ Stored XSS

The Image Widget WordPress plugin before 4.4.11 does not sanitise and escape some of its Image Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.00324EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/12/13 12:0 a.m.5 views

PT-2024-16651 · WordPress · Image Widget

Name of the Vulnerable Software and Affected Versions: Image Widget WordPress plugin versions prior to 4.4.11 Description: The issue concerns the Image Widget WordPress plugin, where certain settings of its Image Widget are not properly sanitized and escaped. This could allow high-privilege users...

4.8CVSS8.1AI score0.00324EPSS
Exploits1References7
CNNVD
CNNVD
added 2024/12/13 12:0 a.m.4 views

WordPress plugin Image Widget 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.8CVSS7.8AI score0.00324EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/06/05 12:0 a.m.5 views

PT-2024-29756 · WordPress · Themesflat Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Themesflat Addons For Elementor plugin for WordPress versions up to, and including, 2.1.1 Description: The issue is related to Stored Cross-Site Scripting in the Themesflat Addons For Elementor plugin for WordPress. This is due to insufficien...

6.4CVSS6.1AI score0.00425EPSS
Exploits0References16
Patchstack
Patchstack
added 2024/04/10 12:7 p.m.4 views

WordPress Ultimate Bootstrap Elements for Elementor plugin <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Image Widget vulnerability discovered by Francesco Carlucci in WordPress Plugin Ultimate Bootstrap Elements for Elementor versions = 1.4.0...

6.4CVSS5.8AI score0.0032EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/04/06 9:15 a.m.3 views

CVE-2024-2132

The Ultimate Bootstrap Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Widget in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.4CVSS6AI score0.0032EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/06 12:0 a.m.6 views

WordPress Plugin Ultimate Bootstrap Elements for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

6.4CVSS8AI score0.0032EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/04/06 12:0 a.m.6 views

PT-2024-18855 · WordPress · The Ultimate Bootstrap Elements For Elementor

Name of the Vulnerable Software and Affected Versions: The Ultimate Bootstrap Elements for Elementor plugin for WordPress versions up to, and including, 1.4.0 Description: The issue is related to Stored Cross-Site Scripting via the Image Widget due to insufficient input sanitization and output...

6.4CVSS7.9AI score0.0032EPSS
Exploits0References7
OSV
OSV
added 2024/03/23 3:15 a.m.3 views

CVE-2024-2202

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the legacy Image widget in all versions up to, and including, 2.29.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS7.4AI score0.0043EPSS
Exploits0References3
NVD
NVD
added 2024/03/23 3:15 a.m.9 views

CVE-2024-2202

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the legacy Image widget in all versions up to, and including, 2.29.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.7AI score0.0043EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/03/23 2:32 a.m.13 views

CVE-2024-2202 Page Builder by SiteOrigin <= 2.29.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Legacy Image Widget

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the legacy Image widget in all versions up to, and including, 2.29.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS7.4AI score0.0043EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/03/23 12:0 a.m.5 views

WordPress Plugin Page Builder by SiteOrigin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

6.4CVSS7.6AI score0.0043EPSS
Exploits0References4
Rows per page
Query Builder