Lucene search
K

1692 matches found

Vulnrichment
Vulnrichment
added 2026/05/16 3:25 p.m.9 views

CVE-2020-37235 WordPress Theme Wibar 1.1.8 Stored Cross-Site Scripting via Brand Component

WordPress Theme Wibar 1.1.8 contains a stored cross-site scripting vulnerability in the Brand component that allows authenticated users to inject malicious scripts by manipulating the Logo URL parameter. Attackers with editor, administrator, contributor, or author privileges can inject...

6.4CVSS5.9AI score0.00243EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/16 3:25 p.m.8 views

CVE-2020-37235

WordPress Theme Wibar 1.1.8 contains a stored cross-site scripting vulnerability in the Brand component that allows authenticated users to inject malicious scripts by manipulating the Logo URL parameter. Attackers with editor, administrator, contributor, or author privileges can inject...

6.4CVSS5.9AI score0.00243EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/05/16 3:25 p.m.16 views

CVE-2020-37235

CVE-2020-37235 concerns WordPress Theme Wibar 1.1.8, where a stored XSS flaw exists in the Brand component. The vulnerability allows authenticated users with editor/administrator/contributor/author roles to inject base64-encoded script payloads via the ftc_brand_url input field, resulting in arbi...

6.4CVSS5.9AI score0.00243EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/16 3:25 p.m.36 views

CVE-2020-37235 WordPress Theme Wibar 1.1.8 Stored Cross-Site Scripting via Brand Component

WordPress Theme Wibar 1.1.8 contains a stored cross-site scripting vulnerability in the Brand component that allows authenticated users to inject malicious scripts by manipulating the Logo URL parameter. Attackers with editor, administrator, contributor, or author privileges can inject...

6.4CVSS0.00243EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/16 3:25 p.m.10 views

EUVD-2020-31237

WordPress Theme Wibar 1.1.8 contains a stored cross-site scripting vulnerability in the Brand component that allows authenticated users to inject malicious scripts by manipulating the Logo URL parameter. Attackers with editor, administrator, contributor, or author privileges can inject...

6.4CVSS5.9AI score0.00243EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/16 3:25 p.m.8 views

CVE-2020-37227 WordPress Plugin HS Brand Logo Slider 2.1 Unrestricted File Upload

HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. Attackers can intercept upload requests to the logoupload parameter in the admin interface and rename files to...

8.8CVSS6.3AI score0.00541EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/16 3:25 p.m.7 views

CVE-2020-37227

HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. Attackers can intercept upload requests to the logoupload parameter in the admin interface and rename files to...

8.8CVSS6.3AI score0.00541EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/05/16 3:25 p.m.18 views

CVE-2020-37227

HS Brand Logo Slider 2.1 (a WordPress plugin) has an unrestricted file upload vulnerability. Authenticated users can bypass client-side extension checks by targeting the logoupload parameter in the admin interface and rename uploaded files to executable extensions such as .php, enabling remote co...

8.8CVSS6.3AI score0.00541EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/16 3:25 p.m.39 views

CVE-2020-37227 WordPress Plugin HS Brand Logo Slider 2.1 Unrestricted File Upload

HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. Attackers can intercept upload requests to the logoupload parameter in the admin interface and rename files to...

8.8CVSS0.00541EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.14 views

PT-2026-41435

WordPress Theme Wibar 1.1.8 contains a stored cross-site scripting vulnerability in the Brand component that allows authenticated users to inject malicious scripts by manipulating the Logo URL parameter. Attackers with editor, administrator, contributor, or author privileges can inject...

6.4CVSS5.9AI score0.00243EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.10 views

WordPress plugin theme Wibar 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.8AI score0.00243EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.12 views

WordPress plugin HS Brand Logo Slider 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

8.8CVSS6.4AI score0.00541EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/14 6:26 p.m.9 views

Karakeep SDK has SSRF via metascraper-logo-favicon that bypasses validateUrl protections

Summary The metascraper-logo-favicon plugin makes HTTP requests to URLs extracted from attacker-controlled HTML without going through the application's validateUrl SSRF protections. This allows any authenticated user to make the server fetch arbitrary internal URLs by bookmarking a page containin...

6AI score
Exploits0References5Affected Software1
NVD
NVD
added 2026/05/14 7:16 a.m.25 views

CVE-2026-3892

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.4.107. This is due to insufficient file path validation in the become-dealer logo upload flow. The plugin allows any authenticated user to...

8.1CVSS0.00256EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/14 6:44 a.m.46 views

CVE-2026-3892 Motors – Car Dealer, Classifieds & Listing <= 1.4.107 - Authenticated (Subscriber+) Arbitrary File Deletion via 'stm_dealer_logo_path' Parameter

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.4.107. This is due to insufficient file path validation in the become-dealer logo upload flow. The plugin allows any authenticated user to...

8.1CVSS0.00256EPSS
Exploits0References2
CVE
CVE
added 2026/05/14 6:44 a.m.19 views

CVE-2026-3892

The Motors – Car Dealership & Classified Listings Plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to 1.4.107 due to insufficient file path validation in the become-dealer logo upload flow. An authenticated user with subscriber+ access can set an arbitrary filesyst...

8.1CVSS5.9AI score0.00256EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/14 6:44 a.m.8 views

CVE-2026-3892 Motors – Car Dealer, Classifieds & Listing <= 1.4.107 - Authenticated (Subscriber+) Arbitrary File Deletion via 'stm_dealer_logo_path' Parameter

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.4.107. This is due to insufficient file path validation in the become-dealer logo upload flow. The plugin allows any authenticated user to...

8.1CVSS5.9AI score0.00256EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.13 views

PT-2026-40884

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.4.107. This is due to insufficient file path validation in the become-dealer logo upload flow. The plugin allows any authenticated user to...

8.1CVSS5.9AI score0.00256EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/07 1:48 p.m.13 views

EUVD-2026-28383

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.8.1, the SSRF protection in endpoints/subscription/add.php line 42 and endpoints/payments/add.php line 40 uses an inline IP validation check FILTERFLAGNOPRIVRANGE | FILTERFLAGNORESRANGE that does not block...

4.3CVSS5.7AI score0.00204EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/07 1:48 p.m.30 views

CVE-2026-41687 Wallos: SSRF CGNAT Bypass in subscription/payments Logo URL — is_cgnat_ip() Not Used in Inline Checks

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.8.1, the SSRF protection in endpoints/subscription/add.php line 42 and endpoints/payments/add.php line 40 uses an inline IP validation check FILTERFLAGNOPRIVRANGE | FILTERFLAGNORESRANGE that does not block...

4.3CVSS0.00204EPSS
Exploits0References3
Rows per page
Query Builder