Lucene search
K

26 matches found

RedhatCVE
RedhatCVE
added 2025/12/16 4:57 a.m.6 views

CVE-2025-13740

The Lightweight Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lightweight-accordion shortcode in all versions up to, and including, 1.5.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS5AI score0.00155EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/15 6:55 p.m.11 views

WordPress Lightweight Accordion plugin <= 1.5.20 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Lightweight Accordion versions = 1.5.20...

6.4CVSS5.6AI score0.00155EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/12/15 4:15 a.m.5 views

CVE-2025-13740

The Lightweight Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lightweight-accordion shortcode in all versions up to, and including, 1.5.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS0.00155EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/15 3:20 a.m.2 views

CVE-2025-13740 Lightweight Accordion <= 1.5.20 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Lightweight Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lightweight-accordion shortcode in all versions up to, and including, 1.5.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS4.7AI score0.00155EPSS
Exploits0References2
CVE
CVE
added 2025/12/15 3:20 a.m.18 views

CVE-2025-13740

CVE-2025-13740 affects the WordPress plugin Lightweight Accordion (all versions up to and including 1.5.20). The vulnerability is a Stored Cross‑Site Scripting (Stored XSS) due to insufficient input sanitization and output escaping on attributes supplied to the plugin’s lightweight-accordion shor...

6.4CVSS4.7AI score0.00155EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/15 3:20 a.m.29 views

CVE-2025-13740 Lightweight Accordion <= 1.5.20 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Lightweight Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lightweight-accordion shortcode in all versions up to, and including, 1.5.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS0.00155EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/15 12:0 a.m.3 views

WordPress plugin Lightweight Accordion 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A cross-site scriptin...

6.4CVSS5.7AI score0.00155EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.5 views

PT-2025-51188

The Lightweight Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lightweight-accordion shortcode in all versions up to, and including, 1.5.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS5AI score0.00155EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-12434

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00562EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.11 views

EUVD-2024-27386

Malicious code in bioql PyPI...

6.4CVSS8.8AI score0.00429EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 2:52 a.m.15 views

CVE-2023-0373

The Lightweight Accordion WordPress plugin before 1.5.15 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.9AI score0.00562EPSS
Exploits2References1
OSV
OSV
added 2024/04/09 7:15 p.m.4 views

CVE-2024-2436

The Lightweight Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.5.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.4CVSS6AI score0.00429EPSS
Exploits0References3
NVD
NVD
added 2024/04/09 7:15 p.m.23 views

CVE-2024-2436

The Lightweight Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.5.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.7AI score0.00429EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/04/09 6:58 p.m.12 views

CVE-2024-2436

The Lightweight Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.5.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.8AI score0.00429EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/04/09 6:58 p.m.27 views

CVE-2024-2436 Lightweight Accordion <= 1.5.16 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

The Lightweight Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.5.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.8AI score0.00429EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.5 views

WordPress Plugin Lightweight Accordion 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.4CVSS8AI score0.00429EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/03/25 12:0 a.m.10 views

WordPress Lightweight Accordion Plugin <= 1.5.16 is vulnerable to Cross Site Scripting (XSS)

Software Lightweight Accordion Type Plugin Vulnerable versions = 1.5.16 Fixed in 1.5.17 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2436 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b6e6c77a276d Credits Krzysztof Zając...

6.4CVSS6AI score0.00429EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/02/13 3:15 p.m.6 views

CVE-2023-0373

The Lightweight Accordion WordPress plugin before 1.5.15 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS6.1AI score0.00562EPSS
Exploits2References1
Prion
Prion
added 2023/02/13 3:15 p.m.17 views

Cross site scripting

The Lightweight Accordion WordPress plugin before 1.5.15 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

4.9CVSS5.4AI score0.00562EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2023/02/13 2:32 p.m.66 views

CVE-2023-0373

CVE-2023-0373 affects the Lightweight Accordion WordPress plugin up to version 1.5.15. The vulnerability stems from failing to validate and escape certain block options before rendering in embed contexts, enabling Stored XSS for users with the contributor role or higher, with user interaction req...

5.4CVSS5.3AI score0.00562EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder