Lucene search
K

156 matches found

OSV
OSV
added 2025/05/22 10:15 a.m.3 views

CVE-2025-4405

The Hot Random Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

5.4CVSS5.9AI score0.0023EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/05/22 12:0 a.m.4 views

WordPress plugin Hot Random Image 跨站脚本漏洞

WordPress Hot Random Image is a basic plugin for displaying randomly selected images from a specified folder. A cross-site scripting vulnerability exists in WordPress Hot Random Image, which stems from insufficient link parameter input cleanup and escaping, and can be exploited by an attacker to...

5.4CVSS6.1AI score0.0023EPSS
Exploits0References4
Snyk
Snyk
added 2025/05/06 6:30 p.m.1 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the iconURL parameter in the marketplace-app-manager-web module. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise truste...

7.2CVSS5.3AI score0.03446EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/02/12 12:0 a.m.6 views

PrestaShop 跨站脚本漏洞

PrestaShop is an open source e-commerce solution from the US company PrestaShop. The program provides multiple payment methods, SMS alerts and product image zoom and other features. A cross-site scripting vulnerability exists in PrestaShop version 8.1.7, which stems from missing validation of lin...

4.8CVSS5.8AI score0.00245EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/25 12:0 a.m.6 views

PT-2025-2173 · WordPress · Bilingual Linker

Name of the Vulnerable Software and Affected Versions: Bilingual Linker plugin for WordPress versions up to, and including, 2.4 Description: The issue is related to Stored Cross-Site Scripting, which occurs due to insufficient input sanitization and output escaping. This allows authenticated...

6.4CVSS6.7AI score0.00289EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/01/07 4:21 a.m.16 views

CVE-2024-12214 WooCommerce HSS Extension for Streaming Video <= 3.31 - Reflected Cross-Site Scripting via videolink Parameter

The WooCommerce HSS Extension for Streaming Video plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘videolink’ parameter in all versions up to, and including, 3.31 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS0.00274EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/07 4:21 a.m.7 views

CVE-2024-12214 WooCommerce HSS Extension for Streaming Video <= 3.31 - Reflected Cross-Site Scripting via videolink Parameter

The WooCommerce HSS Extension for Streaming Video plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘videolink’ parameter in all versions up to, and including, 3.31 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS6.4AI score0.00274EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2024/12/23 12:5 p.m.129 views

Exploit for Cross-site Scripting in Pnetlab

Open Redirect CVE-2024-51112 + Exploit Author: Fatime Zeh...

6.1CVSS6.7AI score0.00308EPSS
Exploits3
OSV
OSV
added 2024/12/05 10:31 a.m.3 views

CVE-2024-11420

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Info Block link parameter in all versions up to, and including, 2.0.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-leve...

5.4CVSS5.9AI score0.00249EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/05 12:0 a.m.5 views

PT-2024-16979 · WordPress · Blocksy

Name of the Vulnerable Software and Affected Versions: Blocksy theme for WordPress versions up to and including 2.0.77 Description: The issue is related to Stored Cross-Site Scripting via the link parameter of the Contact Info Block. This is due to insufficient input sanitization and output...

6.4CVSS6.2AI score0.00249EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/11/26 12:0 a.m.8 views

PT-2024-38884 · WordPress · Elementor Website Builder

Name of the Vulnerable Software and Affected Versions: Elementor Website Builder plugin for WordPress versions up to, and including, 3.25.7 Description: The issue is related to Stored Cross-Site Scripting via the url parameter of the Icon widget, caused by insufficient input sanitization and outp...

6.4CVSS6.1AI score0.00362EPSS
Exploits0References6
OSV
OSV
added 2024/10/05 2:15 a.m.3 views

CVE-2024-9385

The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 7.6.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

6.1CVSS5.9AI score0.0036EPSS
Exploits0References3
OSV
OSV
added 2024/09/17 9:15 a.m.3 views

CVE-2024-8761

The Share This Image plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.03. This is due to insufficient validation on the redirect url supplied via the link parameter. This makes it possible for unauthenticated attackers to redirect users to potentially...

6.1CVSS5.8AI score0.00444EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/09/17 12:0 a.m.4 views

PT-2024-39234 · WordPress · Share This Image

Name of the Vulnerable Software and Affected Versions: Share This Image plugin for WordPress versions up to, and including, 2.03 Description: The issue is due to insufficient validation on the redirect url supplied via the link parameter. This makes it possible for unauthenticated attackers to...

7.2CVSS7.1AI score0.00444EPSS
Exploits0References15
CVE
CVE
added 2024/09/13 3:10 p.m.48 views

CVE-2024-5867

CVE-2024-5867 describes a Stored Cross-Site Scripting in the Delicate theme for WordPress via the link parameter of the Button shortcode, affecting all versions up to and including 3.5.5. The issue requires Contributor-level access or higher to exploit and can cause script execution on page load....

6.4CVSS5.6AI score0.00286EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/09/13 12:0 a.m.6 views

PT-2024-37206 · WordPress · Delicate Theme For Wordpress

Name of the Vulnerable Software and Affected Versions: Delicate theme for WordPress versions up to, and including, 3.5.5 Description: The issue is related to Stored Cross-Site Scripting via the link parameter within the theme's Button shortcode due to insufficient input sanitization and output...

6.4CVSS6AI score0.00286EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/09/13 12:0 a.m.5 views

PT-2024-37209 · WordPress · Tweaker5

Name of the Vulnerable Software and Affected Versions: Tweaker5 theme for WordPress versions up to, and including, 1.2 Description: The issue is a Stored Cross-Site Scripting vulnerability due to insufficient input sanitization and output escaping. This allows authenticated attackers with...

6.4CVSS5.9AI score0.00257EPSS
Exploits0References7
OSV
OSV
added 2024/08/06 6:15 a.m.5 views

CVE-2024-5708

The WPBakery Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in all versions up to, and including, 7.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acces...

5.4CVSS5.9AI score0.00248EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/07/02 12:0 a.m.8 views

PT-2024-37253 · WordPress · Boot Store

Name of the Vulnerable Software and Affected Versions: The Boot Store theme for WordPress versions up to, and including, 1.6.4 Description: The issue is related to Stored Cross-Site Scripting via the link parameter within the theme's Button shortcode due to insufficient input sanitization and...

6.4CVSS6.3AI score0.00308EPSS
Exploits0References6
OSV
OSV
added 2024/06/22 4:15 a.m.3 views

CVE-2024-5965

The Mosaic theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter within the theme's Button shortcode in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS5.9AI score0.00257EPSS
Exploits0References2
Rows per page
Query Builder