Lucene search
K

10 matches found

NVD
NVD
added 2026/05/20 2:16 a.m.14 views

CVE-2026-6549

The Logo Manager For Enamad plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' attribute of the vcenamadnamad, vcenamadshamed, and vcenamadcustom shortcodes in all versions up to, and including, 0.7.4 due to insufficient input sanitization and output escaping on use...

6.4CVSS0.00245EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/20 1:25 a.m.5 views

CVE-2026-6549

The Logo Manager For Enamad plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' attribute of the vcenamadnamad, vcenamadshamed, and vcenamadcustom shortcodes in all versions up to, and including, 0.7.4 due to insufficient input sanitization and output escaping on use...

6.4CVSS6AI score0.00245EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/20 1:25 a.m.9 views

CVE-2026-6549 Logo Manager For Enamad <= 0.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute

The Logo Manager For Enamad plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' attribute of the vcenamadnamad, vcenamadshamed, and vcenamadcustom shortcodes in all versions up to, and including, 0.7.4 due to insufficient input sanitization and output escaping on use...

6.4CVSS6AI score0.00245EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/20 1:25 a.m.42 views

CVE-2026-6549 Logo Manager For Enamad <= 0.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute

The Logo Manager For Enamad plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' attribute of the vcenamadnamad, vcenamadshamed, and vcenamadcustom shortcodes in all versions up to, and including, 0.7.4 due to insufficient input sanitization and output escaping on use...

6.4CVSS0.00245EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/20 1:25 a.m.12 views

EUVD-2026-31042

The Logo Manager For Enamad plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' attribute of the vcenamadnamad, vcenamadshamed, and vcenamadcustom shortcodes in all versions up to, and including, 0.7.4 due to insufficient input sanitization and output escaping on use...

6.4CVSS6AI score0.00245EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/05/19 12:11 p.m.9 views

WordPress Logo Manager For Enamad plugin <= 0.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Logo Manager For Enamad versions = 0.7.4...

6.4CVSS5.8AI score0.00245EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/09/17 10:0 a.m.3 views

WordPress Logo Manager For Enamad plugin <= 0.7.1 - Admin+ Stored XSS via Widget vulnerability

Admin+ Stored XSS via Widget vulnerability discovered by Bob Matyas in WordPress Plugin Logo Manager For Enamad versions = 0.7.1...

5.7CVSS6AI score0.00315EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/09/17 6:15 a.m.2 views

CVE-2024-5170

The Logo Manager For Enamad WordPress plugin through 0.7.1 does not sanitise and escape in its widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00315EPSS
Exploits1References1
Patchstack
Patchstack
added 2024/06/25 6:55 a.m.3 views

WordPress Logo Manager For Enamad plugin <= 0.7.0 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Logo Manager For Enamad versions = 0.7.0...

8.1CVSS6.2AI score0.00464EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2024/06/25 6:15 a.m.4 views

CVE-2024-4757

The Logo Manager For Enamad WordPress plugin through 0.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

8.1CVSS5.8AI score0.00464EPSS
Exploits2References1
Rows per page
Query Builder