Lucene search
K

590 matches found

RedhatCVE
RedhatCVE
added 2025/12/06 5:54 a.m.5 views

CVE-2025-12368

The Sermon Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sermon-views shortcode in all versions up to, and including, 2.30.0. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticate...

6.4CVSS5AI score0.00194EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/05 9:27 a.m.26 views

CVE-2025-13682 Trail Manager <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting

The Trail Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...

4.4CVSS0.0021EPSS
Exploits0References2
NVD
NVD
added 2025/12/05 6:16 a.m.6 views

CVE-2025-12368

The Sermon Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sermon-views shortcode in all versions up to, and including, 2.30.0. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticate...

6.4CVSS0.00194EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/05 12:0 a.m.5 views

WordPress plugin Trail Manager 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

4.4CVSS5.7AI score0.0021EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.7 views

PT-2025-49210

The Sermon Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sermon-views shortcode in all versions up to, and including, 2.30.0. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticate...

6.4CVSS5AI score0.00194EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.9 views

PT-2025-49238

The Trail Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...

4.4CVSS5AI score0.0021EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/11/28 4:48 p.m.6 views

WordPress Sermon Manager plugin <= 2.30.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Sermon Manager versions = 2.30.0...

5.3CVSS7AI score0.00185EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2025/11/25 7:28 a.m.6 views

CVE-2025-13382 Frontend File Manager Plugin <= 23.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary File Renaming

The Frontend File Manager Plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 23.4. This is due to the plugin not validating file ownership before processing file rename requests in the '/wpfm/v1/file-rename' REST API endpoint. This makes i...

4.3CVSS0.00198EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/11/19 12:0 a.m.6 views

WordPress plugin Pet-Manager 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

6.4CVSS5.9AI score0.00205EPSS
Exploits0References6
CNVD
CNVD
added 2025/11/18 12:0 a.m.3 views

WordPress Booking Manager plugin cross-site scripting vulnerability

WordPress Booking Manager plugin is a tool for managing appointments and schedules, supporting features such as synchronization with external ICS calendars, importing events and exporting booking data. A cross-site scripting vulnerability exists in the WordPress Booking Manager plugin, which stem...

6.5CVSS6.3AI score0.00134EPSS
Exploits0References1
CNVD
CNVD
added 2025/11/18 12:0 a.m.3 views

WordPress WP Manager plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress WP Manager plugin, which arises from a web application that does not adequately validate that a request is...

6.5CVSS6.8AI score0.00093EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/13 9:24 a.m.4 views

CVE-2025-64275 WordPress Booking Manager plugin <= 2.1.17 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpdevelop Booking Manager booking-manager allows Stored XSS.This issue affects Booking Manager: from n/a through = 2.1.17...

6.5CVSS0.00134EPSS
Exploits0References1
NVD
NVD
added 2025/11/11 4:15 a.m.4 views

CVE-2025-12538

The Fleet Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and abov...

4.4CVSS0.00215EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.4 views

PT-2025-46276

Name of the Vulnerable Software and Affected Versions Fleet Manager plugin for WordPress versions prior to 2.5.1 Description The Fleet Manager plugin for WordPress is susceptible to Stored Cross-Site Scripting through admin settings. Insufficient input sanitization and output escaping allows...

4.4CVSS5.2AI score0.00215EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/11/11 12:0 a.m.4 views

WordPress plugin Fleet Manager 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

4.4CVSS5.8AI score0.00215EPSS
Exploits0References2
CVE
CVE
added 2025/11/08 3:27 a.m.15 views

CVE-2025-12177

CVE-2025-12177 affects the WordPress Download Manager plugin (versions ≤ 3.3.30). The root cause is a hardcoded Cron key that enables unauthenticated triggering of deleteExpired() and clearTempDataCPCron(). This can lead to deletion of expired posts and clearing of cache. The vulnerability is con...

5.3CVSS5.7AI score0.00219EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/06 3:55 p.m.11 views

CVE-2025-60245 WordPress WP User Manager plugin <= 2.9.12 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in WP User Manager WP User Manager wp-user-manager allows Object Injection.This issue affects WP User Manager: from n/a through = 2.9.12...

9.8CVSS0.00476EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/04 12:0 a.m.5 views

WordPress plugin EM Beer Manager 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

8.8CVSS7.6AI score0.00582EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/10/31 5:31 p.m.14 views

Ansible does not collect garbage after playbook run

A flaw was found in Ansible Base when using the awsssm connection plugin as its garbage collector is not happening after the playbook run is completed. Files would remain in the bucket exposing the data. This issue directly affects data confidentiality...

5.5CVSS5.1AI score0.00319EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2025/10/23 4:17 p.m.9 views

CVE-2025-62169

OctoPrint-SpoolManager is a plugin for managing spools and all their usage metadata. In versions 1.8.0a2 and older of the testing branch and versions 1.7.7 and older of the stable branch, the APIs of the OctoPrint-SpoolManager plugin do not correctly enforce authentication or authorization checks...

8.1CVSS0.00433EPSS
Exploits0References4
Rows per page
Query Builder