Lucene search
K

72 matches found

EUVD
EUVD
added 2026/03/07 3:30 a.m.6 views

EUVD-2026-10104

The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.26.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...

4.8CVSS5.9AI score0.00187EPSS
Exploits0References5
NVD
NVD
added 2026/02/19 10:16 a.m.5 views

CVE-2026-2716

The Client Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Testimonial Heading' setting in all versions up to, and including, 2.0. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS0.00189EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/19 7:28 a.m.6 views

CVE-2026-1943

The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Shop...

4.4CVSS5.7AI score0.00264EPSS
Exploits0References1
NVD
NVD
added 2026/02/18 10:16 a.m.4 views

CVE-2025-13727

The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 2.7.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

4.4CVSS0.00274EPSS
Exploits0References6
NVD
NVD
added 2026/02/18 8:16 a.m.5 views

CVE-2026-1943

The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Shop...

4.4CVSS0.00264EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/02/14 6:42 a.m.3 views

CVE-2026-0735

The User Language Switch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tabcolorpickerlanguageswitch' parameter in all versions up to, and including, 1.6.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS5.6AI score0.00237EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/29 9:24 a.m.10 views

CVE-2026-1083

The Appointment Hour Booking – Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form field configuration parameters in all versions up to, and including, 1.5.60 due to insufficient input sanitization and output escaping on the 'Min length/characters' and 'Max...

4.4CVSS5.9AI score0.00262EPSS
Exploits0References1
NVD
NVD
added 2026/01/20 6:16 a.m.6 views

CVE-2026-1045

The Viet contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.4CVSS0.00189EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/20 5:30 a.m.3 views

CVE-2026-1045

The Viet contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.4CVSS5.5AI score0.00189EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/15 6:21 a.m.5 views

CVE-2025-15021

The Gotham Block Extra Light plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS5AI score0.00189EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.5 views

PT-2026-2826

The Kunze Law plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's shortcode in all versions up to, and including, 2.1 due to the plugin fetching HTML content from a remote server and injecting it into pages without any sanitization or escaping. This makes it possible fo...

4.4CVSS5AI score0.00237EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 8:54 a.m.17 views

CVE-2021-41263

railsmultisite provides multi-db support for Rails applications. In affected versions this vulnerability impacts any Rails applications using railsmultisite alongside Rails' signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an attacker t...

8.8CVSS6.7AI score0.00608EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/31 12:5 p.m.5 views

CVE-2025-14509

The Lucky Wheel for WooCommerce – Spin a Sale plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.1.13. This is due to the plugin using eval to execute user-supplied input from the 'Conditional Tags' setting without proper validation or sanitization...

7.2CVSS6.8AI score0.00541EPSS
Exploits0References1
NVD
NVD
added 2025/12/30 12:15 p.m.4 views

CVE-2025-14509

The Lucky Wheel for WooCommerce – Spin a Sale plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.1.13. This is due to the plugin using eval to execute user-supplied input from the 'Conditional Tags' setting without proper validation or sanitization...

7.2CVSS0.00541EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.5 views

PT-2025-53921

Name of the Vulnerable Software and Affected Versions Lucky Wheel for WooCommerce – Spin a Sale plugin for WordPress versions up to and including 1.1.13 Description The software contains a PHP Code Injection issue stemming from the use of eval to process user-provided input from the 'Conditional...

7.2CVSS7.3AI score0.00541EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/12/05 9:27 a.m.4 views

CVE-2025-13682 Trail Manager <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting

The Trail Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...

4.4CVSS4.7AI score0.0021EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/11 3:30 a.m.2 views

CVE-2025-12019 Featured Image <= 2.1 - Authenticated (Admin+) Stored Cross-Site Scripting

The Featured Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image metadata in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.4CVSS4.7AI score0.00428EPSS
Exploits1References7
EUVD
EUVD
added 2025/11/01 6:30 a.m.5 views

EUVD-2025-37411

The CSS & JavaScript Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 12.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS4.6AI score0.00173EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/22 6:40 a.m.6 views

EUVD-2025-35324

The Simple Banner – Easily add multiple Banners/Bars/Notifications/Announcements to the top or bottom of your website plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'proversionactivationcode' parameter in all versions up to, and including, 3.0.10 due to insufficient inp...

4.4CVSS4.7AI score0.00173EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-54181

Malicious code in bioql PyPI...

7.2CVSS9.2AI score0.00372EPSS
Exploits0References2
Rows per page
Query Builder