Lucene search
K

920 matches found

RedhatCVE
RedhatCVE
added 2025/03/28 5:39 p.m.7 views

CVE-2025-26566

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Frank In Stock Mailer for WooCommerce in-stock-mailer-for-woocommerce allows Reflected XSS.This issue affects In Stock Mailer for WooCommerce: from n/a through = 2.1.1...

7.1CVSS7.2AI score0.00352EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/28 5:37 p.m.7 views

CVE-2025-26560

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in KKWangen WP Contact Form III wp-contact-form-iii allows Reflected XSS.This issue affects WP Contact Form III: from n/a through = 1.6.2d...

7.1CVSS7.2AI score0.00363EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/28 5:36 p.m.6 views

CVE-2025-26546

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pixelpro Cookies Pro cookies-pro allows Reflected XSS.This issue affects Cookies Pro: from n/a through = 1.0...

7.1CVSS7.2AI score0.00363EPSS
Exploits0References1
NVD
NVD
added 2025/03/28 3:15 p.m.9 views

CVE-2025-22566

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in extendyourweb ULTIMATE VIDEO GALLERY ultimate-gallery allows Reflected XSS.This issue affects ULTIMATE VIDEO GALLERY: from n/a through = 1.4...

7.1CVSS0.00226EPSS
Exploits0References1
NVD
NVD
added 2025/03/28 3:15 p.m.10 views

CVE-2025-22526

Deserialization of Untrusted Data vulnerability in mywebtonet PHP/MySQL CPU performance statistics mywebtonet-performancestats allows Object Injection.This issue affects PHP/MySQL CPU performance statistics: from n/a through = 1.2.1...

9.8CVSS0.00511EPSS
Exploits0References1
NVD
NVD
added 2025/03/28 3:15 p.m.21 views

CVE-2025-22523

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in scheduler Schedule schedule allows Blind SQL Injection.This issue affects Schedule: from n/a through = 1.0.0...

9.3CVSS0.00336EPSS
Exploits0References1
NVD
NVD
added 2025/03/28 3:15 p.m.8 views

CVE-2025-22360

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in promact WP Azure offload wp-azure-offload allows Reflected XSS.This issue affects WP Azure offload: from n/a through = 2.0...

7.1CVSS0.00226EPSS
Exploits0References1
NVD
NVD
added 2025/03/28 3:15 p.m.19 views

CVE-2024-54291

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in labs64 PluginPass pluginpass-pro-plugintheme-licensing allows Manipulating Web Input to File System Calls.This issue affects PluginPass: from n/a through = 0.9.10...

8.6CVSS0.00517EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/28 3:12 p.m.31 views

CVE-2025-22523 WordPress Schedule Plugin <= 1.0.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in scheduler Schedule schedule allows Blind SQL Injection.This issue affects Schedule: from n/a through = 1.0.0...

9.3CVSS0.00336EPSS
Exploits0References1
CVE
CVE
added 2025/03/28 3:12 p.m.49 views

CVE-2025-22360

CVE-2025-22360 is a reflected XSS in the WP Azure offload plugin (NotFound WP Azure offload) via improper input neutralization in web page generation. Affected: WP Azure offload versions up to 2.0 (no fixed version details provided in the supplied docs). CVSSv3.1 base score 7.1 (HIGH). No explici...

7.1CVSS7.2AI score0.00226EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/28 3:12 p.m.25 views

CVE-2024-54291 WordPress PluginPass plugin <= 0.9.10 - Arbitrary File Download/Delete vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in labs64 PluginPass pluginpass-pro-plugintheme-licensing allows Manipulating Web Input to File System Calls.This issue affects PluginPass: from n/a through = 0.9.10...

8.6CVSS0.00517EPSS
Exploits0References1
NVD
NVD
added 2025/03/26 3:16 p.m.17 views

CVE-2025-28939

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in EuroCizia WP Google Calendar Manager wp-gcalendar allows Blind SQL Injection.This issue affects WP Google Calendar Manager: from n/a through = 2.1...

8.5CVSS0.00523EPSS
Exploits0References1
NVD
NVD
added 2025/03/26 3:16 p.m.13 views

CVE-2025-28934

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in chaozh Simple Post Series simple-post-series allows Reflected XSS.This issue affects Simple Post Series: from n/a through = 2.4.4...

7.1CVSS0.00294EPSS
Exploits0References1
NVD
NVD
added 2025/03/26 3:16 p.m.10 views

CVE-2025-28921

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in homejunction SpatialMatch IDX spatialmatch-free-lifestyle-search allows Reflected XSS.This issue affects SpatialMatch IDX: from n/a through = 3.0.9...

7.1CVSS0.00294EPSS
Exploits0References1
NVD
NVD
added 2025/03/26 3:16 p.m.16 views

CVE-2025-28916

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Rashid Docpro docpro allows PHP Local File Inclusion.This issue affects Docpro: from n/a through = 2.0.1...

9.8CVSS0.00835EPSS
Exploits0References1
NVD
NVD
added 2025/03/26 3:16 p.m.11 views

CVE-2025-28898

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPExperts.io WP Multistore Locator wp-multi-store-locator allows SQL Injection.This issue affects WP Multistore Locator: from n/a through = 2.5.2...

9.3CVSS0.00556EPSS
Exploits0References1
NVD
NVD
added 2025/03/26 3:16 p.m.8 views

CVE-2025-28903

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hectorgarrofe Driving Directions ddirections allows Reflected XSS.This issue affects Driving Directions: from n/a through = 1.4.4...

7.1CVSS0.00294EPSS
Exploits0References1
NVD
NVD
added 2025/03/26 3:16 p.m.24 views

CVE-2025-28917

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in crazyloong Custom Smilies custom-smilies-se allows Stored XSS.This issue affects Custom Smilies: from n/a through = 2.9.2...

7.1CVSS0.00294EPSS
Exploits0References1
NVD
NVD
added 2025/03/26 3:16 p.m.9 views

CVE-2025-28893

Improper Control of Generation of Code 'Code Injection' vulnerability in Govind Visual Text Editor visual-text-editor allows Remote Code Inclusion.This issue affects Visual Text Editor: from n/a through = 1.2.1...

9.9CVSS0.00717EPSS
Exploits0References1
NVD
NVD
added 2025/03/26 3:16 p.m.17 views

CVE-2025-28889

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in starblank Custom Product Stickers for Woocommerce custom-product-stickers-for-woocommerce allows Reflected XSS.This issue affects Custom Product Stickers for Woocommerce: from n/a through = 1.9.0...

7.1CVSS0.00294EPSS
Exploits0References1
Rows per page
Query Builder