Lucene search
K

31 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.12 views

CVE-2026-5357

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sid' parameter of the 'wpdmmembers' shortcode in versions up to and including 3.3.52. This is due to insufficient input sanitization and output escaping on the user-supplied 'sid' shortcode attribute...

6.4CVSS5.7AI score0.00302EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/20 6:46 a.m.9 views

CVE-2026-6405 Anomify AI <= 0.3.6 - Cross-Site Request Forgery

The Anomify AI – Anomaly Detection and Alerting plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF leading to Stored Cross-Site Scripting XSS in versions up to and including 0.3.6. This is due to missing nonce verification on the settings page handler and insufficient output...

4.3CVSS6AI score0.00168EPSS
Exploits0References7
NVD
NVD
added 2026/04/22 9:16 a.m.4 views

CVE-2026-2719

The Private WP suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Exceptions' setting in all versions up to, and including, 0.4.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.0029EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.7 views

WordPress plugin List category posts 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

6.4CVSS5.7AI score0.00271EPSS
Exploits0References3
NVD
NVD
added 2026/03/21 4:17 a.m.7 views

CVE-2026-3347

The Multi Functional Flexi Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the arvlbmessage parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This is due to the arvlboptionsval sanitize callback returning...

5.5CVSS0.0026EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/02/19 4:36 a.m.3 views

CVE-2025-14452 WP Customer Reviews <= 3.7.5 - Reflected Cross-Site Scripting via 'wpcr3_fname' Parameter

The WP Customer Reviews plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpcr3fname' parameter in all versions up to, and including, 3.7.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS5.8AI score0.00255EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/01/09 12:0 a.m.5 views

WordPress plugin SlimStat Analytics 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

7.2CVSS6AI score0.00247EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/08 12:0 a.m.9 views

Joomla! 3.9.x < 5.4.2 Multiple Vulnerabilities

According to its self-reported version, the instance of Joomla! running on the remote web server is 3.9.x prior to 5.4.2, or 6.x prior to 6.0.2. It is, therefore, affected by multiple vulnerabilities. - Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in...

8.4CVSS6.8AI score0.00175EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/07 9:14 a.m.9 views

CVE-2024-2186

The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Team Members widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.8AI score0.00423EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/13 12:9 p.m.4 views

CVE-2025-12965

The Magical Posts Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mpactitletag' parameter in the Magical Posts Accordion widget in all versions up to, and including, 1.2.54 due to insufficient input sanitization and output escaping on user-supplied HTML tag name...

6.4CVSS5AI score0.00185EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/03 2:2 p.m.8 views

CVE-2025-13731

The Nexter Extension – Site Enhancements Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'nxt-year' shortcode in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/12 3:47 a.m.17 views

CVE-2025-12590

The YSlider plugin for WordPress is vulnerable to Cross-Site Request Forgery to Stored Cross-Site Scripting in all versions up to, and including, 1.1. This is due to missing nonce verification on the content configuration page and insufficient input sanitization and output escaping. This makes it...

6.1CVSS4.8AI score0.00126EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.15 views

EUVD-2025-24198

Malicious code in bioql PyPI...

6.4CVSS6.4AI score0.00232EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/23 4:25 a.m.10 views

CVE-2025-9131 Ogulo – 360° Tour <= 1.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via slug Parameter

The Ogulo – 360° Tour plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slug’ parameter in all versions up to, and including, 1.0.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acce...

6.4CVSS0.00231EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/08/04 9:33 a.m.11 views

CVE-2025-8400

The Image Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will...

6.1CVSS6.7AI score0.00251EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 11:57 a.m.5 views

CVE-2025-0350

The Divi Carousel Maker – Image, Logo, Testimonial, Post Carousel & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Carousel and Logo Carousel in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping on us...

6.4CVSS5.8AI score0.00338EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:5 a.m.4 views

CVE-2024-5060

The LottieFiles – JSON Based Animation Lottie & Bodymovin for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.10.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

6.4CVSS6AI score0.00353EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:2 a.m.5 views

CVE-2024-4896

The WPB Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS6AI score0.00322EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/17 2:13 a.m.18 views

CVE-2025-4579

The WP Content Security Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blocked-uri and effective-directive parameters in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS6.1AI score0.00301EPSS
Exploits0References1
NVD
NVD
added 2025/03/26 9:15 a.m.12 views

CVE-2025-2009

The Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the logging functionality in all versions up to, and including, 4.9.9.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.2CVSS0.00326EPSS
Exploits0References3
Rows per page
Query Builder