Lucene search
K

154 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 3:18 a.m.4 views

CVE-2023-2797

Mattermost fails to sanitize code permalinks, allowing an attacker to preview code from private repositories by posting a specially crafted permalink on a channel...

6.5CVSS7.1AI score0.00468EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:34 a.m.7 views

CVE-2019-15835

The wp-better-permalinks plugin before 3.0.5 for WordPress has CSRF...

8.8CVSS7.1AI score0.00704EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/25 4:52 p.m.8 views

CVE-2025-27346

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in gerrygooner Rebuild Permalinks rebuild-permalinks allows Reflected XSS.This issue affects Rebuild Permalinks: from n/a through = 1.6...

7.1CVSS7.2AI score0.00235EPSS
Exploits0References1
NVD
NVD
added 2025/04/17 4:15 p.m.2 views

CVE-2025-27346

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in gerrygooner Rebuild Permalinks rebuild-permalinks allows Reflected XSS.This issue affects Rebuild Permalinks: from n/a through = 1.6...

7.1CVSS0.00235EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/17 3:47 p.m.4 views

CVE-2025-27346 WordPress Rebuild Permalinks Plugin <= 1.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in gerrygooner Rebuild Permalinks rebuild-permalinks allows Reflected XSS.This issue affects Rebuild Permalinks: from n/a through = 1.6...

7.1CVSS8.6AI score0.00235EPSS
Exploits0References1
CVE
CVE
added 2025/04/17 3:47 p.m.40 views

CVE-2025-27346

CVE-2025-27346 concerns a Reflected XSS in the WordPress plugin Rebuild Permalinks (builds/permalink generation). The vulnerability targets the plugin’s rebuild-permalinks flow and is described as an improper neutralization of input during web page generation. Affected scope: Rebuild Permalinks v...

7.1CVSS7.2AI score0.00235EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/17 12:0 a.m.3 views

WordPress plugin Rebuild Permalinks 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

7.1CVSS8.2AI score0.00235EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/17 12:0 a.m.2 views

PT-2025-17076 · Unknown · Rebuild Permalinks

Name of the Vulnerable Software and Affected Versions: Rebuild Permalinks versions n/a through 1.6 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This enables potential attackers to...

7.1CVSS8.9AI score0.00235EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2025/03/29 3:3 a.m.2 views

SUSE CVE-2025-27715

Mattermost versions 9.11.x = 9.11.8 fail to prompt for explicit approval before adding a team admin to a private channel, which team admins to joining private channels via crafted permalink links without explicit consent from them...

2.7CVSS6.9AI score0.00201EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/02/21 12:0 a.m.2 views

WordPress Rebuild Permalinks Plugin <= 1.6 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Rebuild Permalinks versions = 1.6...

7.1CVSS6.1AI score0.00235EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2024/09/26 9:31 a.m.23 views

Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events

Mattermost does not strip embeds from metadata when broadcasting posted events. This allows users to include arbitrary embeds in posts, which are then broadcasted via websockets. This can be exploited in many ways, for example to create permalinks with fully customizable content or to trigger a...

6.5CVSS6.9AI score0.00577EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/09/26 9:31 a.m.7 views

GHSA-59HF-MPF8-PQJH Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events

Mattermost does not strip embeds from metadata when broadcasting posted events. This allows users to include arbitrary embeds in posts, which are then broadcasted via websockets. This can be exploited in many ways, for example to create permalinks with fully customizable content or to trigger a...

5.4CVSS5.2AI score0.00577EPSS
Exploits0References6
Patchstack
Patchstack
added 2024/08/26 3:18 a.m.4 views

WordPress Custom Permalinks plugin <= 2.6.0 - Authenticated(Editor+) Stored Cross-Site Scripting vulnerability

AuthenticatedEditor+ Stored Cross-Site Scripting vulnerability discovered by Ram in WordPress Plugin Custom Permalinks versions = 2.6.0...

5.4CVSS5.8AI score0.00303EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/08/26 12:0 a.m.12 views

WordPress Custom Permalinks Plugin <= 2.6.0 is vulnerable to Cross Site Scripting (XSS)

Software Custom Permalinks Type Plugin Vulnerable versions = 2.6.0 Fixed in 2.7.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0926 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 85e376d90fe6 Credits Ram Required privilege...

5.4CVSS5.8AI score0.00303EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2024/08/24 2:15 a.m.1 views

CVE-2023-0926

The Custom Permalinks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.6.0 due to insufficient input sanitization and output escaping on tag names. This allows authenticated users, with editor-level permissions or greater to inject arbitrary we...

5.4CVSS6AI score0.00303EPSS
Exploits0References6
OSV
OSV
added 2024/08/24 2:15 a.m.7 views

CVE-2023-0926

The Custom Permalinks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.6.0 due to insufficient input sanitization and output escaping on tag names. This allows authenticated users, with editor-level permissions or greater to inject arbitrary we...

5.4CVSS5.8AI score
Exploits0References5
CVE
CVE
added 2024/08/24 2:2 a.m.56 views

CVE-2023-0926

CVE-2023-0926 describes a Stored XSS vulnerability in the WordPress plugin Custom Permalinks . Affected versions are

5.4CVSS4.5AI score0.00303EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/23 12:0 a.m.5 views

PT-2024-11930 · WordPress · Custom Permalinks

Name of the Vulnerable Software and Affected Versions: Custom Permalinks plugin for WordPress versions up to and including 2.6.0 Description: The issue is related to insufficient input sanitization and output escaping on tag names, allowing authenticated users with editor-level permissions or...

5.4CVSS7AI score0.00303EPSS
Exploits0References13
OSV
OSV
added 2024/04/09 7:15 p.m.2 views

CVE-2024-2543

The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'geturieditor' function in all versions up to, and including, 2.4.3.1. This makes it possible for unauthenticated attackers to view the permalinks of all posts...

4.3CVSS7.3AI score0.00623EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.3 views

WordPress Plugin Permalink 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security...

4.3CVSS8.3AI score0.00623EPSS
Exploits1References4
Rows per page
Query Builder