Lucene search
K

8 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-11870

Malware in sbrugna...

5.4CVSS5.5AI score0.00591EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-30564

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00196EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/22 6:23 p.m.11 views

CVE-2025-58241 WordPress SnapWidget Social Photo Feed Widget Plugin <= 1.1.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in snapwidget SnapWidget Social Photo Feed Widget snapwidget-wp-instagram-widget allows DOM-Based XSS.This issue affects SnapWidget Social Photo Feed Widget: from n/a through = 1.1.0...

6.5CVSS0.00196EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/03 3:58 p.m.7 views

CVE-2025-31760

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in snapwidget SnapWidget Social Photo Feed Widget snapwidget-wp-instagram-widget allows DOM-Based XSS.This issue affects SnapWidget Social Photo Feed Widget: from n/a through = 1.1.0...

6.5CVSS7.2AI score0.00331EPSS
Exploits0References1
CVE
CVE
added 2023/10/03 11:0 a.m.59 views

CVE-2023-25989

Summary: CVE-2023-25989 is a CSRF vulnerability reported across multiple Meks WordPress plugins (Audio Player, Time Ago, ThemeForest Smart Widget, Smart Author Widget, Easy Maps, Easy Photo Feed Widget, Simple Flickr Widget, Easy Ads Widget, Smart Social Widget, and related plugins). The flaw ena...

8.8CVSS6.4AI score0.00378EPSS
Exploits0References10Affected Software10
CVE
CVE
added 2022/03/14 2:41 p.m.85 views

CVE-2021-24958

CVE-2021-24958 affects the Meks Easy Photo Feed Widget WordPress plugin prior to version 1.2.4. Root cause: the meks_save_business_selected_account AJAX action lacks capability and CSRF checks and does not escape some settings, making it accessible to any authenticated user. Impact: any authentic...

5.4CVSS5.2AI score0.00591EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/03/14 2:41 p.m.16 views

CVE-2021-24958 Meks Easy Photo Feed Widget < 1.2.4 - Subscriber+ Settings Update to Stored XSS

The Meks Easy Photo Feed Widget WordPress plugin before 1.2.4 does not have capability and CSRF checks in the mekssavebusinessselectedaccount AJAX action, available to any authenticated user, and does not escape some of the settings. As a result, any authenticated user, such as subscriber could...

5.5AI score0.00591EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/11/10 12:0 a.m.46 views

Meks Easy Photo Feed Widget < 1.2.4 - Subscriber+ Settings Update to Stored XSS

The plugin does not have capability and CSRF checks in the mekssavebusinessselectedaccount AJAX action, available to any authenticated user, and does not escape some of the settings. As a result, any authenticated user, such as subscriber could update the plugin's settings and put Cross-Site...

0.2AI score0.00591EPSS
Exploits2
Rows per page
Query Builder