Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 6:59 a.m.9 views

CVE-2024-10815

The PostLists WordPress plugin through 2.0.2 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

4.2CVSS6.2AI score0.0027EPSS
Exploits1References1
Patchstack
Patchstack
added 2025/01/09 7:51 a.m.4 views

WordPress PostLists plugin <= 2.0.2 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin PostLists versions = 2.0.2...

4.2CVSS6.4AI score0.0027EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/01/09 6:15 a.m.3 views

CVE-2024-10815

The PostLists WordPress plugin through 2.0.2 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

4.2CVSS5.8AI score0.0027EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/01/09 6:0 a.m.5 views

CVE-2024-10815 PostLists <= 2.0.2 - Reflected XSS

The PostLists WordPress plugin through 2.0.2 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

6.2AI score0.0027EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/01/09 6:0 a.m.14 views

CVE-2024-10815 PostLists <= 2.0.2 - Reflected XSS

The PostLists WordPress plugin through 2.0.2 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

0.0027EPSS
Exploits1References1
CVE
CVE
added 2025/01/09 6:0 a.m.43 views

CVE-2024-10815

CVE-2024-10815 pertains to the PostLists WordPress plugin (up to 2.0.2). The issue arises because the plugin does not escape the $_SERVER['REQUEST_URI'] value before echoing it into an HTML attribute, enabling a Reflected XSS in older browsers. Affected plugin: PostLists (WordPress). Root cause: ...

4.2CVSS5.9AI score0.0027EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/09 12:0 a.m.3 views

PT-2025-1608 · WordPress · Postlists

Name of the Vulnerable Software and Affected Versions: PostLists WordPress plugin versions 2.0.2 and earlier Description: The issue is related to the PostLists WordPress plugin, which does not properly escape the $ SERVER'REQUEST URI' parameter before outputting it back in an attribute. This coul...

4.2CVSS8.6AI score0.0027EPSS
Exploits1References7
CNNVD
CNNVD
added 2025/01/09 12:0 a.m.4 views

WordPress plugin PostLists 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.2CVSS7.7AI score0.0027EPSS
Exploits1References1
Rows per page
Query Builder