Lucene search
K

6279 matches found

Circl
Circl
added 2025/12/13 7:3 a.m.5 views

CVE-2025-10738

creationtimestamp| type| source ---|---|--- 2025-12-13 07:03:22+00:00| seen| https://infosec.exchange/users/offseq/statuses/115710977696604993 2025-12-13 07:03:23+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3m7tzwnt5rw2g 2025-12-13 11:25:30+00:00| seen|...

9.8CVSS4.9AI score0.00354EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/13 4:31 a.m.5 views

CVE-2025-9218 rtMedia for WordPress, BuddyPress and bbPress 4.7.0 - 4.7.3 - Missing Authorization to Unauthenticated Information Disclosure via handle_rest_pre_dispatch Function

The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to to Information Disclosure due to missing authorization in the handlerestpredispatch function when the Godam plugin is active, in versions 4.7.0 to 4.7.3. This makes it possible for unauthenticated attackers to...

3.7CVSS5.5AI score0.0023EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/13 4:31 a.m.30 views

CVE-2025-9218 rtMedia for WordPress, BuddyPress and bbPress 4.7.0 - 4.7.3 - Missing Authorization to Unauthenticated Information Disclosure via handle_rest_pre_dispatch Function

The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to to Information Disclosure due to missing authorization in the handlerestpredispatch function when the Godam plugin is active, in versions 4.7.0 to 4.7.3. This makes it possible for unauthenticated attackers to...

3.7CVSS0.0023EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/13 4:31 a.m.25 views

CVE-2025-14288 Gallery Blocks with Lightbox <= 3.3.0 - Missing Authorization to Authenticated (Contributor+) Plugin Settings Modification

The Gallery Blocks with Lightbox. Image Gallery, HTML5 video , YouTube, Vimeo Video Gallery and Lightbox for native gallery plugin for WordPress is vulnerable to unauthorized modification of plugin settings in all versions up to, and including, 3.3.0. This is due to the plugin using the editposts...

4.3CVSS0.0019EPSS
Exploits0References3
NVD
NVD
added 2025/12/12 12:15 p.m.8 views

CVE-2025-12965

The Magical Posts Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mpactitletag' parameter in the Magical Posts Accordion widget in all versions up to, and including, 1.2.54 due to insufficient input sanitization and output escaping on user-supplied HTML tag name...

6.4CVSS0.00185EPSS
Exploits0References3
Circl
Circl
added 2025/12/12 11:16 a.m.5 views

CVE-2025-12835

creationtimestamp| type| source ---|---|--- 2025-12-12 11:16:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m7rxmw3kmx2o 2025-12-12 11:39:23+00:00| seen| https://gist.github.com/Darkcrai86/d0c8b5915c574f601755cd9b61e0fc7a...

7.3CVSS5.8AI score0.00243EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/12 11:15 a.m.25 views

CVE-2025-12965 Magical Posts Display <= 1.2.54 - Authenticated (Author+) Stored Cross-Site Scripting via Magical Posts Accordion Widget

The Magical Posts Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mpactitletag' parameter in the Magical Posts Accordion widget in all versions up to, and including, 1.2.54 due to insufficient input sanitization and output escaping on user-supplied HTML tag name...

6.4CVSS0.00185EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/12 11:15 a.m.4 views

EUVD-2025-203075

The Magical Posts Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mpactitletag' parameter in the Magical Posts Accordion widget in all versions up to, and including, 1.2.54 due to insufficient input sanitization and output escaping on user-supplied HTML tag name...

6.4CVSS4.6AI score0.00185EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/12 11:15 a.m.4 views

CVE-2025-12965 Magical Posts Display <= 1.2.54 - Authenticated (Author+) Stored Cross-Site Scripting via Magical Posts Accordion Widget

The Magical Posts Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mpactitletag' parameter in the Magical Posts Accordion widget in all versions up to, and including, 1.2.54 due to insufficient input sanitization and output escaping on user-supplied HTML tag name...

6.4CVSS4.7AI score0.00185EPSS
Exploits0References3
CVE
CVE
added 2025/12/12 11:15 a.m.15 views

CVE-2025-12965

CVE-2025-12965 refers to the Magical Posts Display – Elementor Advanced Posts widgets plugin. The Wordfence intelligence entry confirms a stored XSS via the mpac_title_tag parameter in the Magical Posts Accordion widget, affecting all versions up to and including 1.2.54. Root cause: insufficient ...

6.4CVSS4.7AI score0.00185EPSS
Exploits0References3
Circl
Circl
added 2025/12/12 4:34 a.m.3 views

CVE-2025-12963

creationtimestamp| type| source ---|---|--- 2025-12-12 04:34:36+00:00| seen| https://infosec.exchange/users/offseq/statuses/115704730410222311 2025-12-12 04:34:37+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3m7rb5pqz5r2j 2025-12-12 05:25:47+00:00| seen|...

9.8CVSS5.3AI score0.00311EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/12 4:13 a.m.4 views

CVE-2025-10163

The List category posts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘startingwith’ parameter of the catlist shortcode in all versions up to, and including, 0.91.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS6.6AI score0.00286EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/12 12:30 a.m.7 views

WordPress Magical Posts Display plugin <= 1.2.54 - Authenticated (Author+) Stored Cross-Site Scripting via Magical Posts Accordion Widget vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Magical Posts Accordion Widget vulnerability discovered by Abu Hurayra HurayraIIT in WordPress Plugin Magical Posts Display versions = 1.2.54...

6.4CVSS5.5AI score0.00185EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.5 views

WordPress plugin Magical Posts Display 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS5.7AI score0.00185EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.9 views

PT-2025-50912

The PDF for Contact Form 7 + Drag and Drop Template Builder plugin for WordPress is vulnerable to unauthorized post duplication due to a missing capability check on the 'rednumber duplicate' function in all versions up to, and including, 6.3.3. This makes it possible for authenticated attackers,...

5.3CVSS5.5AI score0.00204EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.5 views

PT-2025-50922

The Magical Posts Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mpac title tag' parameter in the Magical Posts Accordion widget in all versions up to, and including, 1.2.54 due to insufficient input sanitization and output escaping on user-supplied HTML tag...

6.4CVSS5AI score0.00185EPSS
Exploits0References3
CVE
CVE
added 2025/12/11 5:52 p.m.15 views

CVE-2025-14046

CVE-2025-14046 affects GitHub Enterprise Server; improper input neutralization allows user-supplied HTML to inject DOM elements with conflicting IDs, shadowing server-initialized data islands and causing unintended server-side POST requests or other unauthorized backend interactions. Exploitation...

8.6CVSS6AI score0.0032EPSS
Exploits0References5Affected Software1
Circl
Circl
added 2025/12/11 8:47 a.m.7 views

CVE-2025-64701

creationtimestamp| type| source ---|---|--- 2025-12-11 08:47:59+00:00| seen| https://bsky.app/profile/potato.software/post/3m7p6tu3pdm24 2025-12-11 08:55:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m7p7bpcuoo2e 2025-12-11 09:33:16+00:00| seen|...

8.5CVSS7.6AI score0.00112EPSS
Exploits0References4
NVD
NVD
added 2025/12/11 4:15 a.m.7 views

CVE-2025-10163

The List category posts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘startingwith’ parameter of the catlist shortcode in all versions up to, and including, 0.91.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS0.00286EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/11 3:27 a.m.8 views

EUVD-2025-202663

The List category posts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘startingwith’ parameter of the catlist shortcode in all versions up to, and including, 0.91.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS6.1AI score0.00286EPSS
Exploits0References3
Rows per page
Query Builder