Lucene search
K

271 matches found

EUVD
EUVD
added 2025/12/03 1:52 p.m.7 views

EUVD-2025-200973

The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LCP Image to preload metabox in all versions up to, and including, 3.1.13 due to insufficient input sanitization and output escaping on user-supplied image attributes in the "createimgpreloadtag" function...

6.4CVSS4.6AI score0.00271EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/03 1:52 p.m.6 views

CVE-2025-13401 Autoptimize <= 3.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LCP Image to preload metabox in all versions up to, and including, 3.1.13 due to insufficient input sanitization and output escaping on user-supplied image attributes in the "createimgpreloadtag" function...

6.4CVSS4.7AI score0.00271EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/03 1:52 p.m.20 views

CVE-2025-13401 Autoptimize <= 3.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LCP Image to preload metabox in all versions up to, and including, 3.1.13 due to insufficient input sanitization and output escaping on user-supplied image attributes in the "createimgpreloadtag" function...

6.4CVSS0.00271EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/03 12:0 a.m.12 views

PT-2025-48810

The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LCP Image to preload metabox in all versions up to, and including, 3.1.13 due to insufficient input sanitization and output escaping on user-supplied image attributes in the "create img preload tag" function...

6.4CVSS5AI score0.00271EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/12 3:47 a.m.14 views

CVE-2025-12658

The Preload Current Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'complete' parameter in the 'preloadprogressbar' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes...

6.4CVSS5AI score0.00193EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/11 6:30 a.m.6 views

EUVD-2025-60935

The Preload Current Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'complete' parameter in the 'preloadprogressbar' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes...

6.4CVSS4.7AI score0.00193EPSS
Exploits0References4
NVD
NVD
added 2025/11/11 4:15 a.m.7 views

CVE-2025-12658

The Preload Current Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'complete' parameter in the 'preloadprogressbar' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes...

6.4CVSS0.00193EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/11 3:30 a.m.12 views

CVE-2025-12658 Preload Current Images <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Preload Current Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'complete' parameter in the 'preloadprogressbar' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes...

6.4CVSS0.00193EPSS
Exploits0References3
CVE
CVE
added 2025/11/11 3:30 a.m.22 views

CVE-2025-12658

CVE-2025-12658 affects the WordPress plugin Preload Current Images (versions up to 1.3). The vulnerability is a Stored Cross‑Site Scripting (XSS) via the complete parameter in the preload_progress_bar shortcode, caused by insufficient input sanitization and output escaping of user-supplied attrib...

6.4CVSS4.8AI score0.00193EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/11 3:30 a.m.4 views

CVE-2025-12658 Preload Current Images <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Preload Current Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'complete' parameter in the 'preloadprogressbar' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes...

6.4CVSS4.8AI score0.00193EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.7 views

PT-2025-46286

Name of the Vulnerable Software and Affected Versions Preload Current Images plugin for WordPress versions prior to 1.4 Description The Preload Current Images plugin for WordPress is susceptible to Stored Cross-Site Scripting through the complete parameter within the 'preload progress bar'...

6.4CVSS5.2AI score0.00193EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/11/11 12:0 a.m.8 views

WordPress plugin Preload Current Images 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.7AI score0.00193EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/11/10 10:44 p.m.7 views

WordPress Preload Current Images plugin <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Preload Current Images versions = 1.3...

6.4CVSS5.5AI score0.00193EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2025/11/01 2:49 p.m.581 views

Exploit for CVE-2015-1328

CVE-2015-1328 Proof of Concept A Proof of Concept PoC explo...

7.8CVSS7.3AI score0.37679EPSS
Exploits22
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-3886

Malware in sbrugna...

7.2CVSS6.6AI score0.00536EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2016-6086

Malware in sbrugna...

6.5CVSS7.9AI score0.01604EPSS
Exploits0References19
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-7874

Malware in sbrugna...

7.8CVSS7.7AI score0.01057EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.9 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987252)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987252 advisory. In the Linux kernel, the following vulnerability has been resolved: cgroup: Use separate src/dst nodes when preloading csssets for migration Each cset cssset is pinn...

7.8CVSS5.7AI score0.00281EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.3 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414616)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414616 advisory. An issue was discovered in the Linux kernel before 5.11.11. The user mode driver UMD has a copyprocess memory leak, related to a lack of cleanup steps in...

5.5CVSS6.5AI score0.00305EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/09/21 7:24 p.m.27 views

CVE-2025-34190

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413 macOS/Linux client deployments are vulnerable to an authentication bypass in PrinterInstallerClientService. The service requires root privileges for certain...

8.5CVSS7.3AI score0.00403EPSS
Exploits1References1
Rows per page
Query Builder