Lucene search
K

4518 matches found

Vulnrichment
Vulnrichment
added 2026/01/22 9:40 p.m.2 views

CVE-2025-14750 External Control of Assumed-Immutable Web Parameter in Weintek cMT X Series HMI EasyWeb Service

The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. A low-privileged user can modify the parameters and potentially manipulate account-level privileges...

8.7CVSS5.9AI score0.00315EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/21 6:33 a.m.13 views

CVE-2025-12573

The Bookingor WordPress plugin through 1.0.12 exposes authenticated AJAX actions without capability or nonce checks, allowing low-privileged users to delete Bookingor WordPress plugin through 1.0.12 data...

6.5CVSS5.4AI score0.00174EPSS
Exploits0References1
NVD
NVD
added 2026/01/20 6:16 a.m.5 views

CVE-2025-12573

The Bookingor WordPress plugin through 1.0.12 exposes authenticated AJAX actions without capability or nonce checks, allowing low-privileged users to delete Bookingor WordPress plugin through 1.0.12 data...

6.5CVSS0.00174EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/20 6:0 a.m.4 views

CVE-2025-12573

The Bookingor WordPress plugin through 1.0.12 exposes authenticated AJAX actions without capability or nonce checks, allowing low-privileged users to delete Bookingor WordPress plugin through 1.0.12 data...

6.5CVSS5.4AI score0.00174EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.5 views

PT-2026-3540

The Bookingor WordPress plugin through 1.0.12 exposes authenticated AJAX actions without capability or nonce checks, allowing low-privileged users to delete Bookingor WordPress plugin through 1.0.12 data...

5.4AI score0.00174EPSS
Exploits0References2
NVD
NVD
added 2026/01/16 12:16 a.m.5 views

CVE-2021-47779

Dolibarr ERP-CRM 14.0.2 contains a stored cross-site scripting vulnerability in the ticket creation module that allows low-privilege users to inject malicious scripts. Attackers can craft a specially designed ticket message with embedded JavaScript that triggers when an administrator copies the...

8.4CVSS0.00309EPSS
Exploits1References4
OSV
OSV
added 2026/01/16 12:16 a.m.4 views

CVE-2021-47779

Dolibarr ERP-CRM 14.0.2 contains a stored cross-site scripting vulnerability in the ticket creation module that allows low-privilege users to inject malicious scripts. Attackers can craft a specially designed ticket message with embedded JavaScript that triggers when an administrator copies the...

8.4CVSS5.8AI score
Exploits0References4
OSV
OSV
added 2026/01/16 12:16 a.m.6 views

UBUNTU-CVE-2021-47779

Dolibarr ERP-CRM 14.0.2 contains a stored cross-site scripting vulnerability in the ticket creation module that allows low-privilege users to inject malicious scripts. Attackers can craft a specially designed ticket message with embedded JavaScript that triggers when an administrator copies the...

8.4CVSS5.7AI score0.00309EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/01/15 11:25 p.m.1 views

CVE-2021-47779

Dolibarr ERP-CRM 14.0.2 contains a stored cross-site scripting vulnerability in the ticket creation module that allows low-privilege users to inject malicious scripts. Attackers can craft a specially designed ticket message with embedded JavaScript that triggers when an administrator copies the...

8.4CVSS5.1AI score0.00309EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/01/15 11:25 p.m.28 views

CVE-2021-47779 Dolibarr ERP-CRM 14.0.2 - Stored Cross-Site Scripting (XSS) / Privilege Escalation

Dolibarr ERP-CRM 14.0.2 contains a stored cross-site scripting vulnerability in the ticket creation module that allows low-privilege users to inject malicious scripts. Attackers can craft a specially designed ticket message with embedded JavaScript that triggers when an administrator copies the...

8.4CVSS0.00309EPSS
Exploits1References4
CVE
CVE
added 2026/01/15 11:25 p.m.17 views

CVE-2021-47779

Dolibarr ERP-CRM 14.0.2 is affected by a stored cross-site scripting (XSS) vulnerability in the ticket creation module. The issue allows a low-privilege user to inject JavaScript that can be executed when an administrator copies the crafted ticket text, with potential privilege escalation. Techni...

8.4CVSS5.7AI score0.00309EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 12:32 p.m.4 views

CVE-2023-4798

The User Avatar WordPress plugin before 1.2.2 does not properly sanitize and escape certain of its shortcodes attributes, which could allow relatively low-privileged users like contributors to conduct Stored XSS attacks...

5.4CVSS5.9AI score0.00394EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:32 p.m.13 views

CVE-2023-4811

The WordPress File Upload WordPress plugin before 4.23.3 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.7AI score0.00394EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:31 p.m.10 views

CVE-2023-4060

The WP Adminify WordPress plugin before 3.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.6AI score0.00399EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:31 p.m.8 views

CVE-2023-4290

The WP Matterport Shortcode WordPress plugin before 2.1.7 does not escape the PHPSELF server variable when outputting it in attributes, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin...

6.1CVSS6.2AI score0.0042EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:31 p.m.10 views

CVE-2023-4254

The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.6AI score0.00408EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:31 p.m.8 views

CVE-2023-4250

The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6AI score0.0042EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:31 p.m.7 views

CVE-2023-4810

The Responsive Pricing Table WordPress plugin before 5.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.6AI score0.00436EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:55 a.m.10 views

CVE-2022-23987

The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape their Form Name, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS6AI score0.00588EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:53 a.m.10 views

CVE-2022-23179

The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.0 does not escape some of its form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS6AI score0.00536EPSS
Exploits2References1
Rows per page
Query Builder