Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2026/02/15 7:10 a.m.16 views

CVE-2026-1903

The Ravelry Designs Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'layout' attribute of the 'sbravelrydesigns' shortcode in all versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes...

6.4CVSS5.8AI score0.00245EPSS
Exploits0References1
NVD
NVD
added 2026/02/14 7:16 a.m.11 views

CVE-2026-1903

The Ravelry Designs Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'layout' attribute of the 'sbravelrydesigns' shortcode in all versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes...

6.4CVSS0.00245EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/14 6:42 a.m.3 views

CVE-2026-1903 Ravelry Designs Widget <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sb_ravelry_designs' Shortcode 'layout' Attribute

The Ravelry Designs Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'layout' attribute of the 'sbravelrydesigns' shortcode in all versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes...

6.4CVSS5.7AI score0.00245EPSS
Exploits0References4
CVE
CVE
added 2026/02/14 6:42 a.m.28 views

CVE-2026-1903

CVE-2026-1903 concerns the WordPress plugin Ravelry Designs Widget (versions up to 1.0.0). The vulnerability is a stored XSS via the shortcode attribute sb_ravelry_designs layout. Exploitation requires authenticated access at contributor level or higher, and would cause arbitrary scripts to run w...

6.4CVSS5.8AI score0.00245EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/14 6:42 a.m.3 views

CVE-2026-1903

The Ravelry Designs Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'layout' attribute of the 'sbravelrydesigns' shortcode in all versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes...

6.4CVSS5.8AI score0.00245EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/14 6:42 a.m.24 views

CVE-2026-1903 Ravelry Designs Widget <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sb_ravelry_designs' Shortcode 'layout' Attribute

The Ravelry Designs Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'layout' attribute of the 'sbravelrydesigns' shortcode in all versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes...

6.4CVSS0.00245EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/14 12:0 a.m.10 views

WordPress plugin Ravelry Designs Widget 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.4CVSS5.6AI score0.00245EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/14 12:0 a.m.9 views

PT-2026-8079

The Ravelry Designs Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'layout' attribute of the 'sb ravelry designs' shortcode in all versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes...

6.4CVSS5.8AI score0.00245EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/02/13 11:38 p.m.6 views

WordPress Ravelry Designs Widget plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sb_ravelry_designs' Shortcode 'layout' Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'sbravelrydesigns' Shortcode 'layout' Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Ravelry Designs Widget versions = 1.0.0...

6.4CVSS5.4AI score0.00245EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder