Lucene search
K

587 matches found

Patchstack
Patchstack
added 2025/07/29 5:18 p.m.4 views

WordPress Anchor smooth scroll plugin <= 1.0.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by LVT-tholv2k in WordPress Plugin Anchor smooth scroll versions = 1.0.2...

8.2CVSS7AI score0.00415EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2025/07/18 5:24 a.m.16 views

CVE-2025-5752 Vertical scroll image slideshow gallery <= 11.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter

The Vertical scroll image slideshow gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 11.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00218EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/07/18 12:0 a.m.9 views

WordPress plugin Vertical scroll image slideshow gallery cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.4CVSS5.4AI score0.00218EPSS
Exploits0References4
OSV
OSV
added 2025/07/08 11:50 p.m.7 views

MAL-2025-5723 Malicious code in react-router-scroll-navar (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5e8e2c3b7417b2b59415f2f9ce55b82be6594510752b41c70e05cb8fff7fb243 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2025/07/04 2:15 p.m.5 views

UBUNTU-CVE-2025-38213

In the Linux kernel, the following vulnerability has been resolved: vgacon: Add check for vcorigin address range in vgaconscroll Our in-house Syzkaller reported the following BUG twice, which we believed was the same issue with 1: ==================================================================...

6.2AI score
Exploits0References11
OSV
OSV
added 2025/06/26 2:15 a.m.3 views

CVE-2025-5488

The WP Masonry & Infinite Scroll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wmis' shortcode in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.4CVSS6AI score0.00204EPSS
Exploits0References3
CVE
CVE
added 2025/06/26 1:44 a.m.27 views

CVE-2025-5488

CVE-2025-5488 affects the WordPress plugin WP Masonry & Infinite Scroll. The vulnerability is a Stored Cross-Site Scripting (XSS) in the plugin’s wmis shortcode, present in all versions up to and including 2.2, caused by insufficient input sanitization and output escaping on user-supplied attribu...

6.4CVSS5.8AI score0.00204EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2025/06/26 12:0 a.m.4 views

WordPress plugin WP Masonry & Infinite Scroll 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS5.8AI score0.00204EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/06/23 8:39 a.m.7 views

CVE-2025-52782

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in King Rayhan Scroll UP scroll-to-up allows Reflected XSS.This issue affects Scroll UP: from n/a through = 2.0...

7.1CVSS5.9AI score0.00185EPSS
Exploits0References1
NVD
NVD
added 2025/06/20 3:15 p.m.5 views

CVE-2025-52782

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in King Rayhan Scroll UP scroll-to-up allows Reflected XSS.This issue affects Scroll UP: from n/a through = 2.0...

7.1CVSS0.00185EPSS
Exploits0References1
CVE
CVE
added 2025/06/20 3:3 p.m.19 views

CVE-2025-52782

CVE-2025-52782 affects WordPress plugin Scroll UP (versions n/a through 2.0). It is a Cross-Site Scripting (Reflected XSS) vulnerability arising from improper input neutralization during web page generation. The provided sources list a CVSS v3.1 base score of 7.1 ( HIGH ) and indicate the vulnera...

7.1CVSS5.9AI score0.00185EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/20 3:3 p.m.4 views

CVE-2025-52782 WordPress Scroll UP plugin <= 2.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in King Rayhan Scroll UP allows Reflected XSS. This issue affects Scroll UP: from n/a through 2.0...

7.1CVSS6.9AI score0.00185EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/20 3:3 p.m.14 views

CVE-2025-52782 WordPress Scroll UP plugin <= 2.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in King Rayhan Scroll UP scroll-to-up allows Reflected XSS.This issue affects Scroll UP: from n/a through = 2.0...

7.1CVSS0.00185EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/20 12:0 a.m.7 views

PT-2025-26414 · Unknown · King Rayhan Scroll Up

Name of the Vulnerable Software and Affected Versions: King Rayhan Scroll UP versions n/a through 2.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This enables potential attackers ...

7.1CVSS5.6AI score0.00185EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/06/20 12:0 a.m.5 views

WordPress plugin Scroll UP 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

7.1CVSS5.9AI score0.00185EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/19 3:20 p.m.9 views

CVE-2025-49451

Path Traversal: '.../...//' vulnerability in yannisraft Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery aeroscroll-gallery allows Path Traversal.This issue affects Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery: from n/a through...

7.5CVSS5.9AI score0.00448EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/19 2:26 a.m.9 views

CVE-2025-4775

The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-button-label HTML attribute in all versions up to, and including, 7.4.0.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.7AI score0.00186EPSS
Exploits0References1
NVD
NVD
added 2025/06/17 3:15 p.m.6 views

CVE-2025-49451

Path Traversal: '.../...//' vulnerability in yannisraft Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery aeroscroll-gallery allows Path Traversal.This issue affects Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery: from n/a through...

7.5CVSS0.00448EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/06/17 3:1 p.m.4 views

CVE-2025-49451

Path Traversal: '.../...//' vulnerability in yannisraft Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery aeroscroll-gallery allows Path Traversal.This issue affects Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery: from n/a through...

7.5CVSS5.2AI score0.00448EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/06/17 1:44 a.m.22 views

CVE-2025-4775 WordPress Infinite Scroll – Ajax Load More <= 7.4.0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting

The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-button-label HTML attribute in all versions up to, and including, 7.4.0.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00186EPSS
Exploits0References2
Rows per page
Query Builder