Lucene search
K

13 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-33642

Malicious code in bioql PyPI...

6.4CVSS8.7AI score0.00325EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-34247

Malicious code in bioql PyPI...

4.3CVSS5.1AI score0.0035EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2025/01/07 3:21 a.m.3 views

CVE-2024-11777 Sell Media <= 2.5.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Sell Media plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sellmediasearchformgutenberg' shortcode in all versions up to, and including, 2.5.8.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

6.4CVSS5.8AI score0.00325EPSS
Exploits0References3
CVE
CVE
added 2025/01/07 3:21 a.m.45 views

CVE-2024-11777

CVE-2024-11777 concerns the WordPress Sell Media plugin. The vulnerability is a Stored Cross-Site Scripting (XSS) in the plugin’s sell_media_search_form_gutenberg shortcode caused by insufficient input sanitization and output escaping on user-provided attributes. It affects all versions up to and...

6.4CVSS5.7AI score0.00325EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/01/07 12:0 a.m.4 views

WordPress plugin Sell Media 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS7.6AI score0.00325EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/01/06 5:23 p.m.5 views

WordPress Sell Media plugin <= 2.5.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Sell Media versions = 2.5.8.5...

6.4CVSS5.7AI score0.00325EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/07/12 7:15 a.m.9 views

CVE-2021-4420

The Sell Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.5. This is due to missing or incorrect nonce validation on the sellmediaprocess function. This makes it possible for unauthenticated attackers to sell media paypal orders via a...

4.3CVSS4.2AI score0.0035EPSS
Exploits0References9
OSV
OSV
added 2023/07/12 7:15 a.m.17 views

CVE-2021-4420

The Sell Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.5. This is due to missing or incorrect nonce validation on the sellmediaprocess function. This makes it possible for unauthenticated attackers to sell media paypal orders via a...

4.3CVSS6.6AI score
Exploits0References9
OSV
OSV
added 2020/08/14 2:15 p.m.19 views

CVE-2019-6112

A Cross-site scripting XSS vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter aka $searchterm or the Search field...

6.1CVSS5.9AI score
Exploits0References2
NVD
NVD
added 2020/08/14 2:15 p.m.15 views

CVE-2019-6112

A Cross-site scripting XSS vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter aka $searchterm or the Search field...

6.1CVSS6.1AI score0.09221EPSS
Exploits1References2
Prion
Prion
added 2020/08/14 2:15 p.m.18 views

Cross site scripting

A Cross-site scripting XSS vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter aka $searchterm or the Search field...

4.3CVSS6.1AI score0.09221EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2020/08/14 1:42 p.m.63 views

CVE-2019-6112

WordPress Sell Media plugin v2.4.1 contains a Cross-Site Scripting (XSS) vulnerability in /inc/class-search.php, exploitable via the keyword parameter (search_term) to inject arbitrary script/HTML. Several connected sources (nuclei template, PatchStack, WPVulnDB) confirm remote exploitation and u...

6.1CVSS6AI score0.09221EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2020/08/14 12:0 a.m.21 views

Sell Media < 2.4.2 - Unauthenticated Reflected Cross-Site Scripting (XSS)

A Cross-site scripting XSS vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter aka $searchterm or the Search field. PoC https://example.com/sell-media-search/?keyword="...

4.3CVSS3.6AI score0.09221EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder