Lucene search
K

9014 matches found

Patchstack
Patchstack
added 2025/02/20 11:41 p.m.3 views

WordPress WP-Appbox plugin <= 4.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via appbox Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via appbox Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin WP-Appbox versions = 4.5.4...

6.4CVSS5.8AI score0.00278EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/02/20 11:29 p.m.4 views

WordPress Pie Calendar plugin <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via piecal Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via piecal Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin Pie Calendar versions = 1.2.5...

6.4CVSS5.8AI score0.00272EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/02/20 5:52 p.m.4 views

WordPress Newpost Catch plugin <= 1.3.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via npc Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via npc Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin Newpost Catch versions = 1.3.19...

6.4CVSS5.8AI score0.00278EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/20 3:26 p.m.5 views

CVE-2024-13689

The Uncode Core plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.9.1.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

6.3CVSS7.3AI score0.00422EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/20 11:23 a.m.16 views

CVE-2024-13797

The PressMart - Modern Elementor WooCommerce WordPress Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.16. This is due to the software allowing users to execute an action that does not properly validate a value before running...

9.8CVSS7.6AI score0.00502EPSS
Exploits0References1
OSV
OSV
added 2025/02/20 10:15 a.m.1 views

CVE-2024-13792

The WooCommerce Food - Restaurant Menu & Food ordering plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.2. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcod...

9.8CVSS7.6AI score0.00502EPSS
Exploits0References2
NVD
NVD
added 2025/02/20 10:15 a.m.10 views

CVE-2024-13792

The WooCommerce Food - Restaurant Menu & Food ordering plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.2. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcod...

9.8CVSS0.00502EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/20 9:21 a.m.15 views

CVE-2024-13792 WooCommerce Food - Restaurant Menu & Food ordering <= 3.3.2 - Unauthenticated Arbitrary Shortcode Execution via ids

The WooCommerce Food - Restaurant Menu & Food ordering plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.2. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcod...

7.3CVSS0.00502EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/20 9:21 a.m.7 views

CVE-2024-13792 WooCommerce Food - Restaurant Menu & Food ordering <= 3.3.2 - Unauthenticated Arbitrary Shortcode Execution via ids

The WooCommerce Food - Restaurant Menu & Food ordering plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.2. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcod...

7.3CVSS7.4AI score0.00502EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/20 9:21 a.m.5 views

CVE-2024-13855 Prime Addons for Elementor <= 2.0.1 - Authenticated (Contributor+) Insecure Direct Object Reference via pae_global_block Shortcode

The Prime Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.1 via the paeglobalblock shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS4.4AI score0.00309EPSS
Exploits0References2
NVD
NVD
added 2025/02/20 9:15 a.m.5 views

CVE-2025-1064

The Login/Signup Popup Inline Form + Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's xooelaction shortcode in all versions up to, and including, 2.8.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

6.4CVSS0.00258EPSS
Exploits0References2
OSV
OSV
added 2025/02/20 9:15 a.m.5 views

CVE-2025-0897

The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'iframeBox' shortcode in all versions up to, and including, 6.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

5.4CVSS7.4AI score0.00284EPSS
Exploits0References4
OSV
OSV
added 2025/02/20 9:15 a.m.3 views

CVE-2025-1064

The Login/Signup Popup Inline Form + Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's xooelaction shortcode in all versions up to, and including, 2.8.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

5.4CVSS5.9AI score0.00258EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/20 8:22 a.m.12 views

CVE-2025-0897 Modal Window <= 6.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via iframeBox Shortcode

The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'iframeBox' shortcode in all versions up to, and including, 6.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.8AI score0.00284EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/02/20 8:22 a.m.6 views

CVE-2025-1064 Login/Signup Popup ( Inline Form + Woocommerce ) <= 2.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via xoo_el_action Shortcode

The Login/Signup Popup Inline Form + Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's xooelaction shortcode in all versions up to, and including, 2.8.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

6.4CVSS5.8AI score0.00258EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/20 4:32 a.m.7 views

CVE-2024-13582

The Simple Pricing Tables For WPBakery Page BuilderFormerly Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wdosimplepricingtablefree' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping...

6.4CVSS5.8AI score0.00227EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/20 12:0 a.m.25 views

PT-2025-7475 · WordPress · Modal Window

Name of the Vulnerable Software and Affected Versions: The Modal Window plugin for WordPress versions up to, and including, 6.1.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'iframeBox' shortcode due to insufficient input sanitization and output escaping on...

6.4CVSS8AI score0.00284EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/02/20 12:0 a.m.3 views

WordPress plugin Embed Any Document 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

6.4CVSS8.9AI score0.00276EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/02/20 12:0 a.m.4 views

WordPress plugin Content Blocks 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS8.1AI score0.00284EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/02/20 12:0 a.m.4 views

WordPress plugin Modal Window 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS8.1AI score0.00284EPSS
Exploits0References4
Rows per page
Query Builder