Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:31 a.m.8 views

CVE-2023-25484

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Oliver Schlöbe Simple Yearly Archive plugin = 2.1.8 versions...

5.9CVSS5.6AI score0.00369EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-29439

Malicious code in bioql PyPI...

5.9CVSS6.4AI score0.00369EPSS
Exploits0References1
OSV
OSV
added 2023/04/25 5:15 p.m.1 views

CVE-2023-25484

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Oliver Schlöbe Simple Yearly Archive plugin = 2.1.8 versions...

4.8CVSS6.6AI score0.00369EPSS
Exploits0References1
NVD
NVD
added 2023/04/25 5:15 p.m.19 views

CVE-2023-25484

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Oliver Schlöbe Simple Yearly Archive plugin = 2.1.8 versions...

5.9CVSS5.4AI score0.00369EPSS
Exploits0References1
Prion
Prion
added 2023/04/25 5:15 p.m.19 views

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Oliver Schlöbe Simple Yearly Archive plugin = 2.1.8 versions...

4.3CVSS4.8AI score0.00369EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/04/25 4:50 p.m.32 views

CVE-2023-25484

CVE-2023-25484 affects the WordPress plugin Simple Yearly Archive (Oliver Schlöbe) up to version 2.1.8. It is a Stored XSS vulnerability that requires admin+ authentication to exploit. Public sources specify the vulnerable component as the plugin’s code handling user input, with the impact descri...

5.9CVSS4.9AI score0.00369EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/04/25 12:0 a.m.4 views

WordPress plugin Simple Yearly Archive跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

5.9CVSS6.4AI score0.00369EPSS
Exploits0References3
Patchstack
Patchstack
added 2023/02/15 12:0 a.m.13 views

WordPress Simple Yearly Archive Plugin <= 2.1.8 is vulnerable to Cross Site Scripting (XSS)

Software Simple Yearly Archive Type Plugin Vulnerable versions = 2.1.8 Fixed in 2.1.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25484 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ee23c5ebc5db Credits Rio Darmawan...

5.9CVSS5.8AI score0.00369EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/13 12:0 a.m.22 views

Simple Yearly Archive < 2.1.9 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS4.8AI score0.00369EPSS
Exploits0Affected Software1
Rows per page
Query Builder