Lucene search
K

577 matches found

NVD
NVD
added 2026/01/16 7:16 p.m.4 views

CVE-2021-47841

SnipCommand 0.1.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into command snippets. Attackers can execute arbitrary code by embedding malicious JavaScript that triggers remote command execution through file or title inputs...

6.1CVSS0.00378EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/16 7:9 p.m.21 views

CVE-2021-47841 SnipCommand 0.1.0 - Persistent Cross-Site Scripting

SnipCommand 0.1.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into command snippets. Attackers can execute arbitrary code by embedding malicious JavaScript that triggers remote command execution through file or title inputs...

6.1CVSS0.00378EPSS
Exploits0References4
CVE
CVE
added 2026/01/16 7:9 p.m.14 views

CVE-2021-47841

CVE-2021-47841 affects SnipCommand 0.1.0. The issue is a cross-site scripting vulnerability in command snippets that allows an attacker to inject malicious payloads and execute arbitrary code by embedding JavaScript that triggers remote command execution via file or title inputs. Sources across N...

6.1CVSS6.9AI score0.00378EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/16 12:0 a.m.4 views

PT-2026-3296

SnipCommand 0.1.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into command snippets. Attackers can execute arbitrary code by embedding malicious JavaScript that triggers remote command execution through file or title inputs...

6.1CVSS7.2AI score0.00378EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/09 8:48 a.m.7 views

CVE-2025-23780

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Alpha BPO Easy Code Snippets easy-code-snippets allows SQL Injection.This issue affects Easy Code Snippets: from n/a through = 1.0.2...

7.6CVSS7.3AI score0.00599EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/01 4:27 p.m.4 views

CVE-2025-63040

Cross-Site Request Forgery CSRF vulnerability in Saad Iqbal Post Snippets post-snippets allows Cross Site Request Forgery.This issue affects Post Snippets: from n/a through = 4.0.11...

4.3CVSS5.9AI score0.001EPSS
Exploits0References1
NVD
NVD
added 2025/12/31 4:15 p.m.4 views

CVE-2025-63040

Cross-Site Request Forgery CSRF vulnerability in Saad Iqbal Post Snippets post-snippets allows Cross Site Request Forgery.This issue affects Post Snippets: from n/a through = 4.0.11...

4.3CVSS0.001EPSS
Exploits0References1
CVE
CVE
added 2025/12/31 4:8 p.m.12 views

CVE-2025-63040

CVE-2025-63040 describes a CSRF vulnerability in the WordPress plugin Post Snippets (post-snippets) that affects versions from n/a up to and including 4.0.11. The issue is attributed to Cross-Site Request Forgery in the plugin, potentially enabling unauthorized actions on behalf of an authenticat...

4.3CVSS5.9AI score0.001EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/31 4:8 p.m.3 views

CVE-2025-63040 WordPress Post Snippets plugin <= 4.0.11 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Saad Iqbal Post Snippets allows Cross Site Request Forgery.This issue affects Post Snippets: from n/a through 4.0.11...

4.3CVSS6.5AI score0.001EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/31 4:8 p.m.28 views

CVE-2025-63040 WordPress Post Snippets plugin <= 4.0.11 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Saad Iqbal Post Snippets post-snippets allows Cross Site Request Forgery.This issue affects Post Snippets: from n/a through = 4.0.11...

4.3CVSS0.001EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/31 4:8 p.m.3 views

EUVD-2025-205999

Cross-Site Request Forgery CSRF vulnerability in Saad Iqbal Post Snippets allows Cross Site Request Forgery.This issue affects Post Snippets: from n/a through 4.0.11...

4.3CVSS6.3AI score0.001EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/12/31 3:58 p.m.6 views

WordPress Post Snippets plugin <= 4.0.11 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Post Snippets versions = 4.0.11...

4.3CVSS6.7AI score0.001EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/31 12:0 a.m.5 views

PT-2025-54385

Cross-Site Request Forgery CSRF vulnerability in Saad Iqbal Post Snippets allows Cross Site Request Forgery.This issue affects Post Snippets: from n/a through 4.0.11...

4.3CVSS6.8AI score0.001EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/31 12:0 a.m.7 views

WordPress plugin Post Snippets 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

4.3CVSS6.5AI score0.001EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/13 3:59 a.m.4 views

CVE-2025-14166

The WPMasterToolKit plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.13.0. This is due to the plugin allowing Author-level users to create and execute arbitrary PHP code through the Code Snippets feature without proper capability checks. This makes ...

5.3CVSS7.5AI score0.00407EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/12 6:31 a.m.5 views

EUVD-2025-202995

The WPMasterToolKit plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.13.0. This is due to the plugin allowing Author-level users to create and execute arbitrary PHP code through the Code Snippets feature without proper capability checks. This makes ...

5.3CVSS7AI score0.00407EPSS
Exploits0References7
NVD
NVD
added 2025/12/12 4:15 a.m.9 views

CVE-2025-14166

The WPMasterToolKit plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.13.0. This is due to the plugin allowing Author-level users to create and execute arbitrary PHP code through the Code Snippets feature without proper capability checks. This makes ...

5.3CVSS0.00407EPSS
Exploits0References6
CVE
CVE
added 2025/12/12 3:20 a.m.28 views

CVE-2025-14166

CVE-2025-14166 concerns the WordPress plugin WPMasterToolKit (WPMTK) up to version 2.13.0. The source documents confirm that an authenticated user with Contributor+ or Author+ roles can exploit Code Snippets via the plugin to inject PHP code on the server, enabling remote code execution and poten...

5.3CVSS7.1AI score0.00407EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/12/12 3:20 a.m.34 views

CVE-2025-14166 WPMasterToolKit (WPMTK) <= 2.13.0 - Authenticated (Contributor+) Code Injection

The WPMasterToolKit plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.13.0. This is due to the plugin allowing Author-level users to create and execute arbitrary PHP code through the Code Snippets feature without proper capability checks. This makes ...

5.3CVSS0.00407EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/12/12 3:20 a.m.3 views

CVE-2025-14166 WPMasterToolKit (WPMTK) <= 2.13.0 - Authenticated (Contributor+) Code Injection

The WPMasterToolKit plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.13.0. This is due to the plugin allowing Author-level users to create and execute arbitrary PHP code through the Code Snippets feature without proper capability checks. This makes ...

5.3CVSS7.1AI score0.00407EPSS
Exploits0References6
Rows per page
Query Builder