Lucene search
K

576 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/22 7:45 a.m.5 views

CVE-2026-5748

The Text Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ts shortcode in all versions up to, and including, 0.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

6.4CVSS5.9AI score0.00227EPSS
Exploits0References4
CVE
CVE
added 2026/04/22 7:45 a.m.15 views

CVE-2026-5748

CVE-2026-5748 describes a Stored Cross-Site Scripting vulnerability in the Text Snippets WordPress plugin (versions up to 0.0.1) where the ts shortcode attribute is not properly sanitized/escaped. Authenticated attackers with contributor-level access can inject scripts into pages, which execute f...

6.4CVSS5.9AI score0.00227EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.13 views

WordPress plugin Text Snippets 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.8AI score0.00227EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.10 views

PT-2026-34302

Name of the Vulnerable Software and Affected Versions Text Snippets versions prior to 0.0.2 Description The Text Snippets plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs due to insufficient input sanitization and output escaping on user supplied attributes within th...

6.4CVSS6AI score0.00227EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/04/14 9:36 p.m.23 views

CVE-2026-33146 Docmost's Public Share Search Exposes Metadata of Restricted Children

Docmost is open-source collaborative wiki and documentation software. An authorization bypass vulnerability in versions 0.70.0 through 0.70.2 exposes restricted child page titles and text snippets through the public search endpoint POST /api/search/share-search for publicly shared content. This...

4.3CVSS0.00213EPSS
Exploits2References1
EUVD
EUVD
added 2026/04/14 9:36 p.m.10 views

EUVD-2026-22750

Docmost is open-source collaborative wiki and documentation software. An authorization bypass vulnerability in versions 0.70.0 through 0.70.2 exposes restricted child page titles and text snippets through the public search endpoint POST /api/search/share-search for publicly shared content. This...

4.3CVSS5.8AI score0.00213EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2026/04/14 9:36 p.m.9 views

CVE-2026-33146

Docmost is open-source collaborative wiki and documentation software. An authorization bypass vulnerability in versions 0.70.0 through 0.70.2 exposes restricted child page titles and text snippets through the public search endpoint POST /api/search/share-search for publicly shared content. This...

4.3CVSS5.8AI score0.00213EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2026/04/10 12:22 p.m.5 views

WordPress Perfmatters plugin <= 2.5.9 - Authenticated (Subscriber+) Arbitrary File Overwrite via 'snippets' Parameter vulnerability

Authenticated Subscriber+ Arbitrary File Overwrite via 'snippets' Parameter vulnerability discovered by hoshino in WordPress Plugin Perfmatters versions = 2.5.9...

8.1CVSS5.8AI score0.00408EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/04/10 1:24 a.m.24 views

CVE-2026-4351

CVE-2026-4351 concerns the Perfmatters WordPress plugin (≤ 2.5.9). The issue arises from PMCS::action_handler() handling bulk activate/deactivate actions without proper authorization or nonce verification. User-supplied $_GET['snippets'][] values are passed unsanitized to Snippet::activate()/Snip...

8.1CVSS6.1AI score0.00408EPSS
Exploits0References2
OSV
OSV
added 2026/03/26 7:50 p.m.2 views

GHSA-4QWC-C7G9-4XCW OpenClaw: Remote media error responses could trigger unbounded memory allocation before failure

Summary Remote media HTTP error bodies were read without a hard size cap before failure handling, allowing unbounded allocation on error responses. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...

8.2CVSS5.9AI score0.0036EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/03/26 5:4 p.m.3 views

CVE-2026-25001

Improper Control of Generation of Code 'Code Injection' vulnerability in Saad Iqbal Post Snippets post-snippets allows Remote Code Inclusion.This issue affects Post Snippets: from n/a through = 4.0.12...

8.5CVSS5.8AI score0.00234EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 5:3 p.m.5 views

CVE-2026-25366

Improper Control of Generation of Code 'Code Injection' vulnerability in Themeisle Woody ad snippets insert-php allows Code Injection.This issue affects Woody ad snippets: from n/a through = 2.7.1...

9.9CVSS5.8AI score0.00311EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/25 6:31 p.m.6 views

EUVD-2026-15689

Improper Control of Generation of Code 'Code Injection' vulnerability in Themeisle Woody ad snippets insert-php allows Code Injection.This issue affects Woody ad snippets: from n/a through = 2.7.1...

9.9CVSS5.8AI score0.00311EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/25 6:31 p.m.4 views

EUVD-2026-15609

Improper Control of Generation of Code 'Code Injection' vulnerability in Saad Iqbal Post Snippets post-snippets allows Remote Code Inclusion.This issue affects Post Snippets: from n/a through = 4.0.12...

8.5CVSS5.8AI score0.00234EPSS
Exploits0References2
NVD
NVD
added 2026/03/25 5:16 p.m.5 views

CVE-2026-25366

Improper Control of Generation of Code 'Code Injection' vulnerability in Themeisle Woody ad snippets insert-php allows Code Injection.This issue affects Woody ad snippets: from n/a through = 2.7.1...

9.9CVSS0.00311EPSS
Exploits0References1
NVD
NVD
added 2026/03/25 5:16 p.m.4 views

CVE-2026-25001

Improper Control of Generation of Code 'Code Injection' vulnerability in Saad Iqbal Post Snippets post-snippets allows Remote Code Inclusion.This issue affects Post Snippets: from n/a through = 4.0.12...

8.5CVSS0.00234EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:14 p.m.11 views

CVE-2026-25366

CVE-2026-25366 concerns WordPress plugin Themeisle Woody ad snippets insert-php (vulnerable:

9.9CVSS5.8AI score0.00311EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.2 views

CVE-2026-25366 WordPress Woody ad snippets plugin <= 2.7.1 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Themeisle Woody ad snippets insert-php allows Code Injection.This issue affects Woody ad snippets: from n/a through = 2.7.1...

9.9CVSS5.8AI score0.00311EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.26 views

CVE-2026-25001 WordPress Post Snippets plugin <= 4.0.12 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Saad Iqbal Post Snippets post-snippets allows Remote Code Inclusion.This issue affects Post Snippets: from n/a through = 4.0.12...

8.5CVSS0.00234EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.4 views

CVE-2026-25001 WordPress Post Snippets plugin <= 4.0.12 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Saad Iqbal Post Snippets post-snippets allows Remote Code Inclusion.This issue affects Post Snippets: from n/a through = 4.0.12...

8.5CVSS5.8AI score0.00234EPSS
Exploits0References1
Rows per page
Query Builder