Lucene search
+L

124 matches found

NCSC
NCSC
added 2026/01/09 11:11 a.m.9 views

Vulnerabilities fixed in GitLab

GitLab has fixed vulnerabilities in GitLab CE/EE. The vulnerabilities include several issues, including the ability for authenticated users to abuse external API calls, which could lead to a Denial-of-Service. In addition, GraphQL allowed authenticated users to make unauthorized changes to projec...

9.6CVSS6.5AI score0.0062EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/31 9:3 a.m.8 views

WordPress Zoho ZeptoMail plugin <= 3.3.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross Site Request Forgery CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Zoho ZeptoMail versions = 3.3.1...

7.1CVSS6AI score0.00089EPSS
Exploits0Affected Software1
CVE
CVE
added 2025/12/31 5:55 a.m.12 views

CVE-2025-49342

Technical details for CVE-2025-49342 are not provided in the supplied documents. Monitor for updates from official advisories and connected sources.

7.1CVSS5.9AI score0.00094EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/31 5:55 a.m.2 views

CVE-2025-49342 WordPress Custom Style plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in merzedes Custom Style custom-style allows Stored XSS.This issue affects Custom Style: from n/a through = 1.0...

7.1CVSS5.9AI score0.00094EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/31 12:0 a.m.5 views

WordPress plugin Simple Archive Generator 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

7.1CVSS6AI score0.00094EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/20 6:30 a.m.8 views

EUVD-2025-204622

The WP Hallo Welt plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the 'halloweltseite' function. This makes it possible for unauthenticated attackers to update plugin settings and...

6.1CVSS4.5AI score0.00123EPSS
Exploits0References8
NVD
NVD
added 2025/12/20 4:16 a.m.9 views

CVE-2025-13365

The WP Hallo Welt plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the 'halloweltseite' function. This makes it possible for unauthenticated attackers to update plugin settings and...

6.1CVSS0.00123EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/12/17 6:21 p.m.4 views

CVE-2025-13217 Ultimate Member <= 2.11.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'value'

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the YouTube Video 'value' field in all versions up to, and including, 2.11.0. This is due to insufficient input...

6.4CVSS4.7AI score0.00265EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/16 4:43 p.m.5 views

EUVD-2025-203799

FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 2.7.1 are vulnerable to Stored Cross-Site Scripting XSS due to unsafe handling of browser-renderable user uploads when served through the sharing and download endpoints. An attacker who can get a crafted SVG primary or...

8.9CVSS5AI score0.00227EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/11/18 8:27 a.m.5 views

CVE-2025-12404 Like-it <= 2.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Like-it plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the likeitconf function. This makes it possible for unauthenticated attackers to update settings and inject malicious web...

6.1CVSS5AI score0.00142EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/11/12 10:46 a.m.8 views

CVE-2025-7632

Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Public Folders report...

7.3CVSS6AI score0.00478EPSS
Exploits0References1
NVD
NVD
added 2025/11/10 9:15 a.m.6 views

CVE-2025-41107

Stored Cross Site Scripting XSS vulnerability in Smart School 7.0 due to lack of proper validation of user input when sending a POST request to '/onlineadmission', wich affects the parameters 'firstname', 'lastname', 'guardianname' and others. This vulnerability could allow a remote user to send ...

5.4CVSS0.00189EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/06 3:53 p.m.5 views

CVE-2025-48083 WordPress wpNamedUsers plugin <= 0.5 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in andriassundskard wpNamedUsers wpnamedusers allows Stored XSS.This issue affects wpNamedUsers: from n/a through = 0.5...

7.1CVSS6.2AI score0.00116EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/06 3:53 p.m.6 views

CVE-2025-48078 WordPress Slick Google Map plugin <= 0.3 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Norbert Slick Google Map slick-google-map allows Stored XSS.This issue affects Slick Google Map: from n/a through = 0.3...

7.1CVSS6.2AI score0.00116EPSS
Exploits0References1
CVE
CVE
added 2025/11/06 3:53 p.m.15 views

CVE-2025-48077

CVE-2025-48077 documents a CSRF to Stored XSS vulnerability in the WordPress Block Country plugin (versions

7.1CVSS6.3AI score0.00112EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/04 4:27 a.m.3 views

CVE-2025-12415 MapMap <= 1.1 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting

The MapMap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the adminshortcodesubmit, adminconfigurationsubmit, and adminshortcodedelete functions. This makes it possible for...

6.1CVSS5AI score0.00142EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/04 4:27 a.m.17 views

CVE-2025-12410 SH Contextual Help <= 3.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The SH Contextual Help plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.1. This is due to missing or incorrect nonce validation in the shcontextualhelpdashboardwidget function. This makes it possible for unauthenticated attackers to update...

6.1CVSS0.00142EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/10/28 2:38 a.m.15 views

CVE-2025-62956

Cross-Site Request Forgery CSRF vulnerability in iseremet Reloadly reloadly-topup-widget allows Stored XSS.This issue affects Reloadly: from n/a through = 2.0.1...

7.1CVSS6.6AI score0.00124EPSS
Exploits0References1
CVE
CVE
added 2025/10/27 1:34 a.m.23 views

CVE-2025-62986

CVE-2025-62986: Cross-Site Request Forgery (CSRF) in WordPress FanBridge signup plugin (fanbridge-signup) versions &lt;= 0.6 can enable Stored XSS. Public sources in this set identify the affected plugin and the CSRF/XSS combination, with patch status noted as Patched by Wordfence (and Patchstack...

7.1CVSS6.3AI score0.00103EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/27 1:34 a.m.12 views

CVE-2025-62986 WordPress FanBridge signup plugin <= 0.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in FanBridge FanBridge signup fanbridge-signup allows Stored XSS.This issue affects FanBridge signup: from n/a through = 0.6...

7.1CVSS0.00103EPSS
Exploits0References1
Rows per page
Query Builder