Lucene search
K

49 matches found

CVE
CVE
added 2026/04/09 2:25 a.m.18 views

CVE-2026-3568

CVE-2026-3568 affects the WordPress MStore API plugin up to version 4.18.3. The root cause is in update_user_profile() processing the raw JSON field 'meta_data' without validation, allowlisting, or sanitization, and then applying arbitrary keys/values to update_user_meta() after cookie-based auth...

4.3CVSS6AI score0.00226EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-25038

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.00331EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-2433

Malicious code in bioql PyPI...

5.4CVSS6.3AI score0.00883EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-0921

Malicious code in bioql PyPI...

5.4CVSS5.4AI score0.00516EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-1870

Malicious code in bioql PyPI...

5.4CVSS5.4AI score0.00367EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-2935

Malicious code in bioql PyPI...

5.4CVSS5.4AI score0.01165EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-4273

Malicious code in bioql PyPI...

6.1CVSS4.4AI score0.00267EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-0918

Malicious code in bioql PyPI...

5.4CVSS5.4AI score0.00516EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/07/15 7:23 a.m.18 views

CVE-2025-7672 Stored-XSS possibility in Namo CrossEditor4

The improper default setting in JiranSoft CrossEditor4 on Windows, Linux, Unix API modules potentaily allows Stored XSS. This issue affects CrossEditor4: from 4.0.0.01 before 4.6.0.23...

4.3CVSS0.00204EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:51 a.m.7 views

CVE-2024-7860

The Simple Headline Rotator WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

6.1CVSS5.8AI score0.00177EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:42 a.m.5 views

CVE-2024-5284

The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

6.8CVSS5.8AI score0.00241EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:9 a.m.13 views

CVE-2024-13057

The Dyn Business Panel WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

7.1CVSS5.8AI score0.00154EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:59 a.m.5 views

CVE-2022-2171

The Progressive License WordPress plugin through 1.1.0 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the settings, this could lead to Stored XSS issue...

5.4CVSS5.8AI score0.00265EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:18 p.m.8 views

CVE-2021-32475

ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected...

5.4CVSS5.6AI score0.00583EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:58 p.m.9 views

CVE-2021-36398

In moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk...

5.4CVSS5.7AI score0.00516EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 6:24 p.m.8 views

CVE-2021-24586

The Per page add to head WordPress plugin before 1.4.4 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the setting feature mentioned by the plugin, this...

4.3CVSS5.8AI score0.00483EPSS
Exploits2References1
CVE
CVE
added 2025/05/15 8:7 p.m.30 views

CVE-2024-8095

CVE-2024-8095 concerns the BabelZ WordPress plugin (versions up to 1.1.5). Multiple sources confirm a lack of CSRF protection in certain areas, plus insufficient sanitisation and escaping, enabling a logged-in admin to inject a Stored XSS payload via a CSRF attack. The vulnerability affects BabelZ

6.1CVSS5.9AI score0.00143EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/17 12:0 a.m.6 views

PT-2025-17135 · Buildium · Buildium

Name of the Vulnerable Software and Affected Versions: Listings for Buildium versions 0.1.4 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that also allows Stored XSS. This means an attacker could potentially trick a user into performing unintende...

7.1CVSS7.4AI score0.00139EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/04/16 12:44 p.m.6 views

CVE-2025-39548 WordPress Right Click Disable OR Ban plugin <= 1.1.17 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in A WP Life Right Click Disable OR Ban allows Stored XSS. This issue affects Right Click Disable OR Ban: from n/a through 1.1.17...

7.1CVSS7AI score0.00173EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/04/10 12:0 a.m.6 views

Moodle 4.4.x < 4.4.1 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is prior to 4.1.11, 4.2.x prior to 4.2.8, or 4.3.x prior to 4.3.5 or 4.4.x prior to 4.4.1. It is, therefore, affected by multiple vulnerabilities. - A unique key should be generated for a user's QR login key and...

8.8CVSS6.4AI score0.00455EPSS
Exploits0References15
Rows per page
Query Builder