Lucene search
K

50 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:12 a.m.9 views

CVE-2024-2936

The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the id attribute of widgets in all versions up to, and including, 1.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

6.4CVSS5.8AI score0.0034EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-32601

Malicious code in bioql PyPI...

6.4CVSS6.4AI score0.00602EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-17199

Malicious code in bioql PyPI...

6.4CVSS7.2AI score0.00432EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 10:11 a.m.18 views

CVE-2024-3208

The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 1.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

6.4CVSS5.8AI score0.00387EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:39 a.m.8 views

CVE-2024-1447

The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aThemes Slider button element in all versions up to, and including, 1.25 due to insufficient input sanitization and output escaping on user supplied link. This makes it possible for authenticated...

6.4CVSS5.8AI score0.00432EPSS
Exploits0References1
OSV
OSV
added 2024/05/14 4:17 p.m.6 views

CVE-2024-4473

The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "aThemes: Portfolio" widget in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.4CVSS5.9AI score0.00279EPSS
Exploits0References2
NVD
NVD
added 2024/05/14 4:17 p.m.24 views

CVE-2024-4473

The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "aThemes: Portfolio" widget in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.9AI score0.00279EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/14 12:49 p.m.29 views

CVE-2024-4473 Sydney Toolbox <= 1.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via aThemes: Portfolio Widget

The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "aThemes: Portfolio" widget in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS6.3AI score0.00279EPSS
Exploits0References2
CVE
CVE
added 2024/05/14 12:49 p.m.49 views

CVE-2024-4473

CVE-2024-4473 affects the Sydney Toolbox plugin for WordPress, where the Sydney Toolbox's aThemes: Portfolio widget (

6.4CVSS5.7AI score0.00279EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/14 12:49 p.m.15 views

CVE-2024-4473 Sydney Toolbox <= 1.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via aThemes: Portfolio Widget

The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "aThemes: Portfolio" widget in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.8AI score0.00279EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/05/14 1:32 a.m.6 views

WordPress Sydney Toolbox plugin <= 1.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via aThemes: Portfolio Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via aThemes: Portfolio Widget vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Sydney Toolbox versions = 1.31...

6.4CVSS5.8AI score0.00279EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/14 12:0 a.m.5 views

PT-2024-31227 · WordPress · Sydney Toolbox

Name of the Vulnerable Software and Affected Versions: Sydney Toolbox plugin for WordPress versions up to, and including, 1.31 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the "aThemes: Portfolio" widget, allowing...

6.4CVSS6.9AI score0.00279EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/05/14 12:0 a.m.11 views

WordPress Sydney Toolbox Plugin <= 1.31 is vulnerable to Cross Site Scripting (XSS)

Software Sydney Toolbox Type Plugin Vulnerable versions = 1.31 Fixed in 1.32 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4473 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f1fd3834832c Credits Ngô Thiên An ancorn Require...

6.4CVSS5.8AI score0.00279EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.4 views

WordPress plugin Sydney Toolbox 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

6.4CVSS6.2AI score0.00279EPSS
Exploits0References4
NVD
NVD
added 2024/05/02 5:15 p.m.19 views

CVE-2024-4036

The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in all versions up to, and including, 1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above...

6.4CVSS5.9AI score0.00602EPSS
Exploits0References3
OSV
OSV
added 2024/05/02 5:15 p.m.9 views

CVE-2024-4036

The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in all versions up to, and including, 1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above...

5.4CVSS5.9AI score0.00602EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/02 4:52 p.m.11 views

CVE-2024-4036 Sydney Toolbox <= 1.30 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in all versions up to, and including, 1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above...

6.4CVSS6.1AI score0.00602EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/05/02 4:52 p.m.25 views

CVE-2024-4036 Sydney Toolbox <= 1.30 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in all versions up to, and including, 1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above...

6.4CVSS6.3AI score0.00602EPSS
Exploits0References3
CVE
CVE
added 2024/05/02 4:52 p.m.56 views

CVE-2024-4036

CVE-2024-4036 concerns the Sydney Toolbox plugin for WordPress. It enables Stored Cross-Site Scripting via the style parameter in all versions up to and including 1.30. The vulnerability requires authentication with at least Contributor access and can allow injection of arbitrary scripts that exe...

6.4CVSS7.6AI score0.00602EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.8 views

PT-2024-28819 · WordPress · Sydney Toolbox

Name of the Vulnerable Software and Affected Versions: The Sydney Toolbox plugin for WordPress versions up to, and including, 1.30 Description: The issue is related to Stored Cross-Site Scripting via the style parameter due to insufficient input sanitization and output escaping. This allows...

6.4CVSS6AI score0.00602EPSS
Exploits0References8
Rows per page
Query Builder