Lucene search
K

175 matches found

CNNVD
CNNVD
added 2025/01/30 12:0 a.m.6 views

WordPress plugin Team Rosters 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.1CVSS8.2AI score0.00317EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/01/30 12:0 a.m.11 views

PT-2025-1813 · WordPress · Team Rosters

Name of the Vulnerable Software and Affected Versions: Team Rosters plugin for WordPress versions up to, and including, 4.7 Description: The issue is related to Reflected Cross-Site Scripting via the tab parameter due to insufficient input sanitization and output escaping. This allows...

6.1CVSS8.7AI score0.00317EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/01/11 12:0 a.m.2 views

WordPress plugin WpRently 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site...

6.1CVSS7.7AI score0.00342EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/12/07 12:0 a.m.3 views

WordPress plugin Feedpress Generator 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...

6.1CVSS7.7AI score0.00285EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/07 12:0 a.m.6 views

PT-2024-17008 · WordPress · Feedpress Generator – External Rss Frontend Customizer

Name of the Vulnerable Software and Affected Versions: Feedpress Generator – External RSS Frontend Customizer plugin for WordPress versions up to, and including, 1.2.1 Description: The issue is related to Reflected Cross-Site Scripting via the tab parameter due to insufficient input sanitization...

6.1CVSS6.7AI score0.00285EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/12/04 12:0 a.m.3 views

PT-2024-17017 · WordPress · Intro Tour Tutorial Deeppresentation

Name of the Vulnerable Software and Affected Versions: Intro Tour Tutorial DeepPresentation plugin for WordPress versions up to, and including, 6.5.2 Description: The issue is related to Reflected Cross-Site Scripting via the tab parameter due to insufficient input sanitization and output escapin...

6.1CVSS7.1AI score0.00355EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/12/03 12:0 a.m.4 views

PT-2024-17220 · WordPress · Bp Profile Shortcodes Extra

Name of the Vulnerable Software and Affected Versions: BP Profile Shortcodes Extra plugin for WordPress versions up to, and including, 2.6.0 Description: The issue is related to time-based SQL Injection via the tab parameter due to insufficient escaping on the user-supplied parameter and lack of...

6.5CVSS7.9AI score0.00424EPSS
Exploits0References7
Patchstack
Patchstack
added 2024/12/02 11:42 p.m.6 views

WordPress BP Profile Shortcodes Extra plugin <= 2.6.0 - Authenticated (Contributor+) SQL Injection via tab Parameter vulnerability

Authenticated Contributor+ SQL Injection via tab Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin BP Profile Shortcodes Extra versions = 2.6.0...

6.5CVSS8.1AI score0.00424EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/11/28 12:0 a.m.6 views

WordPress plugin FAQ Builder AYS 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site scripting...

6.1CVSS7.9AI score0.00443EPSS
Exploits0References4
OSV
OSV
added 2024/11/12 4:15 a.m.4 views

CVE-2024-10685

The Contact Form 7 Redirect & Thank You Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS7.4AI score0.00291EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/11/09 2:56 a.m.6 views

WordPress SysBasics Customize My Account for WooCommerce plugin <= 2.7.29 - Reflected Cross-Site Scripting via tab Parameter vulnerability

Reflected Cross-Site Scripting via tab Parameter vulnerability discovered by vgo0 in WordPress Plugin Customize My Account for WooCommerce versions = 2.7.29...

6.1CVSS6.3AI score0.00368EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/11/09 12:0 a.m.12 views

PT-2024-16579 · WordPress · Sysbasics Customize My Account

Name of the Vulnerable Software and Affected Versions: SysBasics Customize My Account for WooCommerce plugin for WordPress versions prior to 2.7.29 Description: The vulnerability is a Reflected Cross-Site Scripting issue via the tab parameter, caused by insufficient input sanitization and output...

6.1CVSS6.9AI score0.00368EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2024/10/26 12:0 a.m.8 views

PT-2024-38986 · WordPress · Wordpress Post Grid Layouts With Pagination – Sogrid

Name of the Vulnerable Software and Affected Versions: WordPress Post Grid Layouts with Pagination – Sogrid plugin versions up to, and including, 1.5.2 Description: The issue allows authenticated attackers with Administrator-level access and above to include and execute arbitrary files on the...

7.2CVSS7.5AI score0.00665EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/10/17 12:0 a.m.5 views

PT-2024-39962 · WordPress · Wp Photo Album Plus

Name of the Vulnerable Software and Affected Versions: WP Photo Album Plus plugin for WordPress versions up to, and including, 8.8.05.003 Description: The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping, allowing unauthenticated...

6.1CVSS6.5AI score0.00291EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/10/01 12:0 a.m.5 views

WordPress plugin Gravity Forms Toolbar 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.1CVSS6AI score0.00364EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/10/01 12:0 a.m.7 views

PT-2024-39198 · WordPress · Gravity Forms Toolbar

Name of the Vulnerable Software and Affected Versions: Gravity Forms Toolbar plugin for WordPress version 1.7.0 and earlier Description: The issue is related to Reflected Cross-Site Scripting via the tab parameter due to insufficient input sanitization and output escaping. This allows...

6.1CVSS6.7AI score0.00364EPSS
Exploits0References8
OSV
OSV
added 2024/07/04 12:15 p.m.5 views

CVE-2024-5943

The Nested Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.7. This is due to missing or incorrect nonce validation on the 'settingsPage' function and missing santization of the 'tab' parameter. This makes it possible for...

8.8CVSS5.7AI score
Exploits0References4
OSV
OSV
added 2024/06/13 9:15 a.m.8 views

CVE-2024-0979

The Dashboard Widgets Suite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

6.1CVSS5.9AI score0.00369EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/06/13 12:0 a.m.5 views

PT-2024-15958 · WordPress · Dashboard Widgets Suite

Name of the Vulnerable Software and Affected Versions: Dashboard Widgets Suite plugin for WordPress versions up to, and including, 3.4.3 Description: The issue is related to Reflected Cross-Site Scripting via the tab parameter due to insufficient input sanitization and output escaping. This allow...

6.1CVSS6.7AI score0.00369EPSS
Exploits0References6
Patchstack
Patchstack
added 2024/04/11 1:13 p.m.3 views

WordPress BizCalendar Web plugin <= 1.1.0.25 - Reflected Cross-Site Scripting via 'tab' vulnerability

Reflected Cross-Site Scripting via 'tab' vulnerability discovered by WordFence in WordPress Plugin bizcalendar-web versions = 1.1.0.25...

6.1CVSS6.3AI score0.00585EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder