Lucene search
K

175 matches found

Positive Technologies
Positive Technologies
added 2024/04/10 12:0 a.m.3 views

PT-2024-18301 · WordPress · Bizcalendar Web

Name of the Vulnerable Software and Affected Versions: BizCalendar Web plugin for WordPress versions up to, and including, 1.1.0.19 Description: The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attackers...

6.1CVSS6.4AI score0.00585EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/04/10 12:0 a.m.2 views

WordPress Plugin BizCalendar Web 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

6.1CVSS6AI score0.00585EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/03/13 12:0 a.m.14 views

PT-2024-19410 · WordPress · Contact Form 7

Name of the Vulnerable Software and Affected Versions: Contact Form 7 versions up to, and including, 5.9 Description: The issue is related to Reflected Cross-Site Scripting via the active-tab parameter due to insufficient input sanitization and output escaping. This allows unauthenticated attacke...

6.1CVSS8.6AI score0.013EPSS
Exploits2References7
wpexploit
wpexploit
added 2024/03/13 12:0 a.m.1115 views

Contact Form 7 < 5.9.2 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against administrators...

6.1CVSS6.2AI score0.013EPSS
Exploits2References1
OSV
OSV
added 2024/02/07 7:15 a.m.2 views

CVE-2024-1037

The All-In-One Security AIOS – Security and Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS7.4AI score0.00555EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/02/07 12:0 a.m.4 views

WordPress Plugin All-In-One Security Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.1CVSS6.2AI score0.00555EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/02/06 12:0 a.m.5 views

PT-2024-16223 · WordPress · All-In-One Security

Name of the Vulnerable Software and Affected Versions: All-In-One Security AIOS – Security and Firewall plugin for WordPress versions up to, and including, 5.2.5 Description: The issue is related to Reflected Cross-Site Scripting via the tab parameter due to insufficient input sanitization and...

6.1CVSS6.6AI score0.00555EPSS
Exploits0References9
OSV
OSV
added 2024/01/24 8:15 a.m.6 views

CVE-2024-0665

The WP Customer Area plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS5.9AI score0.00471EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/01/24 7:30 a.m.4 views

CVE-2024-0665 WP Customer Area <= 8.2.2 - Reflected Cross-Site Scripting

The WP Customer Area plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS6.1AI score0.00471EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/01/24 12:0 a.m.6 views

PT-2024-15731 · WordPress · Wp Customer Area

Name of the Vulnerable Software and Affected Versions: WP Customer Area plugin for WordPress versions up to, and including, 8.2.1 Description: The issue is related to Reflected Cross-Site Scripting via the tab parameter due to insufficient input sanitization and output escaping. This allows...

6.1CVSS6.4AI score0.00471EPSS
Exploits0References8
OSV
OSV
added 2023/12/26 7:15 p.m.4 views

CVE-2023-6268

The JSON Content Importer WordPress plugin before 1.5.4 does not sanitise and escape the tab parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS5.8AI score0.0042EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/12/26 12:0 a.m.5 views

PT-2023-32583 · WordPress · Json Content Importer

Name of the Vulnerable Software and Affected Versions: JSON Content Importer WordPress plugin versions prior to 1.5.4 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the tab parameter is not properly sanitized and escaped before being outputted bac...

6.1CVSS6AI score0.0042EPSS
Exploits2References6
OSV
OSV
added 2023/10/21 8:15 a.m.1 views

CVE-2023-4635

The EventON plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page...

6.1CVSS6AI score0.00618EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/10/21 7:33 a.m.5 views

CVE-2023-4635 EventON <= 2.2.2 - Reflected Cross-Site Scripting

The EventON plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page...

6.1CVSS7AI score0.00618EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/10/21 12:0 a.m.6 views

WordPress Plugin EventON Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

6.1CVSS5.9AI score0.00618EPSS
Exploits1References3
WPVulnDB
WPVulnDB
added 2023/04/19 12:0 a.m.22 views

WCP Contact Form <= 3.1.0 - Reflected XSS

The plugin does not sanitise and escape the tab parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6AI score0.00382EPSS
Exploits0Affected Software1
OSV
OSV
added 2023/02/28 1:15 p.m.4 views

CVE-2023-1080

The GN Publisher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

6.1CVSS6.7AI score0.0126EPSS
Exploits3References2
ATTACKERKB
ATTACKERKB
added 2023/02/28 1:15 p.m.4 views

CVE-2023-1080

The GN Publisher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

6.1CVSS6.9AI score0.0126EPSS
Exploits3References4
Positive Technologies
Positive Technologies
added 2023/02/28 12:0 a.m.9 views

PT-2023-16738 · WordPress · Gn Publisher

Name of the Vulnerable Software and Affected Versions: GN Publisher plugin for WordPress versions up to, and including, 1.5.5 Description: The issue is related to Reflected Cross-Site Scripting via the tab parameter due to insufficient input sanitization and output escaping. This allows...

6.1CVSS6.2AI score0.0126EPSS
Exploits3References7
ATTACKERKB
ATTACKERKB
added 2023/02/21 8:15 p.m.2 views

CVE-2023-0942

The Japanized For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 2.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

6.1CVSS6.1AI score0.01213EPSS
Exploits3References5
Rows per page
Query Builder