Lucene search
K

73 matches found

RedhatCVE
RedhatCVE
added 2025/11/22 9:45 a.m.12 views

CVE-2025-12964

The Magical Products Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mpdprtitletag' and 'mpdprsubtitletag' parameters in the MPD Pricing Table widget in all versions up to, and including, 1.1.29 due to insufficient input sanitization and output escaping on...

6.4CVSS4.9AI score0.00201EPSS
Exploits0References1
NVD
NVD
added 2025/11/21 10:15 a.m.6 views

CVE-2025-12964

The Magical Products Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mpdprtitletag' and 'mpdprsubtitletag' parameters in the MPD Pricing Table widget in all versions up to, and including, 1.1.29 due to insufficient input sanitization and output escaping on...

6.4CVSS0.00201EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/21 9:27 a.m.13 views

CVE-2025-12964 Magical Products Display <= 1.1.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via MPD Pricing Table Widget

The Magical Products Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mpdprtitletag' and 'mpdprsubtitletag' parameters in the MPD Pricing Table widget in all versions up to, and including, 1.1.29 due to insufficient input sanitization and output escaping on...

6.4CVSS0.00201EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/21 9:27 a.m.7 views

CVE-2025-12964 Magical Products Display <= 1.1.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via MPD Pricing Table Widget

The Magical Products Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mpdprtitletag' and 'mpdprsubtitletag' parameters in the MPD Pricing Table widget in all versions up to, and including, 1.1.29 due to insufficient input sanitization and output escaping on...

6.4CVSS4.5AI score0.00201EPSS
Exploits0References4
CVE
CVE
added 2025/11/21 9:27 a.m.17 views

CVE-2025-12964

CVE-2025-12964 : The WordPress plugin Magical Products Display (MPD Pricing Table widget) is vulnerable to Stored XSS in all versions up to 1.1.29 due to insufficient input sanitization and output escaping of user-supplied HTML tag names in the mpdpr_title_tag and mpdpr_subtitle_tag parameters. E...

6.4CVSS4.6AI score0.00201EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/21 12:0 a.m.7 views

PT-2025-47715

The Magical Products Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mpdpr title tag' and 'mpdpr subtitle tag' parameters in the MPD Pricing Table widget in all versions up to, and including, 1.1.29 due to insufficient input sanitization and output escaping on...

6.4CVSS4.9AI score0.00201EPSS
Exploits0References5
Patchstack
Patchstack
added 2025/11/20 11:49 p.m.8 views

WordPress Magical Products Display plugin <= 1.1.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via MPD Pricing Table Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via MPD Pricing Table Widget vulnerability discovered by Abu Hurayra HurayraIIT in WordPress Plugin Magical Products Display versions = 1.1.29...

6.4CVSS5.7AI score0.00201EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/09 1:27 p.m.6 views

CVE-2025-43821

Cross-site scripting XSS vulnerability in the Commerce Product Comparison Table widget in Liferay Portal 7.4.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML v...

4.8CVSS5.9AI score0.00205EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/08 12:53 p.m.3 views

CVE-2025-43821

Cross-site scripting XSS vulnerability in the Commerce Product Comparison Table widget in Liferay Portal 7.4.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML v...

4.8CVSS5.5AI score0.00205EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-46468

Malicious code in bioql PyPI...

6.4CVSS6.4AI score0.00342EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-27103

Malicious code in bioql PyPI...

6.4CVSS8.6AI score0.0034EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-17247

Malicious code in bioql PyPI...

6.4CVSS7.2AI score0.00532EPSS
Exploits0References3
OSV
OSV
added 2025/06/07 12:15 p.m.4 views

CVE-2024-9994

The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eaelpricingitemtooltipcontent parameter of the Pricing Table Widget in all versions up to, and including, 6.1.12 due...

5.4CVSS5.9AI score0.00174EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/07 11:17 a.m.4 views

CVE-2024-9994 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 6.1.12 - Authenticated(Contributor+) Stored Cross-Site Scripting via Pricing Table Widget

The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eaelpricingitemtooltipcontent parameter of the Pricing Table Widget in all versions up to, and including, 6.1.12 due...

6.4CVSS5.8AI score0.00174EPSS
Exploits0References2
CVE
CVE
added 2025/06/07 11:17 a.m.146 views

CVE-2024-9994

CVE-2024-9994 affects the WordPress plugin Essential Addons for Elementor – Pricing Table Widget. Vulnerable component: eael_pricing_item_tooltip_content; vulnerability type: Stored Cross-Site Scripting (XSS) due to insufficient input sanitization/output escaping. Affected versions: all up to 6.1...

6.4CVSS5.7AI score0.00174EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 9:19 a.m.5 views

CVE-2024-5263

The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Motion Text and Table widgets in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5AI score0.00263EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:10 a.m.5 views

CVE-2024-4668

The Gum Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Price Table and Post Slider widgets in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS6AI score0.00342EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:28 a.m.8 views

CVE-2024-5229

The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00342EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:24 a.m.4 views

CVE-2024-1499

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pricing Table widget in the $settings'titletags' parameter in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.2AI score0.00532EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:21 a.m.6 views

CVE-2024-1537

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Data Table widget in all versions up to, and including, 5.9.9 due to insufficient input sanitization and output...

6.4CVSS5.1AI score0.00421EPSS
Exploits0References1
Rows per page
Query Builder