Lucene search
K

284 matches found

Vulnrichment
Vulnrichment
added 2025/12/06 5:49 a.m.2 views

CVE-2025-13656 Cute News Ticker <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'color' Shortcode Attribute

The Cute News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'color' shortcode attribute in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...

6.4CVSS4.7AI score0.00201EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/12/06 1:25 a.m.7 views

WordPress Cute News Ticker plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'color' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'color' Shortcode Attribute vulnerability discovered by ChamlaVic in WordPress Plugin Cute News Ticker versions = 1.0...

6.4CVSS5.5AI score0.00201EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/12/06 12:0 a.m.3 views

WordPress plugin Cute News Ticker 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS5.7AI score0.00201EPSS
Exploits0References5
Snyk
Snyk
added 2025/11/24 4:24 p.m.1 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

9.8CVSS6.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/24 1:22 p.m.5 views

Malicious code in exact-ticker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d73836084382b05119a191e8cca9859cc6d1233d4438d1d89b016447c822b7a3 The package exact-ticker was found to contain malicious code. Source: ghsa-malware f79afea8081e5bfa7bd2122f78ff54b8eccb0c1516de1a9c14a19a3ca7d2ffa6 A...

6.9AI score
Exploits0References4
EUVD
EUVD
added 2025/11/24 1:22 p.m.2 views

EUVD-2025-198652

Malicious code in exact-ticker npm...

6.6AI score
Exploits0References1
OSV
OSV
added 2025/11/24 1:22 p.m.3 views

MAL-2025-190697 Malicious code in exact-ticker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d73836084382b05119a191e8cca9859cc6d1233d4438d1d89b016447c822b7a3 The package exact-ticker was found to contain malicious code. Source: ghsa-malware f79afea8081e5bfa7bd2122f78ff54b8eccb0c1516de1a9c14a19a3ca7d2ffa6 A...

6.8AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/10/23 9:13 a.m.12 views

CVE-2025-11804

The JB News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the 'jbticker' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5AI score0.00265EPSS
Exploits0References1
NVD
NVD
added 2025/10/22 9:15 a.m.7 views

CVE-2025-11804

The JB News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the 'jbticker' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00265EPSS
Exploits0References3
CVE
CVE
added 2025/10/22 8:27 a.m.18 views

CVE-2025-11804

CVE-2025-11804 affects the WordPress plugin JB News Ticker. The vulnerability is a Stored Cross-Site Scripting flaw exploitable via the id attribute of the jbticker shortcode, present in all versions up to 1.0. It requires authenticated access at contributor level or higher, enabling an attacker ...

6.4CVSS4.8AI score0.00265EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/22 8:27 a.m.4 views

CVE-2025-11804 JB News Ticker <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The JB News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the 'jbticker' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS4.8AI score0.00265EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/22 12:0 a.m.5 views

WordPress plugin JB News Ticker 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS5.9AI score0.00265EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/10/21 11:50 p.m.7 views

WordPress JB News Ticker plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin JB News Ticker versions = 1.0...

6.4CVSS5.7AI score0.00265EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2025/10/13 12:0 a.m.2 views

WordPress Any News Ticker plugin cross-site scripting vulnerability

WordPress Any News Ticker plugin is a functional plugin for adding dynamic scrolling news tickers to your website. WordPress Any News Ticker plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of any-ticker, which can...

6.4CVSS6.1AI score0.00281EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2008-6118

Malware in sbrugna...

7.5CVSS6.4AI score0.00973EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2012-2065

Malware in sbrugna...

4.3CVSS6.4AI score0.01347EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-31362

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.00391EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-45630

Malicious code in bioql PyPI...

6.5CVSS8.6AI score0.00374EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-22456

Malicious code in bioql PyPI...

6.5CVSS7.2AI score0.0031EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-44805

Malicious code in bioql PyPI...

7.1CVSS7AI score0.0068EPSS
Exploits0References1
Rows per page
Query Builder