Lucene search
K

9 matches found

Vulnrichment
Vulnrichment
added 2026/03/13 11:42 a.m.3 views

CVE-2026-32430 WordPress PowerPack Addons for Elementor plugin <= 2.9.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in IdeaBox Creations PowerPack Addons for Elementor powerpack-lite-for-elementor allows Stored XSS.This issue affects PowerPack Addons for Elementor: from n/a through = 2.9.9...

6.5CVSS5.8AI score0.00161EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.6 views

PT-2026-25276

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in IdeaBox Creations PowerPack Addons for Elementor powerpack-lite-for-elementor allows Stored XSS.This issue affects PowerPack Addons for Elementor: from n/a through = 2.9.9...

6.5CVSS5.8AI score0.00161EPSS
Exploits0References3
OSV
OSV
added 2026/02/06 6:12 p.m.5 views

CVE-2025-69212 OpenSTAManager has an OS Command Injection in P7M File Processing

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a critical OS Command Injection vulnerability exists in the P7M signed XML file decoding functionality. An authenticated attacker can upload a ZIP file containing a .p7m file with a...

9.4CVSS6AI score0.01755EPSS
Exploits12References3
Cvelist
Cvelist
added 2025/12/18 7:22 a.m.28 views

CVE-2025-63039 WordPress ListingPro theme <= 2.9.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through = 2.9.9...

6.5CVSS0.00212EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/10 3:13 p.m.3 views

CVE-2025-63046

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CridioStudio ListingPro listingpro-plugin allows DOM-Based XSS.This issue affects ListingPro: from n/a through = 2.9.9...

6.5CVSS6.4AI score0.00211EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/16 12:0 a.m.6 views

WordPress plugin EleForms 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request...

4.3CVSS8.2AI score0.00213EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/09/27 9:58 a.m.5 views

WordPress Accordion plugin <= 2.2.99 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Robert DeVore Patchstack Alliance in WordPress Plugin Accordion versions = 2.2.99...

6.5CVSS6.1AI score0.00249EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2019/10/01 7:10 a.m.2 views

jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution

A flaw was discovered in FasterXML jackson-databind in versions prior to 2.9.9. The vulnerability would permit polymorphic deserialization of malicious objects using the logback-core gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when...

5.9CVSS7.8AI score0.45205EPSS
Exploits2References4
CNVD
CNVD
added 2017/10/23 12:0 a.m.3 views

phpMyFAQ cross-site request forgery vulnerability (CNVD-2017-32428)

phpMyFAQ is phpMyFAQ team developed a set of open source fully database-driven FAQ question and answer system . The system supports multiple languages, multiple databases, etc., and includes modules such as content management system and community. A cross-site request forgery vulnerability exists...

8.8CVSS8.7AI score0.01103EPSS
Exploits2References1
Rows per page
Query Builder