Lucene search
K

47 matches found

OSV
OSV
added 2024/09/13 3:15 p.m.5 views

CVE-2024-5789

The Triton Lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the theme's Button shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

5.4CVSS5.9AI score0.00257EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/09/13 12:0 a.m.12 views

PT-2024-37155 · WordPress · Triton Lite

Name of the Vulnerable Software and Affected Versions: Triton Lite theme for WordPress versions up to, and including, 1.3 Description: The issue is related to Stored Cross-Site Scripting via the url attribute within the theme's Button shortcode due to insufficient input sanitization and output...

6.4CVSS6.1AI score0.00257EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/08/29 12:0 a.m.5 views

PT-2024-37216 · Hubspot · Hubspot

Name of the Vulnerable Software and Affected Versions: HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics plugin for WordPress versions up to, and including, 11.1.22 Description: The issue is related to Stored Cross-Site Scripting via the url attribute of the HubSpot Meeting Widget due ...

6.4CVSS5.9AI score0.00355EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2024/07/17 8:15 a.m.4 views

CVE-2024-5582

The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'url' attribute within the Q&A Block widget in all versions up to, and including, 1.33 due to insufficient input sanitization and output escaping on user supplied attribute...

6.4CVSS6.1AI score0.00385EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/07/17 12:0 a.m.7 views

PT-2024-36589 · WordPress · Schema & Structured Data For Wp & Amp

Name of the Vulnerable Software and Affected Versions: Schema & Structured Data for WP & AMP plugin for WordPress versions up to, and including, 1.33 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, specifically the url attribute...

6.4CVSS6.9AI score0.00385EPSS
Exploits0References9
OSV
OSV
added 2024/06/29 7:15 a.m.5 views

CVE-2024-5790

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Gradient Heading widget in all versions up to, and including, 3.11.1 due to insufficient input sanitization and output escaping. This makes it possible for...

5.4CVSS5.9AI score0.00332EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/06/29 12:0 a.m.6 views

PT-2024-37156 · WordPress · Happy Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Happy Addons for Elementor plugin for WordPress versions up to, and including, 3.11.1 Description: The issue is related to Stored Cross-Site Scripting via the url attribute within the plugin's Gradient Heading widget due to insufficient input...

6.4CVSS6.2AI score0.00332EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2024/06/25 2:15 p.m.2 views

CVE-2024-5451

The The7 — Website and eCommerce Builder for WordPress theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Icon and Heading widgets in all versions up to, and including, 11.13.0 due to insufficient input sanitization and output escaping on...

6.4CVSS6.1AI score0.00326EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/06/25 6:51 a.m.5 views

WordPress The7 theme <= 11.13.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via url Attribute vulnerability discovered by wesley wcraft in WordPress Theme The7 versions = 11.13.0...

6.4CVSS5.8AI score0.00326EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/06/13 6:15 a.m.24 views

CVE-2024-5757

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url attribute within the plugin's Site Title widget in all versions up to, and including, 1.6.35 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00401EPSS
Exploits0References4
OSV
OSV
added 2024/06/05 9:15 a.m.3 views

CVE-2024-5571

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's EmbedPress PDF widget in all versions up to, and...

5.4CVSS6AI score0.00314EPSS
Exploits0References3
NVD
NVD
added 2024/05/02 5:15 p.m.11 views

CVE-2024-2750

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of the Button widget in all versions up to, and including, 2.6.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.8AI score0.0032EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.4 views

PT-2024-21922 · WordPress · Exclusive Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Exclusive Addons for Elementor plugin for WordPress versions up to, and including, 2.6.9.3 Description: The issue arises from insufficient input sanitization and output escaping in the URL attribute of the Button widget, allowing authenticate...

6.4CVSS6.9AI score0.0032EPSS
Exploits0References6
Patchstack
Patchstack
added 2024/04/17 3:33 a.m.3 views

WordPress Essential Addons for Elementor plugin <= 5.9.14 - Authenticated (Contributor+) Store Cross-Site Scripting via Widget URL Attribute vulnerability

Authenticated Contributor+ Store Cross-Site Scripting via Widget URL Attribute vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Essential Addons for Elementor versions = 5.9.14...

6.4CVSS6.4AI score0.00402EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/04/09 7:15 p.m.4 views

CVE-2024-3266

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of widgets in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.4CVSS5.9AI score0.00426EPSS
Exploits0References2
Snyk
Snyk
added 2024/03/14 1:3 p.m.6 views

Cross-site Scripting (XSS)

Overview livewire/livewire is an A front-end framework for Laravel. Affected versions of this package are vulnerable to Cross-site Scripting XSS when a page uses Url for a property. An attacker can inject HTML code in the context of the user's browser session by crafting a malicious link and...

6.1CVSS7AI score0.00516EPSS
Exploits1References2
NVD
NVD
added 2023/12/26 7:15 p.m.18 views

CVE-2023-6166

The Quiz Maker WordPress plugin before 6.4.9.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting...

6.1CVSS0.0042EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2022/10/10 12:0 a.m.16 views

Rock Convert < 2.6.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape an URL before outputting it back in an attribute when a specific widget is present on a page, leading to a Reflected Cross-Site Scripting PoC On a page where the "Capture box | Rock Convert" widget is present, append ?", e.g: https://example.com/?"...

6.1CVSS6.2AI score0.00486EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/22 12:0 a.m.12 views

Tutor LMS < 2.0.9 - Reflected Cross-Site Scripting

The plugin does not escape an URL before outputting it back in an attribute, leading to Reflected Cross-Site Scripting The issue was initially fixed in 1.9.13 but re-introduced in 2.0.0 PoC https://example.com/wp-admin/post.php?post=1369=edittab=general'...

0.2AI score
Exploits0Affected Software1
OSV
OSV
added 2015/07/26 10:59 p.m.3 views

DEBIAN-CVE-2015-1840

jqueryujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space...

5CVSS7AI score0.04397EPSS
Exploits1References1
Rows per page
Query Builder