Lucene search
K

119 matches found

Nuclei
Nuclei
added yesterday13 views

WordPress OneTone theme <= 3.0.6 – Unauthenticated Stored XSS

includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress has multiple stored XSS issues. id: CVE-2019-17231 info: name: WordPress OneTone theme = 3.0.6 – Unauthenticated Stored XSS author: daffainfo severity: medium description: | includes/theme-functions.php in the OneTone...

6.1CVSS6.4AI score0.01216EPSS
Exploits1References3
CVE
CVE
added 2026/06/10 6:0 a.m.25 views

CVE-2026-8071

The CVE-2026-8071 entries (NVD, CVE List, EUVD/ENISA, and VulnEnrichment) document a stored XSS vulnerability in the Anti-Spam by CleanTalk WordPress plugin. Affected: the plugin before version 6.79; Root cause: improper sanitization of content inside a custom shortcode used in the plugin’s email...

8.8CVSS5.7AI score0.00296EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 6:45 a.m.20 views

CVE-2026-7052

The CVE concerns the HT Contact Form – Drag & Drop Form Builder for WordPress plugin. A Stored Cross-Site Scripting (XSS) vulnerability exists in the file_upload parameter for all versions up to 2.8.2 due to insufficient input sanitization and output escaping. Exploitation requires the Store Subm...

7.2CVSS6AI score0.00292EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.8 views

CVE-2026-5324

The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce verification for unauthenticated form submissions, insufficient handling of FileUpload fields when ...

7.2CVSS6AI score0.00401EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/02 5:29 a.m.37 views

CVE-2026-5110 Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Single Product Field Inside Repeater

The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping in the SingleProduct field when used inside a Repeater field. When SingleProduct fields are...

7.2CVSS0.00247EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.5 views

PT-2026-36594

The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce verification for unauthenticated form submissions, insufficient handling of FileUpload fields when ...

7.2CVSS6AI score0.00401EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/02/24 6:0 a.m.6 views

CVE-2025-15386

The Responsive Lightbox & Gallery WordPress plugin before 2.6.1 is vulnerable to an Unauthenticated Stored-XSS attack due to flawed regex replacement rules that can be abused by posting a comment with a malicious link when lightbox for comments are enabled and then approved...

5.4AI score0.00261EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:57 a.m.13 views

CVE-2020-12132

Fifthplay S.A.M.I before 2019.3HP2 allows unauthenticated stored XSS via a POST request...

6.1CVSS5.7AI score0.00672EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.4 views

PT-2025-51810

The HTML Forms – Simple WordPress Forms Plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to and including 1.6.0 due to insufficient sanitization of fabricated file upload field metadata before displaying it in the WordPress admin dashboard. This...

6.1CVSS5.3AI score0.00215EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2021-11263

Malware in sbrugna...

6.1CVSS6.2AI score0.01303EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-13413

Malware in sbrugna...

6.1CVSS6.3AI score0.00922EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-4891

Malware in sbrugna...

6.1CVSS6.3AI score0.01108EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-7655

Malware in sbrugna...

6.1CVSS6.3AI score0.00924EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-8010

Malware in sbrugna...

6.1CVSS6.3AI score0.01989EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2025-16698

Malicious code in bioql PyPI...

6.1CVSS7AI score0.00212EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/06/03 6:0 a.m.13 views

CVE-2025-3662 FancyBox for WordPress < 3.3.6 - Unauthenticated Stored XSS

The FancyBox for WordPress plugin before 3.3.6 does not escape captions and titles attributes before using them to populate galleries' caption fields. The issue was received as a Contributor+ Stored XSS, however one of our researcher Marc Montpas escalated it to an Unauthenticated Stored XSS...

0.00212EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:21 p.m.12 views

CVE-2021-24350

The Visitors WordPress plugin through 0.3 is affected by an Unauthenticated Stored Cross-Site Scripting XSS vulnerability. The plugin would display the user's user agent string without validation or encoding within the WordPress admin panel...

6.1CVSS5.6AI score0.01303EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:2 a.m.15 views

CVE-2019-17213

The WebARX plugin 1.3.0 for WordPress has unauthenticated stored XSS via the URI or the X-Forwarded-For HTTP header...

6.1CVSS6AI score0.01155EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/15 8:7 p.m.13 views

CVE-2024-8703 Z-Downloads < 1.11.6 - Unauthenticated Stored XSS

The Z-Downloads WordPress plugin before 1.11.6 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks when accessing share URLs...

0.00276EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/04/02 6:36 a.m.14 views

CVE-2025-0613

The Photo Gallery by 10Web WordPress plugin before 1.8.34 does not sanitised and escaped comment added on images by unauthenticated users, leading to an Unauthenticated Stored-XSS attack when comments are displayed...

6.1CVSS7.2AI score0.00278EPSS
Exploits1References1
Rows per page
Query Builder