Lucene search
K

38 matches found

Positive Technologies
Positive Technologies
added 2025/12/06 12:0 a.m.8 views

PT-2025-49356

Name of the Vulnerable Software and Affected Versions Rich Shortcodes for Google Reviews plugin for WordPress versions prior to 6.8 Description The Rich Shortcodes for Google Reviews plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization...

7.2CVSS5.8AI score0.00354EPSS
Exploits0References9
NVD
NVD
added 2025/11/21 8:15 a.m.6 views

CVE-2025-12746

The Tainacan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...

6.1CVSS0.00224EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 5:13 a.m.12 views

CVE-2023-41653

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Beplus Sermon'e – Sermons Online plugin = 1.0.0 versions...

7.1CVSS5.9AI score0.00351EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/15 12:0 a.m.4 views

WordPress plugin Tripetto 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

7.2CVSS8.7AI score0.00296EPSS
Exploits0References5
OSV
OSV
added 2025/01/30 2:15 p.m.4 views

CVE-2024-12320

The Team Rosters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in all versions up to, and including, 4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...

6.1CVSS5.9AI score0.00317EPSS
Exploits0References3
OSV
OSV
added 2024/10/10 2:15 a.m.5 views

CVE-2024-9377

The Products, Order & Customers Export for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.0.15. This makes it possible for unauthenticat...

6.1CVSS5.9AI score0.004EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/09/26 12:0 a.m.8 views

PT-2024-39290 · WordPress · Store Hours For Woocommerce

Name of the Vulnerable Software and Affected Versions: Store Hours for WooCommerce plugin for WordPress versions up to, and including, 4.3.20 Description: The issue arises from the use of add query arg without proper escaping on the URL, leading to Reflected Cross-Site Scripting. This allows...

6.1CVSS7.5AI score0.00409EPSS
Exploits0References10
OSV
OSV
added 2024/08/30 10:15 a.m.3 views

CVE-2024-8274

The WP Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters from 'timelineobj' in all versions up to, and including, 10.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS5.9AI score0.00469EPSS
Exploits0References3
OSV
OSV
added 2023/10/26 1:15 p.m.8 views

CVE-2023-46094

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Conversios Track Google Analytics 4, Facebook Pixel & Conversions API via Google Tag Manager for WooCommerce plugin = 6.5.3 versions...

6.1CVSS7.3AI score0.00331EPSS
Exploits0References1
OSV
OSV
added 2023/10/20 7:15 a.m.4 views

CVE-2022-4712

The WP Cerber Security plugin for WordPress is vulnerable to stored cross-site scripting via the log parameter when logging in to the site in versions up to, and including, 9.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute wheneve...

6.1CVSS5.7AI score0.00478EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/09/04 12:0 a.m.8 views

PT-2023-27198 · Vcita · Vcita Online Booking & Scheduling Calendar

Name of the Vulnerable Software and Affected Versions: vCita.Com Online Booking & Scheduling Calendar for WordPress by vcita plugin versions = 4.3.2 Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into...

7.1CVSS6.5AI score0.00324EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/08/10 12:0 a.m.8 views

PT-2023-21955 · Vladimir Statsenko · Terms Descriptions Plugin

Name of the Vulnerable Software and Affected Versions: Vladimir Statsenko Terms descriptions plugin versions = 3.4.4 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into a...

7.1CVSS6.1AI score0.00379EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/06/09 12:0 a.m.10 views

PT-2023-19363 · WordPress · The Photo Gallery Slideshow & Masonry Tiled Gallery

Name of the Vulnerable Software and Affected Versions: The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress versions up to, and including, 1.0.13 Description: The issue arises from insufficient input sanitization and output escaping, making it possible for unauthenticated...

6.1CVSS6.7AI score0.00433EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/06/07 12:0 a.m.3 views

PT-2023-12474 · WordPress · Wp Quick Frontend Editor

Name of the Vulnerable Software and Affected Versions: WP Quick FrontEnd Editor plugin for WordPress versions up to, and including, 5.5 Description: The issue arises from insufficient input sanitization and output escaping on the save content front function, which uses print r on user-supplied $...

6.1CVSS6.5AI score0.0075EPSS
Exploits1References5
OSV
OSV
added 2023/04/11 1:15 a.m.3 views

CVE-2023-28341

Stored Cross site scripting XSS vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details page...

6.1CVSS5.6AI score0.9881EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/01/16 12:0 a.m.11 views

PT-2023-13672 · WordPress · Monsterinsights

Name of the Vulnerable Software and Affected Versions: MonsterInsights WordPress plugin versions prior to 8.9.1 Description: The issue allows an unauthenticated attacker to inject arbitrary web scripts into page titles by spoofing requests to Google Analytics, due to the lack of sanitization or...

6.1CVSS6.8AI score0.01217EPSS
Exploits3References6
Positive Technologies
Positive Technologies
added 2022/07/18 12:0 a.m.7 views

PT-2022-14256 · WordPress · Dx Share Selection

Name of the Vulnerable Software and Affected Versions: DX Share Selection plugin for WordPress versions up to, and including 1.4 Description: The issue is due to missing nonce protection on the dxss admin page function found in the /dx-share-selection.php file, making it possible for...

8.8CVSS8.6AI score0.0053EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2022/07/18 12:0 a.m.5 views

PT-2022-16691 · WordPress · Freemind Wp Browser

Name of the Vulnerable Software and Affected Versions: FreeMind WP Browser plugin for WordPress versions up to, and including 1.2 Description: The issue is due to missing nonce protection on the FreemindOptions function found in the /freemind-wp-browser.php file. This allows unauthenticated...

8.8CVSS8.4AI score0.00518EPSS
Exploits0References6
Rows per page
Query Builder