Lucene search
K

7 matches found

Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.6 views

PT-2026-3994

Name of the Vulnerable Software and Affected Versions SEOSEON EUROPE S.L Affiliate Link Tracker versions through 0.2 Description The Affiliate Link Tracker software contains a flaw related to improper input handling during web page generation, which allows for Stored Cross-site Scripting XSS. Thi...

5.2AI score0.00252EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/12 3:20 a.m.3 views

CVE-2025-14143 Ayo Shortcodes <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'color' Shortcode Attribute

The Ayo Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'color' parameter of the ayoaction shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS4.8AI score0.00188EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/11/11 3:30 a.m.3 views

CVE-2025-11521 Astra Security Suite – Firewall & Malware Scan <= 0.2 - Unauthenticated Arbitrary File Upload

The Astra Security Suite – Firewall & Malware Scan plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient validation of remote URLs for zip downloads and an easily guessable key in all versions up to, and including, 0.2. This makes it possible for unauthenticated attacke...

8.1CVSS7.2AI score0.00472EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/24 6:31 p.m.3 views

CVE-2025-58200

Cross-Site Request Forgery CSRF vulnerability in Bage Flexible FAQ flexible-faq allows Cross Site Request Forgery.This issue affects Flexible FAQ: from n/a through = 0.2...

4.3CVSS5.9AI score0.00131EPSS
Exploits0References1
CVE
CVE
added 2025/08/14 6:22 p.m.14 views

CVE-2025-53219

CVE-2025-53219 is a CSRF vulnerability in WordPress WP-Database-Optimizer-Tools (versions up to 0.2). The issue allows Cross Site Request Forgery by authenticated users; impact is described as I: LOW, A: LOW, with UI interaction required and network/low complexity. The affected plugin is WP-Datab...

5.4CVSS5.9AI score0.00127EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/12 2:24 a.m.7 views

CVE-2025-8688 Inline Stock Quotes <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via stock Shortcode

The Inline Stock Quotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stock shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00232EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/02/04 10:32 p.m.5 views

WordPress Justrows Free plugin <= 0.2 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin JustRows free versions = 0.2...

7.1CVSS6.5AI score0.00556EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder