Lucene search
K

15 matches found

NVD
NVD
added 2026/04/17 9:16 a.m.4 views

CVE-2026-6439

The VideoZen plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.0.1. This is due to insufficient input sanitization and output escaping in the videozenconf function. The 'lang' POST parameter is stored directly via updateoption without any...

4.4CVSS0.00199EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/21 7:29 p.m.6 views

CVE-2025-53231

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpdevstudio Easy Taxonomy Images easy-taxonomy-images allows Stored XSS.This issue affects Easy Taxonomy Images: from n/a through = 1.0.1...

7.1CVSS5.5AI score0.00263EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/17 3:24 a.m.19 views

CVE-2025-13725 Gutenberg Thim Blocks <= 1.0.1 - Authenticated (Contributor+) Arbitrary File Read via 'iconSVG' Parameter

The Gutenberg Thim Blocks – Page Builder, Gutenberg Blocks for the Block Editor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 1.0.1. This is due to insufficient path validation in the server-side rendering of the thim-blocks/icon block. This make...

6.5CVSS0.00358EPSS
Exploits0References7
Patchstack
Patchstack
added 2025/10/22 12:2 a.m.5 views

WordPress Mixlr Shortcode plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Mixlr Shortcode versions = 1.0.1...

6.4CVSS5.7AI score0.00211EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/09/22 6:35 p.m.3 views

WordPress Last Updated Shortcode Plugin <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Last Updated Shortcode versions = 1.0.1...

6.5CVSS6AI score0.00196EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/09/11 4:30 a.m.5 views

WordPress The integration of the AMO.CRM plugin <= 1.0.1 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Claw.k in WordPress Plugin The integration of the AMO.CRM versions = 1.0.1...

4.3CVSS6.7AI score0.00151EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/07 12:0 a.m.8 views

PT-2025-4476 · Service Shogun · Ach Invoice App

Name of the Vulnerable Software and Affected Versions: Ach Invoice App versions 1.0.1 and earlier Description: The issue is related to improper control of filenames for Include/Require statements in PHP, allowing PHP Local File Inclusion. This problem affects the Service Shogun Ach Invoice App,...

7.5CVSS9.3AI score0.00594EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/12/16 12:0 a.m.6 views

WordPress plugin Flaming Forms 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forge...

7.1CVSS8.5AI score0.00194EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/14 12:0 a.m.5 views

PT-2024-17610 · WordPress · Geodatasource Country Region Dropdown

Name of the Vulnerable Software and Affected Versions: GeoDataSource Country Region DropDown plugin for WordPress versions up to, and including, 1.0.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'gds-country-dropdown' shortcode due to insufficient input...

6.4CVSS6.2AI score0.00344EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/10/25 12:0 a.m.6 views

WordPress plugin Order Notification for Telegram 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

5.3CVSS6.5AI score0.00318EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/06/23 12:0 a.m.5 views

School-Management-System SQL Injection Vulnerability

School-Management-System is a school management system by the individual developer Lahiru Danushka. A SQL injection vulnerability exists in School-Management-System version 1.0.0 and 1.0.1, which stems from a parameter email in the file login.php that can lead to SQL injection...

9.8CVSS7.9AI score0.00574EPSS
Exploits1References6
OSV
OSV
added 2023/12/29 9:15 a.m.5 views

CVE-2023-32095

Improper Control of Generation of Code 'Code Injection' vulnerability in Milan Dinić Rename Media Files.This issue affects Rename Media Files: from n/a through 1.0.1...

8.8CVSS7.3AI score0.00655EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/07/10 12:0 a.m.4 views

PT-2023-10299 · WordPress · Beeliked Microsite Plugin

Name of the Vulnerable Software and Affected Versions: Beeliked Microsite Plugin versions up to 1.0.1 Description: A vulnerability has been found in the Beeliked Microsite Plugin, which is classified as problematic. The issue affects the embed handler function of the file beelikedmicrosite.php,...

6.1CVSS6.8AI score0.00514EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2021/05/14 8:15 p.m.4 views

a2grunnerp (>=0.1.0 <=0.1.8), abba-python (>=0.1.6 <=0.3.0) +1358 more potentially affected by CVE-2021-29518 via tensorflow (>=1.0.1 <=2.1.2)

tensorflow PYPI version =1.0.1, =0.1.0, =0.1.6, =0.0.6, =0.1.0, =0.0.1, =1.1.2, =0.0.1, =2.0.0, =0.3.26, =0.2.1, =7.13.1, =0.0.1, =0.0.2 and more Source cves: CVE-2021-29518 Source advisory: OSV:PYSEC-2021-155...

7.8CVSS7AI score0.00201EPSS
Exploits1
CNVD
CNVD
added 2020/04/03 12:0 a.m.2 views

karma-mojo injection vulnerability

karma-mojo is a package that supports running a selected subset of tests in Karma. An injection vulnerability exists in karma-mojo 1.0.1 and prior versions. The vulnerability stems from a lack of proper validation of user input data by a networked system or product during the course of a user's...

9.8CVSS7.2AI score0.04232EPSS
Exploits1
Rows per page
Query Builder