Lucene search
+L

9 matches found

RedhatCVE
RedhatCVE
added 2026/01/29 3:18 p.m.11 views

CVE-2026-1391

The Vzaar Media Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on the $SERVER'PHPSELF' variable. This makes it possible for unauthenticated attackers to inject...

5.3CVSS6AI score0.00253EPSS
Exploits0References1
NVD
NVD
added 2026/01/28 12:15 p.m.8 views

CVE-2026-1391

The Vzaar Media Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on the $SERVER'PHPSELF' variable. This makes it possible for unauthenticated attackers to inject...

5.3CVSS0.00253EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/28 11:23 a.m.32 views

CVE-2026-1391 Vzaar Media Management <= 1.2 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']

The Vzaar Media Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on the $SERVER'PHPSELF' variable. This makes it possible for unauthenticated attackers to inject...

5.3CVSS0.00253EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/28 11:23 a.m.5 views

CVE-2026-1391 Vzaar Media Management <= 1.2 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']

The Vzaar Media Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on the $SERVER'PHPSELF' variable. This makes it possible for unauthenticated attackers to inject...

5.3CVSS6AI score0.00253EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/28 11:23 a.m.9 views

EUVD-2026-4923

The Vzaar Media Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on the $SERVER'PHPSELF' variable. This makes it possible for unauthenticated attackers to inject...

5.3CVSS6AI score0.00253EPSS
Exploits0References3
CVE
CVE
added 2026/01/28 11:23 a.m.25 views

CVE-2026-1391

CVE-2026-1391 affects the WordPress plugin Vzaar Media Management (versions ≤ 1.2). The vulnerability is a Reflected Cross-Site Scripting flaw caused by insufficient input sanitization and output escaping on the $_SERVER['PHP_SELF'] variable. It enables unauthenticated attackers to inject arbitra...

5.3CVSS6AI score0.00253EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/01/28 6:52 a.m.9 views

WordPress Vzaar Media Management plugin <= 1.2 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability

Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Vzaar Media Management versions = 1.2...

5.3CVSS5.9AI score0.00253EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.7 views

PT-2026-5096

The Vzaar Media Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on the $ SERVER'PHP SELF' variable. This makes it possible for unauthenticated attackers to inject...

5.3CVSS6AI score0.00253EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.8 views

WordPress plugin Vzaar Media Management has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

5.3CVSS5.7AI score0.00253EPSS
Exploits0References4
Rows per page
Query Builder