Lucene search
K

106 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-35449

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.00422EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-17435

Malicious code in bioql PyPI...

4.8CVSS5.3AI score0.0022EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-16697

Malicious code in bioql PyPI...

4.8CVSS6.3AI score0.0021EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-2943

Malicious code in bioql PyPI...

4.3CVSS8.7AI score0.00229EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-2895

Malicious code in bioql PyPI...

9.9CVSS8.7AI score0.01187EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/25 2:53 a.m.4 views

CVE-2025-8902

The Widget Options - Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dosidebar' shortcode in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5AI score0.00185EPSS
Exploits0References1
NVD
NVD
added 2025/09/23 4:16 a.m.4 views

CVE-2025-8902

The Widget Options - Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dosidebar' shortcode in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00185EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/23 3:34 a.m.9 views

CVE-2025-8902 Widget Options - Extended <= 5.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Widget Options - Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dosidebar' shortcode in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00185EPSS
Exploits0References2
CVE
CVE
added 2025/09/23 3:34 a.m.24 views

CVE-2025-8902

CVE-2025-8902 refers to the WordPress plugin Widget Options - Extended . The vulnerability is a Stored Cross-Site Scripting (XSS) flaw in the plugin’s shortcodes (specifically the do_sidebar shortcode) across versions up to and including 5.2.1, caused by insufficient input sanitization and output...

6.4CVSS4.8AI score0.00185EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/23 3:34 a.m.1 views

CVE-2025-8902 Widget Options - Extended <= 5.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Widget Options - Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dosidebar' shortcode in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS4.8AI score0.00185EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/23 12:0 a.m.14 views

WordPress plugin Widget Options - Extended 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS5.8AI score0.00185EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/09/22 10:17 p.m.6 views

WordPress Widget Options - Extended plugin <= 5.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

WordPress Widget Options - Extended plugin = 5.2.1 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by stealthcopter in WordPress Plugin Widget Options - Extended versions = 5.2.1...

6.4CVSS5.6AI score0.00185EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/06/09 6:15 a.m.13 views

CVE-2025-3581

The Newsletter WordPress plugin before 8.8.5 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtm...

4.8CVSS0.0022EPSS
Exploits1References1
OSV
OSV
added 2025/06/09 6:15 a.m.4 views

CVE-2025-3581

The Newsletter WordPress plugin before 8.8.5 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtm...

4.8CVSS5.8AI score0.0022EPSS
Exploits1References1
CVE
CVE
added 2025/06/09 6:0 a.m.64 views

CVE-2025-3581

CVE-2025-3581 affects the Newsletter WordPress plugin (versions prior to 8.8.5). The issue is a failure to validate/escape certain Widget options before output, enabling a stored XSS when the block is embedded on a page/post, potentially exploitable by high-privilege users such as admins, includi...

4.8CVSS5.5AI score0.0022EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/06/05 6:12 a.m.15 views

CVE-2025-4567

The Post Slider and Post Carousel with Post Vertical Scrolling Widget WordPress plugin before 3.2.10 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform...

4.8CVSS5.9AI score0.0021EPSS
Exploits1References1
OSV
OSV
added 2025/06/03 6:15 a.m.6 views

CVE-2025-4567

The Post Slider and Post Carousel with Post Vertical Scrolling Widget WordPress plugin before 3.2.10 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform...

4.8CVSS5.8AI score0.0021EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/06/03 6:0 a.m.18 views

CVE-2025-4567 Post Slider and Carousel with Widget < 3.2.10 - Admin+ Stored XSS

The Post Slider and Post Carousel with Post Vertical Scrolling Widget WordPress plugin before 3.2.10 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform...

0.0021EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 11:58 a.m.7 views

CVE-2025-22722

Missing Authorization vulnerability in Marketing Fire Widget Options widget-options allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widget Options: from n/a through = 4.0.8...

4.3CVSS7.2AI score0.00229EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:16 a.m.4 views

CVE-2024-35691

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Marketing Fire, LLC Widget Options - Extended.This issue affects Widget Options - Extended: from n/a through 5.1.0...

6.5CVSS6.8AI score0.00422EPSS
Exploits0References1
Rows per page
Query Builder