Lucene search
K

40 matches found

NVD
NVD
added 2026/07/02 12:16 p.m.5 views

CVE-2025-66076

Unauthenticated Broken Access Control in Woostify Sites Library = 1.6.2 versions...

5.3CVSS0.00214EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:14 a.m.10 views

CVE-2025-66076

The CVE concerns WordPress Woostify Sites Library plugin (versions ≤ 1.6.2) with an Unauthenticated Broken Access Control vulnerability. The connected documents confirm the affected product and issue type but do not provide a remediation version or explicit exploit details. No further technical s...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:14 a.m.35 views

CVE-2025-66076 WordPress Woostify Sites Library plugin <= 1.6.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Woostify Sites Library = 1.6.2 versions...

5.3CVSS0.00214EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.12 views

PT-2026-54960

Unauthenticated Broken Access Control in Woostify Sites Library = 1.6.2 versions...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/06/29 12:0 p.m.4 views

WordPress Woostify Sites Library plugin <= 1.6.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Woostify Sites Library versions = 1.6.2...

5.3CVSS5.8AI score0.00214EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.12 views

CVE-2026-4805

The Woostify plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.0 This is due to insufficient input sanitization and output escaping in the bundled Lity.js lightbox library, where user-controlled input from the href attribute is concatenated...

6.4CVSS5.7AI score0.00206EPSS
Exploits0References1
NVD
NVD
added 2026/04/28 8:16 a.m.10 views

CVE-2026-4805

The Woostify plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.0 This is due to insufficient input sanitization and output escaping in the bundled Lity.js lightbox library, where user-controlled input from the href attribute is concatenated...

6.4CVSS0.00206EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/04/28 6:45 a.m.4 views

CVE-2026-4805 Woostify <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lity.js Library via data-lity Attribute in Custom HTML Block

The Woostify plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.0 This is due to insufficient input sanitization and output escaping in the bundled Lity.js lightbox library, where user-controlled input from the href attribute is concatenated...

6.4CVSS5.5AI score0.00206EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/04/28 6:45 a.m.29 views

CVE-2026-4805 Woostify <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lity.js Library via data-lity Attribute in Custom HTML Block

The Woostify plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.0 This is due to insufficient input sanitization and output escaping in the bundled Lity.js lightbox library, where user-controlled input from the href attribute is concatenated...

6.4CVSS0.00206EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/04/28 6:45 a.m.7 views

CVE-2026-4805

The Woostify plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.0 This is due to insufficient input sanitization and output escaping in the bundled Lity.js lightbox library, where user-controlled input from the href attribute is concatenated...

6.4CVSS5.5AI score0.00206EPSS
Exploits0References8
EUVD
EUVD
added 2026/04/28 6:45 a.m.8 views

EUVD-2026-26005

The Woostify plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.0 This is due to insufficient input sanitization and output escaping in the bundled Lity.js lightbox library, where user-controlled input from the href attribute is concatenated...

6.4CVSS5.5AI score0.00206EPSS
Exploits0References7
CVE
CVE
added 2026/04/28 6:45 a.m.18 views

CVE-2026-4805

CVE-2026-4805 affects the WordPress Woostify theme (versions

6.4CVSS5.5AI score0.00206EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.8 views

PT-2026-35679

The Woostify plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.0 This is due to insufficient input sanitization and output escaping in the bundled Lity.js lightbox library, where user-controlled input from the href attribute is concatenated...

6.4CVSS5.5AI score0.00206EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.13 views

WordPress plugin Woostify 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.6AI score0.00206EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/04/27 6:15 p.m.7 views

WordPress Woostify theme <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Theme Woostify versions = 2.5.0...

6.4CVSS5.1AI score0.00206EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-31301

Malicious code in bioql PyPI...

5.9CVSS6.5AI score0.0021EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/27 8:44 a.m.5 views

CVE-2025-60101

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in duongancol Woostify woostify allows Stored XSS.This issue affects Woostify: from n/a through = 2.4.2...

5.9CVSS5.9AI score0.0021EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/09/26 9:50 a.m.7 views

WordPress Woostify Theme <= 2.4.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by savphill in WordPress Theme Woostify versions = 2.4.2...

5.9CVSS6.2AI score0.0021EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/09/26 9:15 a.m.4 views

CVE-2025-60101

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in duongancol Woostify woostify allows Stored XSS.This issue affects Woostify: from n/a through = 2.4.2...

5.9CVSS0.0021EPSS
Exploits0References1
CVE
CVE
added 2025/09/26 8:31 a.m.12 views

CVE-2025-60101

CVE-2025-60101 (Woostify Theme) Stored XSS affects Woostify theme (versions up to and including 2.4.2). Root cause aligns with improper neutralization of input during web page generation. CVSS 3.1 base metrics provided: AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L, base score 5.9 (Medium). Connected sourc...

5.9CVSS5.9AI score0.0021EPSS
Exploits0References1
Rows per page
Query Builder