Lucene search
K

75 matches found

RedhatCVE
RedhatCVE
added 2025/11/13 7:43 a.m.4 views

CVE-2025-12018

The MembershipWorks – Membership, Events & Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS4.8AI score0.00209EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/12 9:30 a.m.3 views

EUVD-2025-119992

The MembershipWorks – Membership, Events & Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS4.6AI score0.00209EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/11/09 3:57 a.m.14 views

CVE-2025-12125

The HTML Forms – Simple WordPress Forms Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS4.8AI score0.00171EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/05 5:8 a.m.6 views

CVE-2025-12393

The Free Quotation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...

4.4CVSS4.9AI score0.00173EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/25 12:0 a.m.21 views

PT-2025-43724

Name of the Vulnerable Software and Affected Versions Fast Velocity Minify versions prior to 3.5.1 Description The Fast Velocity Minify plugin for WordPress is susceptible to Stored Cross-Site Scripting through admin settings. Insufficient input sanitization and output escaping allow authenticate...

4.4CVSS5.3AI score0.00221EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/10/24 8:23 a.m.9 views

CVE-2025-12016 qnotsquiz <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting

The qnotsquiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'qnotsquizcustomstarttext' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.00187EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2012-4357

Malware in sbrugna...

3.5CVSS6.1AI score0.01675EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2010-5255

Malware in sbrugna...

4.9CVSS6.1AI score0.01693EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/08/24 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2017-5493

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier fo...

7.5CVSS7.6AI score0.02886EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:9 a.m.6 views

CVE-2024-1589

The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

6.1CVSS5.7AI score0.00405EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:2 a.m.4 views

CVE-2024-0632

The Automatic Translator with Google Translate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom font setting in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS5AI score0.00271EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:13 a.m.6 views

CVE-2024-9892

The Add Widget After Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.8CVSS5AI score0.00336EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:32 a.m.7 views

CVE-2023-5715

The Website Optimization – Plerdy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tracking code settings in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.8CVSS5.9AI score0.00495EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:57 a.m.4 views

CVE-2023-0924

The ZYREX POPUP WordPress plugin through 1.0 does not validate the type of files uploaded when creating a popup, allowing a high privileged user such as an Administrator to upload arbitrary files, even when modifying the file system is disallowed, such as in a multisite install...

7.2CVSS7.2AI score0.00962EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:50 a.m.5 views

CVE-2016-10944

The multisite-post-duplicator plugin before 1.1.3 for WordPress has wp-admin/tools.php?page=mpd CSRF...

8.8CVSS7.1AI score0.00732EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/15 8:7 p.m.8 views

CVE-2024-13357 Ditty – Responsive News Tickers, Sliders, and Lists < 3.1.52 - Author+ Stored XSS

The Ditty WordPress plugin before 3.1.52 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.7AI score0.00266EPSS
Exploits1References1
OSV
OSV
added 2025/03/16 6:15 a.m.5 views

CVE-2025-1622

The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS5.8AI score0.00206EPSS
Exploits0References1
OSV
OSV
added 2025/02/08 1:15 p.m.3 views

CVE-2024-13850

The Simple add pages or posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject...

4.8CVSS5.9AI score0.00284EPSS
Exploits0References3
OSV
OSV
added 2025/01/08 8:15 a.m.2 views

CVE-2024-12045

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the maker title value of the Google Maps block in all versions up to, and including, 5.0.9 due to insufficient input sanitization and output escaping...

4.8CVSS7.3AI score0.00232EPSS
Exploits0References2
OSV
OSV
added 2024/09/10 8:15 a.m.4 views

CVE-2024-7618

The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 6.4.5.0 due to insufficient input sanitization and output escaping. This makes it...

4.8CVSS5.9AI score0.00317EPSS
Exploits0References6
Rows per page
Query Builder