Lucene search
K

60 matches found

NVD
NVD
added 2025/12/12 12:15 p.m.9 views

CVE-2025-12965

The Magical Posts Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mpactitletag' parameter in the Magical Posts Accordion widget in all versions up to, and including, 1.2.54 due to insufficient input sanitization and output escaping on user-supplied HTML tag name...

6.4CVSS0.00185EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/12 11:15 a.m.25 views

CVE-2025-12965 Magical Posts Display <= 1.2.54 - Authenticated (Author+) Stored Cross-Site Scripting via Magical Posts Accordion Widget

The Magical Posts Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mpactitletag' parameter in the Magical Posts Accordion widget in all versions up to, and including, 1.2.54 due to insufficient input sanitization and output escaping on user-supplied HTML tag name...

6.4CVSS0.00185EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/12 11:15 a.m.4 views

CVE-2025-12965 Magical Posts Display <= 1.2.54 - Authenticated (Author+) Stored Cross-Site Scripting via Magical Posts Accordion Widget

The Magical Posts Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mpactitletag' parameter in the Magical Posts Accordion widget in all versions up to, and including, 1.2.54 due to insufficient input sanitization and output escaping on user-supplied HTML tag name...

6.4CVSS4.7AI score0.00185EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/12/12 12:30 a.m.7 views

WordPress Magical Posts Display plugin <= 1.2.54 - Authenticated (Author+) Stored Cross-Site Scripting via Magical Posts Accordion Widget vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Magical Posts Accordion Widget vulnerability discovered by Abu Hurayra HurayraIIT in WordPress Plugin Magical Posts Display versions = 1.2.54...

6.4CVSS5.5AI score0.00185EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.12 views

EUVD-2021-11118

Malware in sbrugna...

5.4CVSS5.6AI score0.00746EPSS
Exploits2References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-32457

Malicious code in bioql PyPI...

6.4CVSS6.6AI score0.00336EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-32103

Malicious code in bioql PyPI...

6.4CVSS6.4AI score0.00531EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-51666

Malicious code in bioql PyPI...

6.4CVSS9.2AI score0.00237EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-1963

Malicious code in bioql PyPI...

6.4CVSS8.7AI score0.00332EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-27009

Malicious code in bioql PyPI...

6.4CVSS8.6AI score0.00469EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-27734

Malicious code in bioql PyPI...

6.4CVSS6.5AI score0.00323EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-16940

Malicious code in bioql PyPI...

5.4CVSS6.5AI score0.00456EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-32229

Malicious code in bioql PyPI...

6.4CVSS6.5AI score0.00423EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 9:20 a.m.4 views

CVE-2024-3889

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanced Accordion widget in all versions up to, and including, 1.3.971 due to insufficient input sanitization and output escaping on user supplied attributes like...

6.4CVSS6AI score0.00336EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:12 a.m.6 views

CVE-2024-4479

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sggeneraltoggletabenable and sgaccordionstyle attributes within the plugin's JKit - Tabs and JKit - Accordion widget, respectively, in all versions up to, and including, 2.6.5 due to insufficient input...

6.4CVSS6AI score0.00401EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:2 a.m.11 views

CVE-2024-3517

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion Widget in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS5.8AI score0.00531EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:34 a.m.12 views

CVE-2024-13547

The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.8AI score0.00237EPSS
Exploits0References1
NVD
NVD
added 2025/02/15 10:15 a.m.16 views

CVE-2025-1005

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion widget in all versions up to, and including, 3.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00332EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/02/15 9:24 a.m.18 views

CVE-2025-1005 ElementsKit Elementor addons <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion Widget

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion widget in all versions up to, and including, 3.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00332EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/02/15 12:0 a.m.6 views

PT-2025-6820 · WordPress · Elementskit Elementor Addons

Name of the Vulnerable Software and Affected Versions: ElementsKit Elementor addons plugin for WordPress versions up to, and including, 3.4.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Image Accordion widget due to insufficient input sanitization and output...

6.4CVSS7.9AI score0.00332EPSS
Exploits0References12
Rows per page
Query Builder