Lucene search
K

2203 matches found

RedhatCVE
RedhatCVE
added 2026/04/20 7:23 p.m.11 views

CVE-2026-6048

The Flipbox Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flipbox widget's button URL customattributes field in all versions up to, and including, 2.1.1 due to insufficient validation of custom attribute names. Specifically, the plugin uses eschtml ...

6.4CVSS5.9AI score0.00249EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/20 6:31 p.m.3 views

CVE-2026-6248

The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.5. This is due to two compounding flaws: the Members::update method does not validate or restrict the value of file-type custom profile fields, allowing authenticated users to store ...

8.1CVSS6.6AI score0.00593EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/20 6:31 p.m.33 views

CVE-2026-6248 wpForo Forum <= 3.0.5 - Authenticated (Subscriber+) Arbitrary File Deletion via Custom Profile Field File Path

The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.5. This is due to two compounding flaws: the Members::update method does not validate or restrict the value of file-type custom profile fields, allowing authenticated users to store ...

8.1CVSS0.00593EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/20 6:31 p.m.3 views

CVE-2026-6248 wpForo Forum <= 3.0.5 - Authenticated (Subscriber+) Arbitrary File Deletion via Custom Profile Field File Path

The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.5. This is due to two compounding flaws: the Members::update method does not validate or restrict the value of file-type custom profile fields, allowing authenticated users to store ...

8.1CVSS6.6AI score0.00593EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.8 views

PT-2026-33825

Name of the Vulnerable Software and Affected Versions wpForo Forum versions prior to 3.0.6 Description The plugin is subject to arbitrary file deletion. This occurs because the Members::update method fails to validate or restrict values for file-type custom profile fields, enabling authenticated...

8.1CVSS6.4AI score0.00593EPSS
Exploits0References8
Patchstack
Patchstack
added 2026/04/19 11:22 p.m.10 views

WordPress Flipbox Addon for Elementor plugin <= 2.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Attributes vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Custom Attributes vulnerability discovered by WordFence in WordPress Plugin Ultimate Flipbox Addon for Elementor versions = 2.0.8...

6.4CVSS5.8AI score0.00249EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2026/04/18 9:34 a.m.107 views

Exploit for CVE-2025-2563

CVE-2025-2563 The User Registration & Membership WordPress...

8.1CVSS7.3AI score0.44565EPSS
Exploits7
NVD
NVD
added 2026/04/18 5:16 a.m.4 views

CVE-2026-6048

The Flipbox Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flipbox widget's button URL customattributes field in all versions up to, and including, 2.1.1 due to insufficient validation of custom attribute names. Specifically, the plugin uses eschtml ...

6.4CVSS0.00249EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/18 3:37 a.m.4 views

CVE-2026-6048 Flipbox Addon for Elementor <= 2.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Attributes

The Flipbox Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flipbox widget's button URL customattributes field in all versions up to, and including, 2.1.1 due to insufficient validation of custom attribute names. Specifically, the plugin uses eschtml ...

6.4CVSS5.9AI score0.00249EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/18 3:37 a.m.7 views

CVE-2026-6048

The Flipbox Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flipbox widget's button URL customattributes field in all versions up to, and including, 2.1.1 due to insufficient validation of custom attribute names. Specifically, the plugin uses eschtml ...

6.4CVSS5.9AI score0.00249EPSS
Exploits0References6
CVE
CVE
added 2026/04/18 3:37 a.m.22 views

CVE-2026-6048

The Flipbox Addon for Elementor (WordPress) contains a Stored Cross-Site Scripting (XSS) vulnerability in the Flipbox widget button URL parameter custom_attributes. In versions up to 2.1.1, it validates attribute names with esc_html(), which does not block event handler attributes (e.g., onmouseo...

6.4CVSS5.9AI score0.00249EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/18 3:37 a.m.28 views

CVE-2026-6048 Flipbox Addon for Elementor <= 2.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Attributes

The Flipbox Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flipbox widget's button URL customattributes field in all versions up to, and including, 2.1.1 due to insufficient validation of custom attribute names. Specifically, the plugin uses eschtml ...

6.4CVSS0.00249EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/18 3:37 a.m.7 views

EUVD-2026-23652

The Flipbox Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flipbox widget's button URL customattributes field in all versions up to, and including, 2.1.1 due to insufficient validation of custom attribute names. Specifically, the plugin uses eschtml ...

6.4CVSS5.9AI score0.00249EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/18 12:0 a.m.11 views

WordPress plugin Flipbox Addon for Elementor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.4CVSS5.9AI score0.00249EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/18 12:0 a.m.8 views

PT-2026-33589

The Flipbox Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flipbox widget's button URL custom attributes field in all versions up to, and including, 2.1.1 due to insufficient validation of custom attribute names. Specifically, the plugin uses esc htm...

6.4CVSS5.9AI score0.00249EPSS
Exploits0References6
Fedora
Fedora
added 2026/04/16 11:42 p.m.9 views

[SECURITY] Fedora 44 Update: kf6-kunitconversion-6.25.0-1.fc44

KDE Frameworks 6 Tier 2 addon for unit conversions...

5.8AI score
Exploits0
Fedora
Fedora
added 2026/04/16 11:42 p.m.7 views

[SECURITY] Fedora 44 Update: kf6-kitemviews-6.25.0-1.fc44

KDE Frameworks 6 Tier 1 addon with item views...

5.8AI score
Exploits0
Fedora
Fedora
added 2026/04/16 11:42 p.m.10 views

[SECURITY] Fedora 44 Update: kf6-kjobwidgets-6.25.0-1.fc44

KDE Frameworks 6 Tier 2 addon for KJobs...

5.8AI score
Exploits0
Fedora
Fedora
added 2026/04/16 11:42 p.m.11 views

[SECURITY] Fedora 44 Update: kf6-kdeclarative-6.25.0-1.fc44

KDE Frameworks 6 Tier 3 addon for Qt declarative...

5.8AI score
Exploits0
Fedora
Fedora
added 2026/04/16 11:42 p.m.9 views

[SECURITY] Fedora 44 Update: kf6-ki18n-6.25.0-1.fc44

KDE Frameworks 6 Tier 1 addon for localization...

5.8AI score
Exploits0
Rows per page
Query Builder