Lucene search
+L

142 matches found

osv
osv
added 2025/05/15 8:15 p.m.4 views

CVE-2024-12282

The WordPress连接微博 WordPress plugin through 2.5.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

6.1CVSS7.3AI score0.00152EPSS
Exploits1References1
osv
osv
added 2025/03/25 6:15 a.m.6 views

CVE-2024-13863

The Stylish Google Sheet Reader 4.0 WordPress plugin before 4.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.8AI score0.00253EPSS
Exploits1References1
osv
osv
added 2025/03/13 6:15 a.m.3 views

CVE-2025-1401

The WP Click Info WordPress plugin through 2.7.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS7.3AI score0.00253EPSS
Exploits1References1
osv
osv
added 2025/03/11 6:15 a.m.5 views

CVE-2024-13853

The SEO Tools WordPress plugin through 4.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS7.3AI score0.00594EPSS
Exploits1References1
osv
osv
added 2025/02/27 5:15 p.m.8 views

CVE-2025-27399 Mastodon's domain blocks & rationales ignore user approval when visibility set as "users"

Mastodon is a self-hosted, federated microblogging platform. In versions prior to 4.1.23, 4.2.16, and 4.3.4, when the visibility for domain blocks/reasons is set to "users" localized English string: "To logged-in users", users that are not yet approved can view the block reasons. Instance admins...

5.3CVSS6.6AI score0.0033EPSS
Exploits0References6
osv
osv
added 2025/02/26 1:15 p.m.5 views

CVE-2024-13678

The R3W InstaFeed WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS5.8AI score0.00354EPSS
Exploits1References1
osv
osv
added 2025/02/17 6:15 a.m.5 views

CVE-2024-13627

The OWL Carousel Slider WordPress plugin through 2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

4.7CVSS5.8AI score0.00798EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2025/02/11 12:0 a.m.4 views

PT-2025-6158

Name of the Vulnerable Software and Affected Versions Zarinpal Paid Download WordPress plugin versions prior to 2.3 Description The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back in the...

6.1CVSS8.1AI score0.00566EPSS
Exploits1References8
osv
osv
added 2025/02/04 6:15 a.m.5 views

CVE-2024-13331

The WP Dream Carousel WordPress plugin through 1.0.1b does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS5.8AI score0.00562EPSS
Exploits1References1
osv
osv
added 2025/01/31 6:15 a.m.6 views

CVE-2024-13222

The User Messages WordPress plugin through 1.2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS7.3AI score0.00562EPSS
Exploits1References1
osv
osv
added 2025/01/30 6:15 a.m.6 views

CVE-2024-12638

The Bulk Me Now! WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS7.3AI score0.00528EPSS
Exploits1References1
osv
osv
added 2025/01/27 6:15 a.m.3 views

CVE-2024-13056

The Dyn Business Panel WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.8AI score0.00313EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2025/01/27 12:0 a.m.7 views

PT-2025-1986 · WordPress · Dental Optimizer Patient Generator App

Name of the Vulnerable Software and Affected Versions: Dental Optimizer Patient Generator App WordPress plugin versions 1.0 Description: The issue is related to a Reflected Cross-Site Scripting problem, where a parameter is not properly sanitised and escaped before being outputted back in the pag...

7.1CVSS6.3AI score0.00313EPSS
Exploits1References6
ptsecurity
ptsecurity
added 2024/11/11 12:0 a.m.5 views

PT-2024-34649 · Ampache · Ampache

Name of the Vulnerable Software and Affected Versions: Ampache versions prior to 7.0.1 Description: Ampache is a web-based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating plugins...

8.1CVSS6.8AI score0.00323EPSS
Exploits1References9
ptsecurity
ptsecurity
added 2024/09/22 12:0 a.m.10 views

PT-2024-39232 · WordPress · Quiz/Survey Master

Name of the Vulnerable Software and Affected Versions: The Quiz and Survey Master QSM WordPress plugin versions prior to 9.1.3 Description: The issue is related to the Quiz and Survey Master QSM WordPress plugin, which does not properly sanitise and escape some of its settings. This could allow...

4.8CVSS5.8AI score0.00373EPSS
Exploits0References11
ptsecurity
ptsecurity
added 2024/09/08 12:0 a.m.5 views

PT-2024-38509 · WordPress · Azindex

Name of the Vulnerable Software and Affected Versions: AZIndex WordPress plugin versions 0.8.1 and earlier Description: The issue concerns a lack of CSRF checks in some areas of the plugin, as well as missing sanitization and escaping. This could allow attackers to make logged-in admins add Store...

6.1CVSS5.6AI score0.00172EPSS
Exploits1References7
osv
osv
added 2024/08/14 12:35 p.m.4 views

GHSA-52FG-WJXM-PP44 Magento DOM-based Cross-Site Scripting (XSS) vulnerability

Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an admin attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session. Exploitation o...

8.1CVSS6.3AI score0.00639EPSS
Exploits0References3
osv
osv
added 2024/08/12 1:38 p.m.4 views

CVE-2024-6134

The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

5.4CVSS5.8AI score0.00378EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2024/07/29 12:0 a.m.6 views

PT-2024-37661 · WordPress · Inline Related Posts

Name of the Vulnerable Software and Affected Versions: Inline Related Posts WordPress plugin versions prior to 3.8.0 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is...

5.9CVSS5.6AI score0.00446EPSS
Exploits1References5
osv
osv
added 2024/05/23 6:15 a.m.7 views

CVE-2024-3920

The Flattr WordPress plugin through 1.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS5.8AI score0.00372EPSS
Exploits2References1
Rows per page
Query Builder