Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2021-31003

Malicious code in bioql PyPI...

9CVSS7.2AI score0.0082EPSS
Exploits3References4
RedhatCVE
RedhatCVEadded 2025/05/23 10:32 a.m.5 views

CVE-2024-7955

The Starbox WordPress plugin before 3.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.7AI score0.00284EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/05/23 10:9 a.m.7 views

CVE-2024-1664

The Responsive Gallery Grid WordPress plugin before 2.3.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

6.1CVSS5.6AI score0.00398EPSS
Exploits2References1
OSV
OSVadded 2025/05/15 8:15 p.m.1 views

CVE-2024-6797

The DL Robots.txt WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score
Exploits0References1
OSV
OSVadded 2025/03/25 6:15 a.m.0 views

CVE-2024-13122

The AFI WordPress plugin before 1.100.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS5.8AI score0.00107EPSS
Exploits1References1
Cvelist
Cvelistadded 2025/02/14 6:0 a.m.12 views

CVE-2024-7052 Forminator < 1.38.3 - Admin+ Stored XSS

The Forminator Forms WordPress plugin before 1.38.3 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.00131EPSS
Exploits1References1
Cvelist
Cvelistadded 2024/12/26 6:0 a.m.16 views

CVE-2024-11223 WPForms < 1.9.2.3 - Admin+ Stored XSS

The WPForms WordPress plugin before 1.9.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.00166EPSS
Exploits1References1
OSV
OSVadded 2023/01/02 10:15 p.m.2 views

CVE-2022-4119

The Image Optimizer, Resizer and CDN WordPress plugin before 6.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

4.8CVSS5.8AI score0.00326EPSS
Exploits2References1
CNVD
CNVDadded 2016/10/26 12:0 a.m.1 views

Event Calender PHP Cross-Site Request Forgery Vulnerability

Event Calendar is an event calendar module for phpnuke. A cross-site request forgery vulnerability exists in the admin.php page of Event Calendar PHP version 1.5, which can be exploited by an attacker to add an administrator account or elevate privileges to an administrator account...

7AI score
Exploits0References1
Rows per page
Query Builder