Lucene search
K

485 matches found

Patchstack
Patchstack
added 2026/01/30 6:24 a.m.6 views

WordPress Photo Gallery by 10Web plugin < 1.8.31 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Photo Gallery by 10Web versions 1.8.31...

4.8CVSS5.9AI score0.00369EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/01/30 1:5 a.m.6 views

WordPress Frontend Checklist plugin <= 2.3.2 - Admin+ Stored XSS via Items vulnerability

Admin+ Stored XSS via Items vulnerability discovered by Bob Matyas in WordPress Plugin Frontend Checklist versions = 2.3.2...

4.8CVSS5.9AI score0.0033EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2026/01/28 1:15 p.m.5 views

CVE-2020-36993

LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability in the Survey Menu functionality of the administration panel. Attackers can inject malicious SVG scripts through the Surveymenutitle and Surveymenuparentid parameters to execute arbitrary JavaScript in administrative contexts...

5.4CVSS6AI score
Exploits0References4
NVD
NVD
added 2026/01/20 6:16 a.m.6 views

CVE-2026-1045

The Viet contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.4CVSS0.00189EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/13 10:51 p.m.4 views

CVE-2022-50916 e107 CMS v3.2.1 - Upload restriction bypass (Authenticated [Admin])+ Server file override

e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrators to override server files through the Media Manager import functionality. Attackers can exploit the upload mechanism by manipulating the upload URL parameter to overwrite existing files like top.ph...

8.7CVSS6.5AI score0.00804EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/01/09 12:31 p.m.8 views

CVE-2023-4290

The WP Matterport Shortcode WordPress plugin before 2.1.7 does not escape the PHPSELF server variable when outputting it in attributes, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin...

6.1CVSS6.2AI score0.0042EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:30 p.m.6 views

CVE-2023-40068

Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product with the administrative...

5.4CVSS6.7AI score0.0148EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:19 p.m.10 views

CVE-2018-10520

In CMS Made Simple CMSMS through 2.2.7, the "module remove" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories...

8.5CVSS7.1AI score0.0098EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:13 a.m.4 views

CVE-2016-10902

The wp-customer-reviews plugin before 3.0.9 for WordPress has CSRF in the admin tools...

8.8CVSS6.9AI score0.0068EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:32 a.m.4 views

CVE-2023-25704

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Mehjabin Orthi Interactive SVG Image Map Builder plugin = 1.0 versions...

5.9CVSS5.2AI score0.00369EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:31 a.m.10 views

CVE-2023-25569

Apollo is a configuration management system. Prior to version 2.1.0, a low-privileged user can create a special web page. If an authenticated portal admin visits this page, the page can silently send a request to assign new roles for that user without any confirmation from the Portal admin. Cooki...

5.7CVSS6.6AI score0.00351EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:31 a.m.6 views

CVE-2023-25488

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Duc Bui Quang WP Default Feature Image plugin = 1.0.1.1 versions...

5.9CVSS5.2AI score0.00379EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:24 a.m.7 views

CVE-2023-40329

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WPZest Custom Admin Login Page | WPZest plugin = 1.2.0 versions...

5.9CVSS5.6AI score0.00316EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:24 a.m.7 views

CVE-2023-40007

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Ujwol Bastakoti CT Commerce plugin = 2.0.1 versions...

5.9CVSS5.6AI score0.00316EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.7 views

PT-2026-1840

Name of the Vulnerable Software and Affected Versions phpgurukul Hostel Management System version 2.1 Description The application stores user-provided complaint data, specifically the 'Explain the Complaint' field submitted through the /register-complaint.php endpoint, without proper output...

8.7CVSS7.2AI score0.00261EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/01/03 4:2 a.m.16 views

CVE-2025-15426

A vulnerability was identified in jackying H-ui.admin up to 3.1. This affects an unknown function in the library /lib/webuploader/0.1.5/server/preview.php. The manipulation leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit is publicly available and might...

7.5CVSS6.6AI score0.00419EPSS
Exploits0References1
OSV
OSV
added 2026/01/02 9:16 p.m.2 views

GHSA-2MWC-H2MG-V6P8 Bagisto has HTML Filter Bypass that Enables Stored XSS

Summary A stored Cross-Site Scripting XSS vulnerability exists in Bagisto 2.3.8 within the CMS page editor. Although the platform normally attempts to sanitize tags, the filtering can be bypassed by manipulating the raw HTTP POST request before submission. As a result, arbitrary JavaScript can be...

6.3CVSS6AI score0.00489EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/01/02 12:0 a.m.4 views

H-ui.admin 代码问题漏洞

H-ui.admin is a website backend template by jackying personal developer. A code issue vulnerability exists in H-ui.admin 3.1 and earlier versions, which stems from an incorrect operation of the library file /lib/webuploader/0.1.5/server/preview.php, which may result in arbitrary file uploads...

7.5CVSS7.5AI score0.00419EPSS
Exploits0References6
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.9 views

WordPress WP Maps plugin < 4.7.2 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin WP Maps versions 4.7.2...

4.8CVSS5.9AI score0.00236EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.13 views

WordPress GDPR Cookie Compliance plugin < 4.15.7 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin GDPR Cookie Compliance versions 4.15.7...

4.8CVSS5.9AI score0.00247EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder