Lucene search
K

486 matches found

Patchstack
Patchstack
added 2025/12/31 12:0 a.m.13 views

WordPress GDPR Cookie Compliance plugin < 4.15.7 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin GDPR Cookie Compliance versions 4.15.7...

4.8CVSS5.9AI score0.00247EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.9 views

WordPress AI Power: Complete AI Pack plugin <= 1.8.96 - Authenticated (Admin+) PHP Object Injection via wpaicg_export_prompts vulnerability

Authenticated Admin+ PHP Object Injection via wpaicgexportprompts vulnerability discovered by Tran Anh Duc in WordPress Plugin GPT3 AI Content Writer versions = 1.8.96...

7.2CVSS7.3AI score0.00642EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress Polls CP plugin <= 1.0.75 - Admin+ Stored XSS via Custom Styles vulnerability

Admin+ Stored XSS via Custom Styles vulnerability discovered by Bob Matyas in WordPress Plugin CP Polls versions = 1.0.75...

5.4CVSS5.9AI score0.00254EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Email Subscribers plugin < 5.7.45 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Email Subscribers & Newsletters versions 5.7.45...

4.8CVSS5.9AI score0.00292EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/26 12:0 a.m.2 views

CVE-2025-67349

A cross-site scripting XSS vulnerability was identified in FluentCMS 1.2.3. After logging in as an admin and navigating to the "Add Page" function, the application fails to properly sanitize input in the section, allowing remote attackers to inject arbitrary script tags...

5.6AI score0.00261EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/12/18 7:53 p.m.24 views

CVE-2022-50680 Kentico Xperience <= 13.0.92 Email Marketing Stored XSS

A stored cross-site scripting vulnerability in Kentico Xperience allows administration users to inject malicious scripts via email marketing templates. Attackers can exploit this vulnerability to execute malicious scripts that could compromise user browsers and steal sensitive information...

5.1CVSS0.0017EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/18 12:34 a.m.6 views

EUVD-2023-60200

Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in the banner advanced configuration page that allows attackers to inject malicious scripts. Attackers can craft a malicious link to the banner-advanced.php endpoint with XSS payloads in prepend and append parameters to execute...

5.4CVSS5.6AI score0.02256EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.4 views

PT-2025-51199

The URL Shortify WordPress plugin before 1.11.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1AI score0.00145EPSS
Exploits0References2
CVE
CVE
added 2025/12/11 9:43 p.m.14 views

CVE-2024-58313

CVE-2024-58313 affects xbtitFM 4.1.18 and describes an insecure file upload in the file_hosting feature. The root cause is a bypass of file-type checks through Content-Type header manipulation (image/gif), GIF89a bytes, and alternate PHP tags, enabling authenticated attackers with administrative ...

8.6CVSS7.3AI score0.00524EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.4 views

PT-2025-50745

Name of the Vulnerable Software and Affected Versions Flatboard version 3.2 Description An authenticated administrator can inject malicious scripts in forum information fields, leading to a stored cross-site scripting issue. Attackers can insert JavaScript payloads that execute when other users...

5.3CVSS5.8AI score0.00315EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/12/09 6:0 a.m.2 views

CVE-2025-13071 Custom Admin Menu <= 1.0.0 - Reflected XSS

The Custom Admin Menu WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

5.7AI score0.00186EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/02 12:0 a.m.7 views

PT-2025-48714

dcat-admin v2.2.3-beta and before is vulnerable to file inclusion in admin/src/Extend/VersionManager.php...

6.9AI score0.00402EPSS
Exploits1References3
EUVD
EUVD
added 2025/11/21 9:27 a.m.5 views

EUVD-2025-198432

The WP Delete Post Copies plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS4.6AI score0.0016EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/04 2:25 p.m.7 views

CVE-2025-12184 MeetingList <= 0.11 - Authenticated (Admin+) Stored Cross-Site Scripting

The MeetingList plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS0.00187EPSS
Exploits0References2
CVE
CVE
added 2025/10/24 9:23 a.m.26 views

CVE-2025-12136

CVE-2025-12136 affects the WordPress plugin “Real Cookie Banner: GDPR & ePrivacy Cookie Consent”. Wordfence and related sources describe a Server-Side Request Forgery (SSRF) vulnerability in all versions up to and including 5.2.4, caused by insufficient validation of the user-supplied URL in the ...

6.8CVSS5.4AI score0.00358EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/23 9:37 a.m.5 views

EUVD-2025-35662

QuickCMS is vulnerable to multiple Stored XSS in page editor functionality pages-form. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. By default admin user is not able to add JavaScript into the...

4.8CVSS5.9AI score0.00176EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/19 10:19 a.m.10 views

CVE-2025-11926

The Related Posts Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissio...

4.4CVSS5AI score0.00279EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/08 11:32 p.m.5 views

EUVD-2025-33276

A vulnerability was found in code-projects Voting System 1.0. Affected by this issue is some unknown functionality of the file /admin/votersadd.php. The manipulation of the argument Firstname/Lastname/Platform results in cross site scripting. The attack can be executed remotely. The exploit has...

5.3CVSS5.3AI score0.00364EPSS
Exploits1References7
OSV
OSV
added 2025/10/08 12:15 a.m.5 views

CVE-2025-11417

A weakness has been identified in Campcodes Advanced Online Voting Management System 1.0. This vulnerability affects unknown code of the file /admin/votersadd.php. Executing manipulation of the argument photo can lead to unrestricted upload. The attack can be launched remotely. The exploit has be...

8.8CVSS5.7AI score0.00299EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-3992

Malware in sbrugna...

7.2CVSS7AI score0.00896EPSS
Exploits1References2
Rows per page
Query Builder