Lucene search
K

10 matches found

CVE
CVE
added 17 hours ago8 views

CVE-2026-8351

CVE-2026-8351 concerns the RTMKit plugin for WordPress, vulnerable up to version 2.0.7. The flaw is a Stored Cross-Site Scripting in the Advanced Heading widget via the 'Background Text' parameter. The render() function concatenates the value directly into an HTML attribute without applying esc_a...

6.4CVSS6.1AI score
Exploits0References9
ATTACKERKB
ATTACKERKB
added 17 hours ago3 views

CVE-2026-8351

The RTMKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Heading widget's 'Background Text' parameter in versions up to, and including, 2.0.7 This is due to insufficient output escaping on the 'backgroundtextheading' setting in the render function, which...

6.4CVSS6.1AI score
Exploits0References10
EUVD
EUVD
added 17 hours ago4 views

EUVD-2026-41512

The RTMKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Heading widget's 'Background Text' parameter in versions up to, and including, 2.0.7 This is due to insufficient output escaping on the 'backgroundtextheading' setting in the render function, which...

6.4CVSS6.1AI score
Exploits0References9
OSV
OSV
added 2024/05/15 3:15 a.m.2 views

CVE-2024-4208

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the typer effect in the advanced heading widget in all versions up to, and including, 3.2.37 due to insufficient input sanitization and output escaping on user...

5.4CVSS5.9AI score0.00265EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/15 12:0 a.m.11 views

PT-2024-29734 · Kadence Wp · Gutenberg Blocks With Ai By Kadence Wp

Name of the Vulnerable Software and Affected Versions: The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress versions up to, and including, 3.2.37 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes i...

6.4CVSS6.9AI score0.00265EPSS
Exploits0References6
OSV
OSV
added 2024/03/07 9:15 a.m.2 views

CVE-2024-2136

The WPKoi Templates for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Heading widget in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS7.4AI score0.0032EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/03/07 8:34 a.m.11 views

CVE-2024-2136 WPKoi Templates for Elementor <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Heading Widget

The WPKoi Templates for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Heading widget in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS7AI score0.0032EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/07 12:0 a.m.8 views

PT-2024-18861 · WordPress · Wpkoi Templates For Elementor

Name of the Vulnerable Software and Affected Versions: WPKoi Templates for Elementor plugin for WordPress versions up to, and including, 2.5.6 Description: The issue is related to Stored Cross-Site Scripting via the Advanced Heading widget due to insufficient input sanitization and output escapin...

6.4CVSS6.2AI score0.0032EPSS
Exploits0References4
WPVulnDB
WPVulnDB
added 2023/01/27 12:0 a.m.13 views

Greenshift < 5.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC Exploit Additional CSS classes for "Advanced...

6.8CVSS5AI score0.00627EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2023/01/27 12:0 a.m.461 views

Greenshift < 5.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Exploit Additional CSS classes for "Advanced Heading"...

6.8CVSS5.2AI score0.00627EPSS
Exploits2
Rows per page
Query Builder