Lucene search
K

98 matches found

Positive Technologies
Positive Technologies
added 2025/11/20 12:0 a.m.7 views

PT-2025-47556

The attention-bar WordPress plugin through 0.7.2.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing high privilege users such as administrator to perform SQL injection attacks...

7.9AI score0.00238EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/15 12:0 a.m.6 views

WordPress plugin TopBar 跨站请求伪造漏洞

WordPress TopBar plugin is a plugin for adding a notification bar at the top of your website, mainly used to display messages, links or promotional content to help users attract attention and increase conversions. The WordPress TopBar plugin suffers from a cross-site request forgery vulnerability...

4.3CVSS6.7AI score0.00152EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2021-11565

Malware in sbrugna...

4.8CVSS5.1AI score0.00598EPSS
Exploits2References2
Patchstack
Patchstack
added 2025/10/03 10:57 p.m.6 views

WordPress Notification Bar plugin <= 2.2 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Nabil Irawan in WordPress Plugin Notification Bar versions = 2.2...

4.3CVSS6.8AI score0.00124EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-29681

Malicious code in bioql PyPI...

5.9CVSS6.4AI score0.00369EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-46338

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00303EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-27785

Malicious code in bioql PyPI...

6.5CVSS6.7AI score0.00361EPSS
Exploits0References1
NVD
NVD
added 2025/10/03 12:15 p.m.7 views

CVE-2025-9895

The Notification Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the 'subscriber-list-empty.php' file. This makes it possible for unauthenticated attackers to empty the subscrib...

4.3CVSS0.00124EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/03 12:0 a.m.9 views

WordPress plugin Notification Bar 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

4.3CVSS6.4AI score0.00124EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/20 8:3 a.m.7 views

CVE-2025-49389 WordPress Notice Bar Plugin <= 3.1.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WEN Solutions Notice Bar allows Stored XSS. This issue affects Notice Bar: from n/a through 3.1.3...

6.5CVSS6.4AI score0.0019EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:13 a.m.8 views

CVE-2024-9210

The MC4WP: Mailchimp Top Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...

6.1CVSS6.4AI score0.00364EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:36 a.m.4 views

CVE-2023-23699

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Chris Reynolds Progress Bar plugin = 2.2.1 versions...

6.5CVSS5.2AI score0.00361EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:0 a.m.9 views

CVE-2022-2629

The Top Bar WordPress plugin before 3.0.4 does not sanitise and escape some of its settings before outputting them in frontend pages, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for examp...

4.8CVSS5.6AI score0.00506EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:20 p.m.8 views

CVE-2021-24653

The Cookie Bar WordPress plugin before 1.8.9 doesn't properly sanitise the Cookie Bar Message setting, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS6.1AI score0.00598EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:19 a.m.8 views

CVE-2013-10021

A vulnerability was found in dd32 Debug Bar Plugin up to 0.8 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function render of the file panels/class-debug-bar-queries.php. The manipulation leads to cross site scripting. The attack can be launched remotely...

6.1CVSS6.3AI score0.00559EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/07 12:0 a.m.5 views

WordPress plugin SKT Skill Bar 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.5CVSS6.6AI score0.00209EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/07 12:0 a.m.5 views

WordPress plugin Progress Bar 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS6.7AI score0.00209EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/15 9:53 p.m.5 views

CVE-2025-26880 WordPress SKT Skill Bar plugin <= 2.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sonalsinha21 SKT Skill Bar skt-skill-bar allows Stored XSS.This issue affects SKT Skill Bar: from n/a through = 2.3...

6.5CVSS7.2AI score0.00235EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/01 2:51 p.m.5 views

CVE-2025-31839 WordPress Footer Contacts Bar plugin <= 1.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in digireturn DN Footer Contacts dn-footer-contacts allows Cross Site Request Forgery.This issue affects DN Footer Contacts: from n/a through = 1.8.1...

4.3CVSS7.2AI score0.00197EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/24 7:15 a.m.20 views

CVE-2025-2479

The Easy Custom Admin Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘msg’ parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS6.4AI score0.00294EPSS
Exploits0References1
Rows per page
Query Builder