Lucene search
K

31 matches found

EUVD
EUVD
added 6 hours ago4 views

EUVD-2025-210458

The Ultimate Before After Image Slider & Gallery WordPress plugin before 4.7.1 does not escape the value of the BEAF Slider widget's shortcode field before outputting it on the front end the value is passed through doshortcode, which echoes non-shortcode content verbatim, allowing users with...

6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/30 7:42 p.m.3 views

CVE-2026-31799 Tautulli: SQL Injection in get_home_stats API endpoint via unsanitised filter parameters

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 2.14.2 to before version 2.17.0 for parameters "before" and "after" and from version 2.1.0-beta to before version 2.17.0 for parameters "sectionid" and "userid", the /api/v2?cmd=gethomestats endpoint passe...

4.9CVSS5.9AI score0.004EPSS
Exploits1References2
CVE
CVE
added 2026/03/30 7:42 p.m.19 views

CVE-2026-31799

CVE-2026-31799 affects Tautulli (Python-based Plex monitor) where the /api/v2?cmd=get_home_stats endpoint passes query parameters (section_id, user_id, before, after) directly into SQL via Python %-string formatting without parameterization, from versions 2.14.2–2.16.x (before 2.17.0) for certain...

4.9CVSS5.9AI score0.004EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/24 12:0 a.m.11 views

PT-2026-4585

The ThemeRuby Multi Authors – Assign Multiple Writers to Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'before' and 'after' shortcode attributes in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS5.8AI score0.0024EPSS
Exploits0References4
NVD
NVD
added 2025/10/04 3:15 a.m.7 views

CVE-2025-9030

The Majestic Before After Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'beforelabel' and 'afterlabel' parameters in versions less than, or equal to, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

5.4CVSS0.0018EPSS
Exploits0References2
CVE
CVE
added 2025/10/04 2:24 a.m.23 views

CVE-2025-9030

CVE-2025-9030 concerns the Majestic Before After Image WordPress plugin (versions

5.4CVSS4.9AI score0.0018EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/04 12:0 a.m.6 views

PT-2025-40619

Name of the Vulnerable Software and Affected Versions Majestic Before After Image plugin for WordPress versions prior to 2.0.2 Description The software is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping. This allows authenticated attackers with...

5.4CVSS5.5AI score0.0018EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/10/04 12:0 a.m.5 views

WordPress plugin Majestic Before After Image 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

5.4CVSS5.7AI score0.0018EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-22294

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.0031EPSS
Exploits0References1
OSV
OSV
added 2025/06/19 4:15 a.m.6 views

CVE-2025-4479

The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin image comparison widget's before/after labels in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping on user supplied...

5.4CVSS5.9AI score0.00209EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 7:52 a.m.6 views

CVE-2024-24931

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in swadeshswain Before After Image Slider WP allows Stored XSS.This issue affects Before After Image Slider WP: from n/a through 2.2...

6.5CVSS6.7AI score0.0031EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:18 a.m.7 views

CVE-2022-4580

The Twenty20 Image Before-After WordPress plugin through 1.5.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.4CVSS5.9AI score0.00477EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2025/05/07 10:9 p.m.892 views

Exploit for Unrestricted Upload of File with Dangerous Type in Themefic Ultimate_Before_After_Image_Slider_\&_Gallery

Ultimate Before After Image Slider & Gallery – BEAF 1: lo: mt...

9.1CVSS9.5AI score0.00443EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/04 11:41 p.m.5 views

CVE-2024-22286

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aluka BA Plus – Before & After Image Slider FREE allows Reflected XSS.This issue affects BA Plus – Before & After Image Slider FREE: from n/a through 1.0.3...

7.1CVSS7AI score0.00331EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/15 12:0 a.m.3 views

WordPress Plugin Ultimate Before After Image Slider & Gallery 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress Plugin Ultimate Before After Image Slider &...

4.3CVSS6.5AI score0.00216EPSS
Exploits0References2
NVD
NVD
added 2024/02/12 6:15 a.m.22 views

CVE-2024-24931

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in swadeshswain Before After Image Slider WP allows Stored XSS.This issue affects Before After Image Slider WP: from n/a through 2.2...

6.5CVSS6.4AI score0.0031EPSS
Exploits0References1
OSV
OSV
added 2024/02/12 6:15 a.m.4 views

CVE-2024-24931

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in swadeshswain Before After Image Slider WP allows Stored XSS.This issue affects Before After Image Slider WP: from n/a through 2.2...

5.4CVSS7.3AI score0.0031EPSS
Exploits0References1
Prion
Prion
added 2024/02/12 6:15 a.m.15 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in swadeshswain Before After Image Slider WP allows Stored XSS.This issue affects Before After Image Slider WP: from n/a through 2.2...

4.9CVSS7AI score0.0031EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/02/12 5:52 a.m.40 views

CVE-2024-24931

CVE-2024-24931 concerns the Before After Image Slider WP plugin (versions through 2.2) with a Stored XSS due to improper neutralization of input during web page generation. Multiple sources (Wordfence, Red Hat advisory, CVE listing, PATCHSTACK) reiterate the same: vulnerable plugin/version, Store...

6.5CVSS6.7AI score0.0031EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/12 5:52 a.m.14 views

CVE-2024-24931 WordPress Before After Image Slider WP Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in swadeshswain Before After Image Slider WP allows Stored XSS.This issue affects Before After Image Slider WP: from n/a through 2.2...

6.5CVSS6.7AI score0.0031EPSS
Exploits0References1
Rows per page
Query Builder