Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

39 matches found

RedhatCVE
RedhatCVEadded 2026/01/09 12:40 p.m.9 views

CVE-2023-43982

Bon Presta boninstagramcarousel between v5.2.1 to v7.0.0 was discovered to contain a Server-Side Request Forgery SSRF via the url parameter at instaparser.php. This vulnerability allows attackers to use the vulnerable website as proxy to attack other websites or exfiltrate data via a HTTP call...

9.8CVSS7.3AI score0.00565EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/01/09 9:32 a.m.8 views

CVE-2023-25784

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Bon Plan Gratos Sticky Ad Bar plugin = 1.3.1 versions...

5.9CVSS5.6AI score0.00369EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/11/12 10:25 p.m.3 views

Malicious code in odasv-kiuu-bon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5308483778ceb44dac8400be455f0bb940251f5b0b5ad8a2282f401f86c0c53e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2014-6896

Malware in sbrugna...

5.4CVSS6.4AI score0.00266EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2023-48341

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00565EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2025-14954

Malicious code in bioql PyPI...

6.4CVSS7.2AI score0.00198EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.4 views

EUVD-2023-29681

Malicious code in bioql PyPI...

5.9CVSS6.4AI score0.00369EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/17 4:15 a.m.14 views

CVE-2025-4589

The Bon Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bt-map' shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.9AI score0.00198EPSS
Exploits0References1
NVD
NVDadded 2025/05/15 4:16 a.m.13 views

CVE-2025-4589

The Bon Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bt-map' shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00198EPSS
Exploits0References2
CVE
CVEadded 2025/05/15 3:21 a.m.42 views

CVE-2025-4589

The Bon Toolkit WordPress plugin (versions up to 1.3.2) is vulnerable to Stored Cross-Site Scripting via the bt-map shortcode due to insufficient input sanitization and output escaping. Exploitation requires authenticated access (contributor level or higher) and can inject scripts that execute wh...

6.4CVSS5.8AI score0.00198EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/05/15 3:21 a.m.7 views

CVE-2025-4589 Bon Toolkit <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Bon Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bt-map' shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.8AI score0.00198EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/05/15 3:21 a.m.19 views

CVE-2025-4589 Bon Toolkit <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Bon Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bt-map' shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00198EPSS
Exploits0References2
CNNVD
CNNVDadded 2025/05/15 12:0 a.m.3 views

WordPress plugin Bon Toolkit 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS6.6AI score0.00198EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/05/15 12:0 a.m.3 views

PT-2025-21259 · WordPress · Bon Toolkit

Name of the Vulnerable Software and Affected Versions: The Bon Toolkit plugin for WordPress versions up to, and including, 1.3.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'bt-map' shortcode due to insufficient input sanitization and output escaping on...

6.4CVSS6.2AI score0.00198EPSS
Exploits0References7
Patchstack
Patchstackadded 2025/05/14 9:21 p.m.8 views

WordPress Bon Toolkit plugin <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Chuck in WordPress Plugin Bon Toolkit versions = 1.3.2...

6.4CVSS6.3AI score0.00198EPSS
Exploits0References1Affected Software1
Openbugbounty
Openbugbountyadded 2024/03/05 1:40 p.m.7 views

bon-wei.it Cross Site Scripting vulnerability OBB-3865264

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
NVD
NVDadded 2023/11/03 5:15 a.m.12 views

CVE-2023-43982

Bon Presta boninstagramcarousel between v5.2.1 to v7.0.0 was discovered to contain a Server-Side Request Forgery SSRF via the url parameter at instaparser.php. This vulnerability allows attackers to use the vulnerable website as proxy to attack other websites or exfiltrate data via a HTTP call...

9.8CVSS9.5AI score0.00565EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2023/11/03 12:0 a.m.13 views

CVE-2023-43982

Bon Presta boninstagramcarousel between v5.2.1 to v7.0.0 was discovered to contain a Server-Side Request Forgery SSRF via the url parameter at instaparser.php. This vulnerability allows attackers to use the vulnerable website as proxy to attack other websites or exfiltrate data via a HTTP call...

7.5AI score0.00565EPSS
Exploits0References1
CVE
CVEadded 2023/11/03 12:0 a.m.34 views

CVE-2023-43982

CVE-2023-43982 affects Bon Presta boninstagramcarousel versions 5.2.1–7.0.0. A server-side request forgery (SSRF) vulnerability exists in the url parameter of insta_parser.php, allowing an attacker to use the vulnerable site as a proxy to reach other targets or exfiltrate data via HTTP requests. ...

9.8CVSS9.3AI score0.00565EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologiesadded 2023/11/02 12:0 a.m.4 views

PT-2023-29057 · Bon Presta · Boninstagramcarousel

Name of the Vulnerable Software and Affected Versions: Bon Presta boninstagramcarousel versions 5.2.1 through 7.0.0 Description: A Server-Side Request Forgery SSRF issue was discovered, allowing attackers to use the vulnerable website as a proxy to attack other websites or exfiltrate data via an...

9.8CVSS9.2AI score0.00565EPSS
Exploits0References3
Rows per page
Query Builder