Lucene search
+L

8 matches found

EUVD
EUVD
added 2026/07/10 7:48 a.m.9 views

EUVD-2026-42842

The Hostel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wphostel-book' shortcode in all versions up to and including 1.1.7. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Specifically, the second shortcode...

6.4CVSS6.2AI score0.00243EPSS
Exploits0References8
CVE
CVE
added 2026/07/10 7:48 a.m.10 views

CVE-2026-3907

The CVE records CVE-2026-3907 for the WordPress Hostel plugin (versions

6.4CVSS6.2AI score0.00243EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/07/10 7:48 a.m.32 views

CVE-2026-3907 Hostel <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wphostel-book' Shortcode

The Hostel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wphostel-book' shortcode in all versions up to and including 1.1.7. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Specifically, the second shortcode...

6.4CVSS0.00243EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/07/10 7:48 a.m.7 views

CVE-2026-3907

The Hostel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wphostel-book' shortcode in all versions up to and including 1.1.7. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Specifically, the second shortcode...

6.4CVSS6.2AI score0.00243EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/12/13 3:2 a.m.5 views

CVE-2025-13886

The LT Unleashed plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.1 via the 'template' parameter in the book shortcode due to insufficient path sanitization. This makes it possible for authenticated attackers, with Contributor-level access and...

7.5CVSS7.1AI score0.00518EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/12 3:30 a.m.4 views

EUVD-2025-202937

The LT Unleashed plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.1 via the 'template' parameter in the book shortcode due to insufficient path sanitization. This makes it possible for authenticated attackers, with Contributor-level access and...

7.5CVSS6.6AI score0.00518EPSS
Exploits0References5
NVD
NVD
added 2025/12/12 3:15 a.m.7 views

CVE-2025-13886

The LT Unleashed plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.1 via the 'template' parameter in the book shortcode due to insufficient path sanitization. This makes it possible for authenticated attackers, with Contributor-level access and...

7.5CVSS0.00518EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.11 views

PT-2025-50801

The LT Unleashed plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.1 via the 'template' parameter in the book shortcode due to insufficient path sanitization. This makes it possible for authenticated attackers, with Contributor-level access and...

7.5CVSS7.1AI score0.00518EPSS
Exploits0References7
Rows per page
Query Builder