Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

WPVulnDB
WPVulnDBadded 2024/05/31 12:0 a.m.9 views

Widget Bundle <= 2.0.0 - Unauthencated Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users PoC On a site with the User Login/Registration widget active, have an unauthenticated user send...

6AI score0.00408EPSS
Exploits2
WPVulnDB
WPVulnDBadded 2024/05/31 12:0 a.m.16 views

Widget Bundle <= 2.0.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Enable the "Text Form" widget...

5.4AI score0.00356EPSS
Exploits2
Vulnrichment
Vulnrichmentadded 2024/03/13 3:27 p.m.21 views

CVE-2024-1723

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1.58.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor acce...

6.4CVSS5.8AI score0.00501EPSS
Exploits0References3
OpenVAS
OpenVASadded 2024/03/08 12:0 a.m.17 views

Fedora: Security Advisory for maven-bundle-plugin (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS9.2AI score0.02557EPSS
Exploits3References2
Fedora
Fedoraadded 2024/03/07 10:33 p.m.24 views

[SECURITY] Fedora 40 Update: maven-bundle-plugin-5.1.9-5.fc40

Provides a maven plugin that supports creating an OSGi bundle from the contents of the compilation classpath along with its resources and dependencies. Plus a zillion other features...

8.8CVSS6.8AI score0.02557EPSS
Exploits3
Cvelist
Cvelistadded 2023/11/22 11:5 p.m.23 views

CVE-2023-47821 WordPress Email Encoder Bundle Plugin <= 2.1.8 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jannis Thuemmig Email Encoder plugin = 2.1.8 versions...

6.5CVSS6.7AI score0.00416EPSS
Exploits1References1
Veracode
Veracodeadded 2020/03/04 1:30 a.m.11 views

XML External Entity (XXE)

maven-bundle-plugin is vulnerable to XML external entity XXE attacks. The external DTDs is not disabled by default, allowing an attacker to submit a malicious XML document to perform requests on behalf of the server or read system files...

2.8AI score
Exploits0
Rows per page
Query Builder