Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/02/28 7:47 a.m.14 views

CVE-2025-14040

The Automotive Car Dealership Business WordPress Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Call to Action' custom fields in all versions up to, and including, 13.4. This is due to insufficient input sanitization and output escaping on user-supplied attributes in th...

6.4CVSS6.1AI score0.00269EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/07 6:0 a.m.6 views

CVE-2025-15491

The Post Slides WordPress plugin through 1.0.1 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as with contributor or higher roles to perform LFI attacks...

5.4AI score0.00259EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.6 views

PT-2025-50806

The Simple post listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class name' parameter in the postlist shortcode in all versions up to, and including, 0.2. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes ...

6.4CVSS5AI score0.00152EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/06 6:30 a.m.4 views

EUVD-2025-201519

The Extra Post Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the extra-images shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

6.4CVSS4.7AI score0.00201EPSS
Exploits0References5
NVD
NVD
added 2025/10/23 1:15 p.m.9 views

CVE-2025-8427

The Beaver Builder Plugin Starter Version plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘autoplay’ parameter in all versions up to, and including, 2.9.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

6.4CVSS0.0016EPSS
Exploits0References2
OSV
OSV
added 2023/10/30 2:15 p.m.4 views

CVE-2023-5335

The Buzzsprout Podcasting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'buzzsprout' shortcode in versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

5.4CVSS5.9AI score0.00508EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/08/22 12:0 a.m.8 views

PT-2022-16336 · WordPress · Lana Downloads Manager

Name of the Vulnerable Software and Affected Versions: Lana Downloads Manager WordPress plugin versions prior to 1.8.0 Description: The issue allows for an arbitrary file download, which can be exploited by users with Contributor permissions or higher. Recommendations: For versions prior to 1.8.0...

6.5CVSS6.5AI score0.00911EPSS
Exploits2References5
Rows per page
Query Builder