Lucene search
+L

108 matches found

Cvelist
Cvelist
added 2025/08/16 3:38 a.m.8 views

CVE-2025-7439 Anber Elementor Addon <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Banner button link

Anber Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $anberitem'buttonlink''url'’ parameter in all versions up to, and including, 1.0.1 to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00199EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/16 3:38 a.m.4 views

CVE-2025-7440 Anber Elementor Addon <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Carousel button link

The Anber Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $item'buttonlink''url' parameter in all versions up to, and including, 1.0.1 to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.9AI score0.00242EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/16 3:38 a.m.10 views

CVE-2025-7440 Anber Elementor Addon <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Carousel button link

The Anber Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $item'buttonlink''url' parameter in all versions up to, and including, 1.0.1 to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00242EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/15 8:25 a.m.4 views

CVE-2025-5844 Radius Blocks <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via subHeadingTagName Parameter

The Radius Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘subHeadingTagName’ parameter in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.9AI score0.00238EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/08/15 8:25 a.m.11 views

CVE-2025-8905 Inpersttion For Theme <= 1.0 - Authenticated (Contributor+) Arbitrary Function Call

The Inpersttion For Theme plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0 via the themesectionshortcode function. This is due to the plugin not restricting what functions can be called. This makes it possible for authenticated attackers, with...

6.3CVSS0.00354EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/03/25 7:5 p.m.7 views

WordPress Spectra plugin <= 2.19.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin Spectra versions = 2.19.0...

6.4CVSS5.7AI score0.00273EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/02/27 11:37 p.m.5 views

WordPress Ultra Addons Lite for Elementor plugin <= 1.1.8 - Authenticated (Contributor+) Restricted Post Disclosure vulnerability

Authenticated Contributor+ Restricted Post Disclosure vulnerability discovered by Francesco Carlucci in WordPress Plugin Ultra Addons Lite for Elementor versions = 1.1.8...

4.3CVSS7AI score0.00302EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/02/18 11:6 p.m.16 views

WordPress UltraEmbed plugin <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin UltraEmbed versions = 1.0.3...

6.4CVSS5.7AI score0.00318EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/02/11 10:7 p.m.6 views

WordPress NGG Smart Image Search plugin <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin NGG Smart Image Search versions = 3.2.1...

6.4CVSS5.7AI score0.00288EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/01/30 8:8 a.m.11 views

WordPress Tracking Code Manager plugin < 2.4.0 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Tracking Code Manager versions 2.4.0...

5.9CVSS6.3AI score0.00252EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/01/27 9:39 p.m.5 views

WordPress Ask Me Anything (Anonymously) plugin <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin Ask Me Anything Anonymously versions = 1.6...

6.4CVSS5.7AI score0.00237EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/01/10 9:49 p.m.4 views

WordPress GatorMail SmartForms plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin GatorMail SmartForms versions = 1.1.0...

6.4CVSS5.7AI score0.00312EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/01/10 9:39 p.m.5 views

WordPress Accordion Slider Lite plugin <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by yudha in WordPress Plugin Accordion Slider Lite versions = 1.5.1...

6.4CVSS5.7AI score0.00331EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/01/07 7:17 p.m.8 views

WordPress MDTF – Meta Data and Taxonomies Filter plugin <= 1.3.3.5 - Authenticated (Contributor+) SQL Injection vulnerability

Authenticated Contributor+ SQL Injection vulnerability discovered by Thanh Nam Tran in WordPress Plugin MDTF versions = 1.3.3.5...

6.5CVSS8.1AI score0.00506EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/01/07 10:5 a.m.6 views

WordPress Solar Wizard Lite plugin <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin Solar Wizard Lite versions = 1.2.4...

6.4CVSS5.7AI score0.00264EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/01/07 7:53 a.m.4 views

WordPress Tabs Shortcode plugin <= 2.0.2 - Contributor+ XSS via Shortcode vulnerability

Contributor+ XSS via Shortcode vulnerability discovered by Bob Matyas in WordPress Plugin Tabs Shortcode versions = 2.0.2...

5.3CVSS6.3AI score0.00481EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/01/07 7:50 a.m.7 views

WordPress Photo Gallery, Images, Slider in Rbs Image Gallery plugin < 3.2.22 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Robo Gallery versions 3.2.22...

2.7CVSS6.1AI score0.00523EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/01/02 6:53 a.m.5 views

WordPress Goodlayers Core plugin < 2.0.10 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Goodlayers Core versions 2.0.10...

5.9CVSS6.1AI score0.00311EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2024/12/19 9:27 p.m.4 views

WordPress Embed Twine plugin <= 0.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin Embed Twine versions = 0.1.0...

6.4CVSS5.7AI score0.00276EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/12/19 9:21 p.m.4 views

WordPress Spoki – Chat Buttons and WooCommerce Notifications plugin <= 2.15.15 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by theviper17y in WordPress Plugin Spoki versions = 2.15.15...

6.4CVSS5.7AI score0.00387EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder