Lucene search
+L

784 matches found

CVE
CVE
added 2025/12/13 7:21 a.m.24 views

CVE-2025-8779

CVE-2025-8779: All-in-One Addons for Elementor – WidgetKit (WordPress) is affected by a stored XSS in the Team and Countdown widgets due to insufficient input sanitization and output escaping of user-supplied attributes. Exploitation requires authenticated access at contributor level or higher, e...

6.4CVSS4.7AI score0.00189EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/13 7:21 a.m.30 views

CVE-2025-8779 All-in-One Addons for Elementor – WidgetKit <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team and Countdown Widgets

The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Team and Countdown widgets in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS0.00189EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/12/13 3:19 a.m.6 views

WordPress Enter Addons plugin <= 2.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown and Image Comparison Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Countdown and Image Comparison Widgets vulnerability discovered by zer0gh0st in WordPress Plugin Enter Addons versions = 2.2.7...

6.4CVSS5.5AI score0.00189EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/13 1:54 a.m.13 views

WordPress All-in-One Addons for Elementor – WidgetKit plugin <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team and Countdown Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Team and Countdown Widgets vulnerability discovered by zer0gh0st in WordPress Plugin WidgetKit versions = 2.5.6...

6.4CVSS5.5AI score0.00189EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/12/13 12:0 a.m.8 views

WordPress plugin All-in-One Addons for Elementor – WidgetKit 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS6.1AI score0.00189EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/13 12:0 a.m.6 views

WordPress plugin Enter Addons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS6AI score0.00189EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/13 12:0 a.m.10 views

PT-2025-51107

The Enter Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown and Image Comparison widgets in all versions up to, and including, 2.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5AI score0.00189EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/13 12:0 a.m.6 views

PT-2025-51093

The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Team and Countdown widgets in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS5AI score0.00189EPSS
Exploits0References3
HackRead
HackRead
added 2025/11/20 5:41 p.m.16 views

Everest Ransomware Says It Breached Brazilian Energy Giant Petrobras

Everest ransomware claims to have stolen over 180GB of seismic survey data from Petrobras, demanding contact through qTox with a countdown in place...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/11/12 3:47 a.m.11 views

CVE-2025-12665

The Ninja Countdown | Fastest Countdown Builder plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'ninjacountdownadminajax' AJAX endpoint in all versions up to, and including, 1.5.0. This makes it possible for authenticated attackers, with...

4.3CVSS5.2AI score0.00178EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/12 3:46 a.m.19 views

CVE-2025-12668

The WP Count Down Timer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters of the 'wpcountdowntimer' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.1AI score0.00211EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/11 6:30 a.m.6 views

EUVD-2025-60934

The WP Count Down Timer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters of the 'wpcountdowntimer' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS4.7AI score0.00211EPSS
Exploits0References4
EUVD
EUVD
added 2025/11/11 6:30 a.m.8 views

EUVD-2025-60939

The Ninja Countdown | Fastest Countdown Builder plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'ninjacountdownadminajax' AJAX endpoint in all versions up to, and including, 1.5.0. This makes it possible for authenticated attackers, with...

4.3CVSS4.8AI score0.00178EPSS
Exploits0References3
NVD
NVD
added 2025/11/11 4:15 a.m.6 views

CVE-2025-12665

The Ninja Countdown | Fastest Countdown Builder plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'ninjacountdownadminajax' AJAX endpoint in all versions up to, and including, 1.5.0. This makes it possible for authenticated attackers, with...

4.3CVSS0.00178EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/11 3:30 a.m.4 views

CVE-2025-12668 WP Count Down Timer <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP Count Down Timer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters of the 'wpcountdowntimer' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS4.8AI score0.00211EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/11 3:30 a.m.12 views

CVE-2025-12668 WP Count Down Timer <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP Count Down Timer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters of the 'wpcountdowntimer' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00211EPSS
Exploits0References3
CVE
CVE
added 2025/11/11 3:30 a.m.20 views

CVE-2025-12668

CVE-2025-12668 affects the WordPress plugin WP Count Down Timer for WordPress, specifically versions up to and including 1.0.1. The vulnerability is a Stored Cross-Site Scripting (Stored XSS) exploitable through multiple parameters of the shortcode wp_countdown_timer, caused by insufficient input...

6.4CVSS4.8AI score0.00211EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/11 3:30 a.m.8 views

CVE-2025-12665 Ninja Countdown <= 1.5.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Countdown Deletion

The Ninja Countdown | Fastest Countdown Builder plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'ninjacountdownadminajax' AJAX endpoint in all versions up to, and including, 1.5.0. This makes it possible for authenticated attackers, with...

4.3CVSS0.00178EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/11 3:30 a.m.2 views

CVE-2025-12665 Ninja Countdown <= 1.5.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Countdown Deletion

The Ninja Countdown | Fastest Countdown Builder plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'ninjacountdownadminajax' AJAX endpoint in all versions up to, and including, 1.5.0. This makes it possible for authenticated attackers, with...

4.3CVSS4.8AI score0.00178EPSS
Exploits0References2
CVE
CVE
added 2025/11/11 3:30 a.m.18 views

CVE-2025-12665

CVE-2025-12665 describes a vulnerability in the WordPress plugin “Ninja Countdown | Fastest Countdown Builder” (versions up to 1.5.0). The issue is a missing capability check on the ninja_countdown_admin_ajax endpoint, enabling authenticated attackers with Subscriber-level access or higher to del...

4.3CVSS4.9AI score0.00178EPSS
Exploits0References2
Rows per page
Query Builder