Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

CVE
CVEadded 2026/02/25 9:26 a.m.13 views

CVE-2026-2301

CVE-2026-2301 (Post Duplicator, WordPress): Wordfence and related sources confirm a protected post meta insertion vulnerability in Post Duplicator

4.3CVSS5.5AI score0.0004EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/02/25 9:26 a.m.3 views

CVE-2026-2301 Post Duplicator <= 3.0.8 - Missing Authorization to Authenticated (Contributor+) Protected Post Meta Insertion via 'customMetaData' Parameter

The Post Duplicator plugin for WordPress is vulnerable to unauthorized arbitrary protected post meta insertion in all versions up to, and including, 3.0.8. This is due to the duplicatepost function in includes/api.php using $wpdb-insert directly to the wppostmeta table instead of WordPress's...

4.3CVSS5.5AI score0.0004EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2021-1955

Malware in sbrugna...

8CVSS6.5AI score0.00027EPSS
Exploits1References10
wpexploit
wpexploitadded 2024/01/10 12:0 a.m.160 views

EventON (Free < 2.2.7, Premium < 4.5.5) - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to the EventON Lite settings an...

4.8CVSS4.7AI score0.00198EPSS
Exploits2
Veracode
Veracodeadded 2021/09/02 12:50 p.m.16 views

Cross-site Scripting (XSS)

pimcore/pimcoreis vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization on the custom metadata on assets...

8CVSS1.7AI score0.00027EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blogadded 2021/09/01 6:21 p.m.32 views

Improper Encoding or Escaping of Output in Asset Metadata Component

Pimcore is an open source data & experience management platform. Prior to version 10.1.2, an authenticated user could add XSS code as a value of custom metadata on assets. There is a patch for this issue in Pimcore version 10.1.2. As a workaround, users may apply the patch manually...

8CVSS5.3AI score0.00027EPSS
Exploits1References8Affected Software1
OSV
OSVadded 2021/09/01 2:15 p.m.14 views

CVE-2021-39170

Pimcore is an open source data & experience management platform. Prior to version 10.1.2, an authenticated user could add XSS code as a value of custom metadata on assets. There is a patch for this issue in Pimcore version 10.1.2. As a workaround, users may apply the patch manually...

5.4CVSS5.3AI score
Exploits0References4
Kitploit
Kitploitadded 2018/10/13 1:12 p.m.131 views

Metadata-Attacker - A Tool To Generate Media Files With Malicious Metadata

With this small suite of open source pentesting tools you're able to create an image .jpg, audio .mp3 or video .mp4 file containing your custom metadata or a set of cross-site scripting vectors to test any webservice against possible XSS vulnerabilities when displaying unfiltered meta data...

6AI score
Exploits0References4
Rows per page
Query Builder