Lucene search
K

4 matches found

OSV
OSV
added 2025/02/21 12:15 p.m.3 views

CVE-2025-1489

The WP-Appbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's appbox shortcode in all versions up to, and including, 4.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

5.4CVSS7.4AI score0.00278EPSS
Exploits0References3
NVD
NVD
added 2025/02/21 12:15 p.m.13 views

CVE-2025-1489

The WP-Appbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's appbox shortcode in all versions up to, and including, 4.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

6.4CVSS0.00278EPSS
Exploits0References3
CVE
CVE
added 2025/02/21 11:9 a.m.60 views

CVE-2025-1489

The WP-Appbox plugin for WordPress has a Stored Cross-Site Scripting (XSS) vulnerability in the appbox shortcode, affecting all versions up to 4.5.4 due to insufficient input sanitization and output escaping on user-supplied attributes. Exploitation requires authentication (Contributor+), enablin...

6.4CVSS5.7AI score0.00278EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/02/21 11:9 a.m.11 views

CVE-2025-1489 WP-Appbox <= 4.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via appbox Shortcode

The WP-Appbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's appbox shortcode in all versions up to, and including, 4.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

6.4CVSS5.8AI score0.00278EPSS
Exploits0References3
Rows per page
Query Builder