Lucene search
+L

4 matches found

redhatcve
redhatcve
added 2026/01/07 9:54 a.m.22 views

CVE-2025-1523

The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS5.7AI score0.00239EPSS
Exploits1References1
patchstack
patchstack
added 2025/04/17 5:16 p.m.14 views

WordPress Ultimate Dashboard plugin < 3.8.6 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Ultimate Dashboard versions 3.8.6...

3.5CVSS7.6AI score0.00239EPSS
Exploits1References1Affected Software1
circl
circl
added 2025/04/17 6:48 a.m.27 views

CVE-2025-1523

creationtimestamp| type| source ---|---|--- 2025-04-17 06:48:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmyj7hk4ms2h 2025-04-17 06:57:16+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/12196 2025-04-17 10:28:12+00:00| seen| https://t.me/cvedetector/23218...

3.5CVSS8.7AI score0.00239EPSS
Exploits1References3
cve
cve
added 2025/04/17 6:0 a.m.71 views

CVE-2025-1523

CVE-2025-1523 concerns The Ultimate Dashboard WordPress plugin prior to 3.8.6. The vulnerability is a stored XSS in plugin settings caused by insufficient sanitization/escaping, which could allow a high-privilege user (e.g., an admin) to inject script payloads. Exploitation details (e.g., exact v...

3.5CVSS5.4AI score0.00239EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder