Lucene search
+L

4 matches found

nvd
nvd
added 2025/05/02 4:15 a.m.10 views

CVE-2025-3858

The Formality plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ parameter in all versions up to, and including, 1.5.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

6.4CVSS0.00231EPSS
Exploits0References4
circl
circl
added 2025/05/02 4:15 a.m.10 views

CVE-2025-3858

creationtimestamp| type| source ---|---|--- 2025-05-02 04:15:41+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/14428 2025-05-02 07:34:35+00:00| seen| https://t.me/cvedetector/24311 2025-05-02 08:00:41+00:00| seen|...

6.4CVSS8.7AI score0.00231EPSS
Exploits0References3
cve
cve
added 2025/05/02 3:21 a.m.64 views

CVE-2025-3858

CVE-2025-3858 affects the WordPress plugin Formality (versions up to 1.5.8). It is a Stored Cross‑Site Scripting (XSS) via the align parameter caused by insufficient input sanitization and output escaping. Exploitation requires Contributor+ authentication , and an attacker can inject scripts that...

6.4CVSS5.8AI score0.00231EPSS
Exploits0References4Affected Software1
patchstack
patchstack
added 2025/05/01 9:58 p.m.7 views

WordPress Formality plugin <= 1.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via align Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Formality versions = 1.5.8...

6.4CVSS6.8AI score0.00231EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder