Lucene search
+L

5 matches found

circl
circl
added 2025/05/15 6:57 a.m.25 views

CVE-2025-4126

creationtimestamp| type| source ---|---|--- 2025-05-15 06:57:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lp6wrhec7m2e 2025-08-07 09:00:05+00:00| published-proof-of-concept| Telegram/UOBHIdY3ySfeHEqRgDOMD1tfqOzhoPZZkrJdvo4b1cRAqk 2025-08-09 21:02:26+00:00| seen|...

6.4CVSS7.8AI score0.00241EPSS
Exploits1References3
cve
cve
added 2025/05/15 3:21 a.m.57 views

CVE-2025-4126

CVE-2025-4126 affects the WordPress EG-Series plugin (versions up to and including 2.1.1). Affected component is the shortcode_title handling in the [series] shortcode, where insufficient input sanitization and output escaping allows authenticated attackers (contributor level+) on sites with Clas...

6.4CVSS5.8AI score0.00241EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2025/05/15 3:21 a.m.10 views

CVE-2025-4126 EG-Series <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The EG-Series plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's series shortcode in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes in the shortcodetitle function. This makes it possib...

6.4CVSS5.9AI score0.00241EPSS
Exploits1References2
cvelist
cvelist
added 2025/05/15 3:21 a.m.25 views

CVE-2025-4126 EG-Series <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The EG-Series plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's series shortcode in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes in the shortcodetitle function. This makes it possib...

6.4CVSS0.00241EPSS
Exploits1References2
patchstack
patchstack
added 2025/05/14 9:17 p.m.11 views

WordPress EG-Series plugin <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by muhammad yudha in WordPress Plugin EG-Series versions = 2.1.1...

6.4CVSS6.3AI score0.00241EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder