Lucene search
K

4 matches found

Patchstack
Patchstack
added 2025/08/04 9:52 p.m.6 views

WordPress Mmm Unity Loader plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via attributes Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via attributes Parameter vulnerability discovered by muhammad yudha in WordPress Plugin Mmm Unity Loader versions = 1.0...

6.4CVSS5.5AI score0.00218EPSS
Exploits0References1Affected Software1
Circl
Circl
added 2025/08/02 1:36 p.m.10 views

CVE-2025-8399

creationtimestamp| type| source ---|---|--- 2025-08-02 13:36:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lvgbur5y462a...

6.4CVSS4.8AI score0.00218EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/02 8:24 a.m.3 views

CVE-2025-8399 Mmm Unity Loader <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via attributes Parameter

The Mmm Unity Loader plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘attributes’ parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS6AI score0.00218EPSS
Exploits0References3
CVE
CVE
added 2025/08/02 8:24 a.m.25 views

CVE-2025-8399

CVE-2025-8399 affects the WordPress plugin “MMM Unity Loader” up to version 1.0 and enables stored XSS via the attributes parameter. Exploitation requires authenticated access at Contributor level or higher, enabling script injection on pages visited by users. Various connected sources corroborat...

6.4CVSS5.5AI score0.00218EPSS
Exploits0References3
Rows per page
Query Builder