Lucene search
K

12 matches found

Veracode
Veracode
added 2025/12/13 6:44 a.m.6 views

Cross-Site Scripting (XSS)

getgrav/grav is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization in the /admin/config/site endpoint, which allows an attacker to inject malicious scripts via the datataxonomies parameter and execute them in users’ browsers...

6.8CVSS6AI score0.00182EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/02 1:23 a.m.8 views

Grav Admin Plugin vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/config/site` parameter `data[taxonomies]`

Summary A Stored Cross-Site Scripting XSS vulnerability was identified in the /admin/config/site endpoint of the Grav application. This vulnerability allows attackers to inject malicious scripts into the datataxonomies parameter. The injected payload is stored on the server and automatically...

6.8CVSS5.2AI score0.00182EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2025/12/01 10:15 p.m.11 views

CVE-2025-66308

This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting XSS vulnerability was identified in the /admin/config/site endpoint of the Grav application. This...

6.8CVSS0.00182EPSS
Exploits1References2
CVE
CVE
added 2025/12/01 10:0 p.m.19 views

CVE-2025-66308

Grav Admin Plugin stored-XSS CVE-2025-66308 affects the Grav admin UI via POST /admin/config/site, specifically data[taxonomies]. The vulnerability stores malicious input on the server which later executes in a user’s browser when configuring sites, creating a persistent attack vector. Root cause...

6.8CVSS4.7AI score0.00182EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/01 12:0 a.m.5 views

PT-2025-48567

Name of the Vulnerable Software and Affected Versions Grav versions prior to 1.11.0-beta.1 Description The admin plugin for Grav, an HTML user interface for configuring Grav and managing pages, contains a Stored Cross-Site Scripting XSS issue. This allows attackers to inject malicious scripts int...

6.8CVSS4.9AI score0.00182EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/05/23 6:17 a.m.10 views

CVE-2024-50451

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter.This issue affects MDTF: from n/a through = 1.3.3.4...

6.5CVSS5.9AI score0.00254EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/04 10:29 p.m.10 views

CVE-2024-8624

The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'metakey' attribute of the 'mdfselecttitle' shortcode in all versions up to, and including, 1.3.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation...

9.9CVSS7.2AI score0.00482EPSS
Exploits0References1
CVE
CVE
added 2025/01/08 4:17 a.m.59 views

CVE-2024-12030

MDTF – Meta Data and Taxonomies Filter (WordPress) is vulnerable to SQL Injection via the key parameter in the mdf_value shortcode in all versions up to and including 1.3.3.5. The vulnerability requires authentication (Contributor level or higher) and can be leveraged to append additional SQL to ...

6.5CVSS6.5AI score0.00498EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2025/01/07 7:17 p.m.6 views

WordPress MDTF – Meta Data and Taxonomies Filter plugin <= 1.3.3.5 - Authenticated (Contributor+) SQL Injection vulnerability

Authenticated Contributor+ SQL Injection vulnerability discovered by Thanh Nam Tran in WordPress Plugin MDTF versions = 1.3.3.5...

6.5CVSS8.1AI score0.00498EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/03/29 1:15 p.m.2 views

CVE-2024-30457

Cross-Site Request Forgery CSRF vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter MDTF.This issue affects WordPress Meta Data and Taxonomies Filter MDTF: from n/a through 1.3.3.1...

8.8CVSS5.8AI score0.00241EPSS
Exploits0References1
OSV
OSV
added 2024/03/27 10:15 a.m.4 views

CVE-2024-29932

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter MDTF allows Stored XSS.This issue affects WordPress Meta Data and Taxonomies Filter MDTF: from n/a through 1.3.2...

5.4CVSS5.8AI score0.00351EPSS
Exploits0References1
Patchstack
Patchstack
added 2021/07/08 12:0 a.m.22 views

WordPress MDTF - Meta Data & Taxonomies Filter premium plugin <= 2.2.7.2 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Ryoma Nishioka in WordPress MDTF - Meta Data & Taxonomies Filter premium plugin versions = 2.2.7.2. Solution Update the WordPress MDTF - Meta Data & Taxonomies Filter premium plugin to the latest available version at least 2.2.8...

8.8CVSS3.7AI score0.00849EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder