Lucene search
K

47 matches found

Nuclei
Nuclei
added 11 hours ago46 views

Z-Downloads < 1.11.7 - Cross-Site Scripting

The plugin does not properly validate uploaded files allowing for the uploading of SVGs containing malicious JavaScript. id: CVE-2024-8673 info: name: Z-Downloads 1.11.7 - Cross-Site Scripting author: Splint3r7 severity: low description: | The plugin does not properly validate uploaded files...

9.1CVSS5.9AI score0.01631EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/04 3:30 p.m.2 views

EUVD-2018-21748

MyBB Downloads Plugin 2.0.3 contains a persistent cross-site scripting vulnerability that allows regular members to inject malicious scripts through the download title field. Attackers can submit a new download with HTML/JavaScript code in the title parameter, which executes when administrators...

7.2CVSS5.9AI score0.00225EPSS
Exploits1References4
CVE
CVE
added 2026/04/04 1:51 p.m.16 views

CVE-2018-25248

The CVE-2018-25248 entry concerns the MyBB Downloads Plugin 2.0.3, which is affected by a persistent cross-site scripting (XSS) vulnerability in the download title field. The issue allows regular members to submit a new download containing HTML/JavaScript code in the title parameter, which is exe...

7.2CVSS5.9AI score0.00225EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/04/04 1:51 p.m.22 views

CVE-2018-25248 MyBB Downloads Plugin 2.0.3 Persistent XSS via downloads.php

MyBB Downloads Plugin 2.0.3 contains a persistent cross-site scripting vulnerability that allows regular members to inject malicious scripts through the download title field. Attackers can submit a new download with HTML/JavaScript code in the title parameter, which executes when administrators...

7.2CVSS0.00225EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/04 1:51 p.m.3 views

CVE-2018-25248

MyBB Downloads Plugin 2.0.3 contains a persistent cross-site scripting vulnerability that allows regular members to inject malicious scripts through the download title field. Attackers can submit a new download with HTML/JavaScript code in the title parameter, which executes when administrators...

7.2CVSS5.9AI score0.00225EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/04 12:0 a.m.3 views

PT-2026-30368

MyBB Downloads Plugin 2.0.3 contains a persistent cross-site scripting vulnerability that allows regular members to inject malicious scripts through the download title field. Attackers can submit a new download with HTML/JavaScript code in the title parameter, which executes when administrators...

7.2CVSS5.9AI score0.00225EPSS
Exploits1References4
NVD
NVD
added 2026/01/22 5:16 p.m.5 views

CVE-2025-68857

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ichurakov Paid Downloads paid-downloads allows Blind SQL Injection.This issue affects Paid Downloads: from n/a through = 3.15...

9.3CVSS0.00283EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.6 views

WordPress plugin Paid Downloads has a SQL injection vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

9.3CVSS5.9AI score0.00283EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/05 10:43 a.m.2 views

CVE-2025-68850 WordPress Sell Downloads plugin <= 1.1.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in Codepeople Sell Downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sell Downloads: from n/a through 1.1.12...

7.5CVSS6.6AI score0.00237EPSS
Exploits0References1
NVD
NVD
added 2025/12/31 7:15 a.m.4 views

CVE-2025-14783

The Easy Digital Downloads plugin for WordPress is vulnerable to Unvalidated Redirect in all versions up to, and including, 3.6.2. This is due to insufficient validation on the redirect url supplied via the 'eddredirect' parameter. This makes it possible for unauthenticated attackers to redirect...

4.3CVSS0.0031EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2014-4481

Malware in sbrugna...

4.3CVSS6.4AI score0.02046EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/22 1:14 a.m.11 views

CVE-2015-9348

The sell-downloads plugin before 1.0.8 for WordPress has insufficient restrictions on brute-force guessing of purchase IDs...

7.5CVSS7.1AI score0.01734EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/17 9:1 p.m.11 views

CVE-2024-8703

The Z-Downloads WordPress plugin before 1.11.6 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks when accessing share URLs...

6.1CVSS6.3AI score0.00276EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/17 9:0 p.m.7 views

CVE-2024-8673

The Z-Downloads WordPress plugin before 1.11.7 does not properly validate uploaded files allowing for the uploading of SVGs containing malicious JavaScript...

9.1CVSS6.9AI score0.01631EPSS
Exploits1References1
NVD
NVD
added 2025/05/15 8:15 p.m.6 views

CVE-2024-8703

The Z-Downloads WordPress plugin before 1.11.6 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks when accessing share URLs...

6.1CVSS0.00276EPSS
Exploits1References1
NVD
NVD
added 2025/05/15 8:15 p.m.20 views

CVE-2024-8673

The Z-Downloads WordPress plugin before 1.11.7 does not properly validate uploaded files allowing for the uploading of SVGs containing malicious JavaScript...

9.1CVSS0.01631EPSS
Exploits1References1
OSV
OSV
added 2025/05/15 8:15 p.m.4 views

CVE-2024-8699

The Z-Downloads WordPress plugin before 1.11.5 does not properly validate files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...

7.2CVSS5.9AI score0.00572EPSS
Exploits1References1
NVD
NVD
added 2025/05/15 8:15 p.m.4 views

CVE-2024-8031

The Secure Downloads WordPress plugin before 1.2.3 is vulnerable does not properly restrict which files can be downloaded. This makes it possible for authenticated attackers, with admin-level access and above, to download arbitrary files that may contain sensitive information like wp-config.php...

6.5CVSS0.00423EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/15 8:7 p.m.13 views

CVE-2024-8703 Z-Downloads < 1.11.6 - Unauthenticated Stored XSS

The Z-Downloads WordPress plugin before 1.11.6 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks when accessing share URLs...

0.00276EPSS
Exploits1References1
CVE
CVE
added 2025/05/15 8:7 p.m.30 views

CVE-2024-8703

The CVE reports a stored Cross-Site Scripting vulnerability in the Z-Downloads WordPress plugin prior to version 1.11.6. The root cause is insufficient sanitisation/escaping of certain parameters when they are output on share URLs, enabling unauthenticated users to inject script code. Affected so...

6.1CVSS6.3AI score0.00276EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder