Lucene search
K

10 matches found

NVD
NVD
added 4 days ago5 views

CVE-2026-12924

The Eventin – Event Calendar, Event Registration, Tickets & Booking AI Powered plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'etnfaqcontent' parameter in all versions up to, and including, 4.1.15 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS0.00206EPSS
Exploits0References8
CVE
CVE
added 4 days ago7 views

CVE-2026-12924

Eventin WordPress plugin (WP Event Solution) ≤ 4.1.15 is vulnerable to Stored Cross‑Site Scripting via the etn_faq_content parameter due to insufficient input sanitization and output escaping. Exploitation requires contributor‑level authentication or higher, enabling injection of scripts that exe...

6.4CVSS6.2AI score0.00206EPSS
Exploits0References8
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42843

The Eventin – Event Calendar, Event Registration, Tickets & Booking AI Powered plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'etnfaqcontent' parameter in all versions up to, and including, 4.1.15 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS6.2AI score0.00206EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-12924

The Eventin – Event Calendar, Event Registration, Tickets & Booking AI Powered plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'etnfaqcontent' parameter in all versions up to, and including, 4.1.15 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS6.2AI score0.00206EPSS
Exploits0References9
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-12924 Eventin <= 4.1.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'etn_faq_content' Parameter

The Eventin – Event Calendar, Event Registration, Tickets & Booking AI Powered plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'etnfaqcontent' parameter in all versions up to, and including, 4.1.15 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS0.00206EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/04/09 3:25 a.m.3 views

CVE-2026-4336

The Ultimate FAQ Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via FAQ content in all versions up to, and including, 2.4.7. This is due to the plugin calling htmlentitydecode on postcontent during rendering in the setdisplayvariables function View.FAQ.class.php, line...

6.4CVSS6.1AI score0.00227EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/04/09 3:25 a.m.3 views

CVE-2026-4336 Ultimate FAQ Accordion Plugin <= 2.4.7 - Authenticated (Author+) Stored Cross-Site Scripting via FAQ Content

The Ultimate FAQ Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via FAQ content in all versions up to, and including, 2.4.7. This is due to the plugin calling htmlentitydecode on postcontent during rendering in the setdisplayvariables function View.FAQ.class.php, line...

6.4CVSS6.1AI score0.00227EPSS
Exploits0References8
CVE
CVE
added 2026/04/09 3:25 a.m.21 views

CVE-2026-4336

CVE-2026-4336 affects the WordPress plugin Ultimate FAQ Accordion (≤ 2.4.7). The root cause is that html_entity_decode() is applied to post_content during rendering in View.FAQ.class.php (set_display_variables), which restores HTML entities, combined with insufficient output escaping in faq-answe...

6.4CVSS6.1AI score0.00227EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/04/09 3:25 a.m.32 views

CVE-2026-4336 Ultimate FAQ Accordion Plugin <= 2.4.7 - Authenticated (Author+) Stored Cross-Site Scripting via FAQ Content

The Ultimate FAQ Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via FAQ content in all versions up to, and including, 2.4.7. This is due to the plugin calling htmlentitydecode on postcontent during rendering in the setdisplayvariables function View.FAQ.class.php, line...

6.4CVSS0.00227EPSS
Exploits0References8
OSV
OSV
added 2020/03/10 1:15 p.m.6 views

CVE-2019-10065

An issue was discovered in Open Ticket Request System OTRS 7.0 through 7.0.6. An attacker who is logged into OTRS as a customer user can use the search result screens to disclose information from internal FAQ articles, a different vulnerability than CVE-2019-9753...

4.3CVSS5.7AI score0.0077EPSS
Exploits0References2
Rows per page
Query Builder