CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20 matches found

EUVD•added 2026/05/12 12:32 p.m.•7 views

EUVD-2026-29443

The FastBots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS6AI score0.0003EPSS

Exploits0References6

NVD•added 2026/05/12 10:16 a.m.•8 views

CVE-2026-6800

4.4CVSS0.0003EPSS

Exploits0References5

Cvelist•added 2026/05/12 9:29 a.m.•31 views

CVE-2026-6800 FastBots <= 1.0.12 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings

4.4CVSS0.0003EPSS

Exploits0References5

CVE•added 2026/05/12 9:29 a.m.•7 views

CVE-2026-6800

The CVE-2026-6800 entry concerns the WordPress FastBots plugin (versions up to 1.0.12). The vulnerability is a Stored Cross-Site Scripting flaw in admin settings caused by insufficient input sanitization and output escaping. It affects multi-site installations and installs where unfiltered_html i...

4.4CVSS6AI score0.0003EPSS

Exploits0References5

ATTACKERKB•added 2026/05/12 9:29 a.m.•4 views

CVE-2026-6800

4.4CVSS6AI score0.0003EPSS

Exploits0References6

Vulnrichment•added 2026/05/12 9:29 a.m.•6 views

CVE-2026-6800 FastBots <= 1.0.12 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings

4.4CVSS6AI score0.0003EPSS

Exploits0References5

Positive Technologies•added 2026/05/12 12:0 a.m.•8 views

PT-2026-40001

4.4CVSS6AI score0.0003EPSS

Exploits0References6

CNNVD•added 2026/05/12 12:0 a.m.•5 views

WordPress plugin FastBots 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.4CVSS5.8AI score0.0003EPSS

Exploits0References1

Patchstack•added 2026/05/11 8:37 p.m.•6 views

WordPress FastBots plugin <= 1.0.12 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin FastBots versions = 1.0.12...

4.4CVSS5.8AI score0.0003EPSS

Exploits0References1Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-3043

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.00642EPSS

Exploits1References5

Veracode•added 2023/11/22 6:27 a.m.•8 views

Remote Code Execution

fastbots is vulnerable to Remote Code Execution. The vulnerability is due to improper validation in the locator function which allows an attacker to modify the locators.ini file within the page.py module. This issue can be exploited by an attacker to cause remote code execution...

9.8CVSS8.2AI score0.00642EPSS

Exploits1References5Affected Software1

NVD•added 2023/11/21 11:15 p.m.•11 views

CVE-2023-48699

fastbots is a library for fast bot and scraper development using selenium and the Page Object Model POM design. Prior to version 0.1.5, an attacker could modify the locators.ini locator file with python code that without proper validation it's executed and it could lead to rce. The vulnerability ...

9.8CVSS0.00642EPSS

Exploits1References3

Prion•added 2023/11/21 11:15 p.m.•8 views

Code injection

7.5CVSS7.2AI score0.00642EPSS

Exploits1References3Affected Software1

OSV•added 2023/11/21 10:25 p.m.•11 views

CVE-2023-48699 fastbots Eval Injection vulnerability

8.4CVSS9AI score0.00642EPSS

Exploits1References5

CVE•added 2023/11/21 10:25 p.m.•37 views

CVE-2023-48699

Summary: CVE-2023-48699 corresponds to the fastbots vulnerability prior to 0.1.5 where the locators.ini file is loaded and evaluated without proper validation in page.py (def locator (self, locator_name: str)). This can allow an attacker to inject Python code and trigger remote code execution (RC...

9.8CVSS9.1AI score0.00642EPSS

Exploits1References3Affected Software1

Cvelist•added 2023/11/21 10:25 p.m.•11 views

CVE-2023-48699 fastbots Eval Injection vulnerability

8.4CVSS9.7AI score0.00642EPSS

Exploits1References3

OSV•added 2023/11/21 10:18 p.m.•19 views

GHSA-VCCG-F4GP-45X9 Eval Injection in fastbots

Impact An attacker could modify the locators.ini locator file with python code that without proper validation it's executed and it could lead to rce. The vulnerability is in the function def locatorself, locatorname: str in page.py. The vulnerable code that load and execute directly from the file...

8.4CVSS9.5AI score0.00642EPSS

Exploits1References5

Github Security Blog•added 2023/11/21 10:18 p.m.•19 views

Eval Injection in fastbots

9.8CVSS7.5AI score0.00642EPSS

Exploits1References5Affected Software1

CNNVD•added 2023/11/21 12:0 a.m.•0 views

fastbots security vulnerability

fastbots is a simple library for fast bot and crawler development using selenium and POM Page Object Model design. A security vulnerability exists in fastbots versions prior to 0.1.5, which stems from the incorrect neutralization of directives in the def locatorself, locatorname: str function in...

9.8CVSS7.2AI score0.00642EPSS

Exploits1References5

Positive Technologies•added 2023/11/21 12:0 a.m.•1 views

PT-2023-30907 · Fastbots · Fastbots

Name of the Vulnerable Software and Affected Versions: fastbots versions prior to 0.1.5 Description: The issue allows an attacker to modify the locators.ini locator file with Python code that, without proper validation, is executed and could lead to remote code execution RCE. The vulnerability is...

9.8CVSS9.5AI score0.00642EPSS

Exploits1References9

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by