Lucene search
K

591 matches found

EUVD
EUVD
added 2025/11/11 6:30 a.m.6 views

EUVD-2025-60943

The Magazine Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headerHtmlTag' attribute in the bnm-blocks/featured-posts-1 block in all versions up to, and including, 1.2.3. This is due to insufficient input sanitization and output escaping when using...

6.4CVSS4.6AI score0.00199EPSS
Exploits0References4
OSV
OSV
added 2025/11/11 4:15 a.m.6 views

CVE-2025-12019

The Featured Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image metadata in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

5.5CVSS5.9AI score0.00428EPSS
Exploits1References6
NVD
NVD
added 2025/11/11 4:15 a.m.3 views

CVE-2025-12019

The Featured Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image metadata in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

5.5CVSS0.00428EPSS
Exploits1References7
NVD
NVD
added 2025/11/11 4:15 a.m.7 views

CVE-2025-11828

The Magazine Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headerHtmlTag' attribute in the bnm-blocks/featured-posts-1 block in all versions up to, and including, 1.2.3. This is due to insufficient input sanitization and output escaping when using...

6.4CVSS0.00199EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/11 3:30 a.m.3 views

CVE-2025-12019 Featured Image <= 2.1 - Authenticated (Admin+) Stored Cross-Site Scripting

The Featured Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image metadata in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.4CVSS4.7AI score0.00428EPSS
Exploits1References7
CVE
CVE
added 2025/11/11 3:30 a.m.18 views

CVE-2025-12019

CVE-2025-12019 affects the WordPress Featured Image plugin (versions up to 2.1). It is a Stored XSS via image metadata, requiring an authenticated attacker with administrator+ privileges, and applies to multi-site setups or sites with unfiltered_html disabled. The Wordfence report confirms the vu...

5.5CVSS4.7AI score0.00428EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2025/11/11 3:30 a.m.16 views

CVE-2025-11828 Magazine Companion <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Magazine Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headerHtmlTag' attribute in the bnm-blocks/featured-posts-1 block in all versions up to, and including, 1.2.3. This is due to insufficient input sanitization and output escaping when using...

6.4CVSS0.00199EPSS
Exploits0References4
CVE
CVE
added 2025/11/11 3:30 a.m.20 views

CVE-2025-11828

The Magazine Companion WordPress plugin (bnm-blocks/featured-posts-1 headerHtmlTag) is vulnerable to Stored XSS in all versions up to and including 1.2.3 due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at contributor level or higher, enabling...

6.4CVSS4.7AI score0.00199EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/11/11 12:0 a.m.5 views

WordPress plugin Featured Image 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

5.5CVSS5.8AI score0.00428EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.11 views

PT-2025-46253

Name of the Vulnerable Software and Affected Versions The Magazine Companion plugin for WordPress versions through 1.2.3 Description The Magazine Companion plugin for WordPress is susceptible to Stored Cross-Site Scripting through the headerHtmlTag attribute within the bnm-blocks/featured-posts-1...

6.4CVSS5.2AI score0.00199EPSS
Exploits0References5
Patchstack
Patchstack
added 2025/11/10 2:1 a.m.6 views

WordPress Quick Featured Images plugin <= 13.7.3 - Authenticated (Editor+) SQL Injection via delete_orphaned vulnerability

Authenticated Editor+ SQL Injection via deleteorphaned vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Quick Featured Images versions = 13.7.3...

4.9CVSS7.8AI score0.00301EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/09 9:56 a.m.13 views

CVE-2025-11980

The Quick Featured Images plugin for WordPress is vulnerable to SQL Injection via the 'deleteorphaned' function in all versions up to, and including, 13.7.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

4.9CVSS6.5AI score0.00301EPSS
Exploits0References1
NVD
NVD
added 2025/11/08 10:15 a.m.6 views

CVE-2025-11980

The Quick Featured Images plugin for WordPress is vulnerable to SQL Injection via the 'deleteorphaned' function in all versions up to, and including, 13.7.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

4.9CVSS0.00301EPSS
Exploits0References4
CVE
CVE
added 2025/11/08 9:28 a.m.15 views

CVE-2025-11980

CVE-2025-11980 affects the WordPress Quick Featured Images plugin prior to 13.7.4. The vulnerability is an SQL Injection in the delete_orphaned function due to insufficient escaping and unsafe SQL construction. Exploitation requires Editor+ privileges and user interaction (an author-level user mu...

4.9CVSS6.1AI score0.00301EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/08 12:0 a.m.3 views

PT-2025-45562

Name of the Vulnerable Software and Affected Versions Quick Featured Images plugin for WordPress versions prior to 13.7.4 Description The Quick Featured Images plugin for WordPress is susceptible to SQL Injection through the delete orphaned function. This is due to inadequate escaping of...

4.9CVSS7AI score0.00301EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/11/08 12:0 a.m.5 views

WordPress plugin Quick Featured Images SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A SQL injection...

4.9CVSS7.6AI score0.00301EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/11/08 12:0 a.m.6 views

PT-2025-45567

Name of the Vulnerable Software and Affected Versions Featured Image plugin for WordPress versions prior to 2.2 Description The Featured Image plugin for WordPress is susceptible to Stored Cross-Site Scripting through image metadata. Insufficient input sanitization and output escaping allows...

5.5CVSS5.2AI score0.00428EPSS
Exploits1References11
Cvelist
Cvelist
added 2025/11/01 6:40 a.m.11 views

CVE-2025-11499 Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent <= 1.1.32 - Unauthenticated Arbitrary File Upload

The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the setfeaturedimagefromexternalurl function in all versions up to, and including, 1.1.32. This makes it possible f...

9.8CVSS0.00975EPSS
Exploits0References3
CNVD
CNVD
added 2025/10/31 12:0 a.m.4 views

WordPress Plugin Auto Featured Image Server-Side Request Forgery Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A server-side request forgery vulnerability exists in the WordPress plugin Auto Featured Image,...

7.7CVSS6.5AI score0.00042EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/29 7:32 a.m.6 views

CVE-2025-10145

The Auto Featured Image Auto Post Thumbnail plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.7 via the uploadtolibrary function. This makes it possible for authenticated attackers, with Author-level access and above, to make web requests ...

7.7CVSS5.7AI score0.00042EPSS
Exploits0References1
Rows per page
Query Builder