Lucene search
K

591 matches found

Patchstack
Patchstack
added 2026/04/14 11:36 a.m.7 views

WordPress Featured Post Creative plugin <= 1.5.7 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin Featured Post Creative versions = 1.5.7...

5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/14 11:36 a.m.6 views

WordPress WP Featured Content and Slider plugin <= 1.7.6 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin WP Featured Content and Slider versions = 1.7.6...

5.8AI score
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/13 7:25 p.m.6 views

CVE-2026-39693

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fesomia FSM Custom Featured Image Caption fsm-custom-featured-image-caption allows DOM-Based XSS.This issue affects FSM Custom Featured Image Caption: from n/a through = 1.25.1...

5.9CVSS5.8AI score0.0014EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 9:31 a.m.4 views

EUVD-2026-20389

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fesomia FSM Custom Featured Image Caption fsm-custom-featured-image-caption allows DOM-Based XSS.This issue affects FSM Custom Featured Image Caption: from n/a through = 1.25.1...

5.9AI score0.0014EPSS
Exploits0References2
NVD
NVD
added 2026/04/08 9:16 a.m.5 views

CVE-2026-39693

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fesomia FSM Custom Featured Image Caption fsm-custom-featured-image-caption allows DOM-Based XSS.This issue affects FSM Custom Featured Image Caption: from n/a through = 1.25.1...

5.9CVSS0.0014EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 8:30 a.m.25 views

CVE-2026-39693 WordPress FSM Custom Featured Image Caption plugin <= 1.25.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fesomia FSM Custom Featured Image Caption fsm-custom-featured-image-caption allows DOM-Based XSS.This issue affects FSM Custom Featured Image Caption: from n/a through = 1.25.1...

5.9CVSS0.0014EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 8:30 a.m.15 views

CVE-2026-39693

CVE-2026-39693 affects the WordPress plugin FSM Custom Featured Image Caption by fesomia, with a DOM-Based XSS due to improper neutralization of input during web page generation. Affected versions are up to and including 1.25.1 . Red Hat/NVD/CVE records also confirm the issue and indicate the imp...

5.9CVSS5.9AI score0.0014EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/08 8:30 a.m.3 views

CVE-2026-39693

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fesomia FSM Custom Featured Image Caption fsm-custom-featured-image-caption allows DOM-Based XSS.This issue affects FSM Custom Featured Image Caption: from n/a through = 1.25.1...

5.9AI score0.0014EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/08 8:30 a.m.2 views

CVE-2026-39693 WordPress FSM Custom Featured Image Caption plugin <= 1.25.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fesomia FSM Custom Featured Image Caption fsm-custom-featured-image-caption allows DOM-Based XSS.This issue affects FSM Custom Featured Image Caption: from n/a through = 1.25.1...

5.8AI score0.0014EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.5 views

PT-2026-31255

Name of the Vulnerable Software and Affected Versions fesomia FSM Custom Featured Image Caption versions through 1.25.1 Description A DOM-Based Cross-Site Scripting XSS issue exists in the fesomia FSM Custom Featured Image Caption plugin. This allows for improper neutralization of input during we...

5.8AI score0.0014EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/03/30 7:42 a.m.9 views

WordPress Twentig plugin <= 1.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'featuredImageSizeWidth' vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'featuredImageSizeWidth' vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Twentig Supercharged Block Editor versions = 1.9.7...

6.4CVSS5.9AI score0.0016EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/03/29 2:16 a.m.8 views

CVE-2026-2602

The Twentig plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'featuredImageSizeWidth' parameter in versions up to, and including, 1.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS0.0016EPSS
Exploits0References2
CVE
CVE
added 2026/03/29 1:24 a.m.21 views

CVE-2026-2602

The CVE-2026-2602 entry concerns the Twentig WordPress plugin. A stored XSS flaw exists in the featuredImageSizeWidth parameter for versions up to 1.9.7 due to insufficient input sanitization and output escaping. Authenticated users with Contributor-level access or higher can inject arbitrary scr...

6.4CVSS6AI score0.0016EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/01 1:43 a.m.9 views

CVE-2026-27759

Featured Image from Content featured-image-from-content WordPress plugin versions prior to 1.7 contain an authenticated server-side request forgery vulnerability that allows Author-level users to fetch internal HTTP resources. Attackers can exploit insecure URL fetching and file write operations ...

5.3CVSS5.9AI score0.00234EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/27 10:17 p.m.4 views

CVE-2026-27759 Featured Image from Content < 1.7 Authenticated SSRF via save_post

Featured Image from Content featured-image-from-content WordPress plugin versions prior to 1.7 contain an authenticated server-side request forgery vulnerability that allows Author-level users to fetch internal HTTP resources. Attackers can exploit insecure URL fetching and file write operations ...

5.3CVSS5.9AI score0.00234EPSS
Exploits0References2
CVE
CVE
added 2026/02/27 10:17 p.m.17 views

CVE-2026-27759

The CVE-2026-27759 entry concerns the WordPress plugin Featured Image from Content, version

5.3CVSS5.9AI score0.00234EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/02/16 6:58 p.m.6 views

WordPress Auto Featured Image (Auto Post Thumbnail) plugin <= 4.1.7 - Authenticated (Author+) Server-Side Request Forgery vulnerability

Authenticated Author+ Server-Side Request Forgery vulnerability discovered by Nex Team in WordPress Plugin Auto Featured Image Auto Post Thumbnail versions = 4.1.7...

6.4CVSS5.5AI score0.0026EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/02/06 8:46 a.m.3 views

BIT-MASTODON-2026-25540 Mastodon's signature-dependent ActivityPub collection responses cached under signature-independent keys (Web Cache Poisoning via `Rails.cache`)

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.3.19, 4.4.13, 4.5.6, Mastodon is vulnerable to web cache poisoning via Rails.cache. When AUTHORIZEDFETCH is enabled, the ActivityPub endpoints for pinned posts and featured hashtags have contents that...

6.5CVSS5.4AI score0.00394EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/06 1:25 a.m.5 views

CVE-2026-25540

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.3.19, 4.4.13, 4.5.6, Mastodon is vulnerable to web cache poisoning via Rails.cache. When AUTHORIZEDFETCH is enabled, the ActivityPub endpoints for pinned posts and featured hashtags have contents that...

6.5CVSS5.4AI score0.00394EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/04 9:42 p.m.4 views

EUVD-2026-5329

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.3.19, 4.4.13, 4.5.6, Mastodon is vulnerable to web cache poisoning via Rails.cache. When AUTHORIZEDFETCH is enabled, the ActivityPub endpoints for pinned posts and featured hashtags have contents that...

6.5CVSS5.4AI score0.00394EPSS
Exploits0References1
Rows per page
Query Builder