CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

RedhatCVE•added 2025/11/12 3:46 a.m.•5 views

CVE-2025-11129

The Include Fussball.de Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api' and 'type' parameters in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5AI score0.00031EPSS

Exploits0References1

NVD•added 2025/11/11 4:15 a.m.•3 views

CVE-2025-11129

6.4CVSS0.00031EPSS

Exploits0References3

CVE•added 2025/11/11 3:30 a.m.•11 views

CVE-2025-11129

The WordPress plugin Include Fussball.de Widgets is vulnerable to Stored Cross‑Site Scripting via the api and type parameters in all versions up to 4.0.0. Exploitation requires Contributor‑level access or higher, and the XSS payload would execute when a user visits an injected page. CVE-2025-1112...

6.4CVSS4.7AI score0.00031EPSS

Exploits0References3

Vulnrichment•added 2025/11/11 3:30 a.m.•2 views

CVE-2025-11129 Include fussball.de Widgets <= 4.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'api' and 'type'

6.4CVSS4.7AI score0.00031EPSS

Exploits0References3

CNNVD•added 2025/11/11 12:0 a.m.•3 views

WordPress plugin Include Fussball.de Widgets 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS5.9AI score0.00031EPSS

Exploits0References3

Positive Technologies•added 2025/11/11 12:0 a.m.•3 views

PT-2025-46243

Name of the Vulnerable Software and Affected Versions Include Fussball.de Widgets plugin for WordPress versions up to and including 4.0.0 Description The software contains a Stored Cross-Site Scripting issue due to insufficient input sanitization and output escaping. Authenticated attackers with...

6.4CVSS5.4AI score0.00031EPSS

Exploits0References6

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-42568

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00193EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 10:39 a.m.•4 views

CVE-2024-47643

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alex Include Fussball.de Widgets include-fussball-de-widgets allows Stored XSS.This issue affects Include Fussball.de Widgets: from n/a through = 4.0.0...

6.5CVSS5.9AI score0.00193EPSS

Exploits0References1

NVD•added 2024/10/05 1:15 p.m.•12 views

CVE-2024-47643

6.5CVSS0.00193EPSS

Exploits0References1

CVE•added 2024/10/05 12:56 p.m.•39 views

CVE-2024-47643

CVE-2024-47643 affects WordPress plugin Include Fussball.de Widgets

6.5CVSS5.9AI score0.00193EPSS

Exploits0References1

Vulnrichment•added 2024/10/05 12:56 p.m.•12 views

CVE-2024-47643 WordPress Include Fussball.de Widgets plugin <= 4.0.0 - Cross Site Scripting (XSS) vulnerability

6.5CVSS5.2AI score0.00193EPSS

Exploits0References1

Positive Technologies•added 2024/10/05 12:0 a.m.•1 views

PT-2024-32701 · Unknown · Fussball.De Widgets

Name of the Vulnerable Software and Affected Versions: Include Fussball.De Widgets versions through 4.0.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS, where an attacker can...

6.5CVSS6.3AI score0.00193EPSS

Exploits0References5

Patchstack•added 2024/09/30 12:29 p.m.•3 views

WordPress Include Fussball.de Widgets plugin <= 4.0.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin Include Fussball.de Widgets versions = 4.0.0...

6.5CVSS6.1AI score0.00193EPSS

Exploits0Affected Software1

Patchstack•added 2024/09/30 12:0 a.m.•7 views

WordPress Include Fussball.de Widgets Plugin <= 4.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Include Fussball.de Widgets Type Plugin Vulnerable versions = 4.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47643 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e228304d4067 Credits stealthcopter Required...

6.5CVSS6.5AI score0.00193EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by