Lucene search
K

29 matches found

RedhatCVE
RedhatCVE
added 2026/04/13 7:25 p.m.7 views

CVE-2026-39683

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chief Gnome Garden Gnome Package garden-gnome-package allows DOM-Based XSS.This issue affects Garden Gnome Package: from n/a through = 2.4.1...

5.9CVSS5.8AI score0.00172EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 9:31 a.m.4 views

EUVD-2026-20369

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chief Gnome Garden Gnome Package garden-gnome-package allows DOM-Based XSS.This issue affects Garden Gnome Package: from n/a through = 2.4.1...

5.9AI score0.00172EPSS
Exploits0References2
NVD
NVD
added 2026/04/08 9:16 a.m.8 views

CVE-2026-39683

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chief Gnome Garden Gnome Package garden-gnome-package allows DOM-Based XSS.This issue affects Garden Gnome Package: from n/a through = 2.4.1...

5.9CVSS0.00172EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 8:30 a.m.20 views

CVE-2026-39683 WordPress Garden Gnome Package plugin <= 2.4.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chief Gnome Garden Gnome Package garden-gnome-package allows DOM-Based XSS.This issue affects Garden Gnome Package: from n/a through = 2.4.1...

5.9CVSS0.00172EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/08 8:30 a.m.3 views

CVE-2026-39683 WordPress Garden Gnome Package plugin <= 2.4.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chief Gnome Garden Gnome Package garden-gnome-package allows DOM-Based XSS.This issue affects Garden Gnome Package: from n/a through = 2.4.1...

5.8AI score0.00172EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/08 8:30 a.m.4 views

CVE-2026-39683

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chief Gnome Garden Gnome Package garden-gnome-package allows DOM-Based XSS.This issue affects Garden Gnome Package: from n/a through = 2.4.1...

5.9AI score0.00172EPSS
Exploits0References2
CVE
CVE
added 2026/04/08 8:30 a.m.8 views

CVE-2026-39683

CVE-2026-39683 affects the WordPress Garden Gnome Package plugin (garden-gnome-package) up to version 2.4.1. The issue is a DOM-based XSS caused by improper neutralization of input during web page generation. Affected component is the garden-gnome-package, with the root cause described as cross-s...

5.9CVSS5.9AI score0.00172EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.8 views

WordPress plugin Garden Gnome Package 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.9CVSS5.6AI score0.00172EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.7 views

PT-2026-31245

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chief Gnome Garden Gnome Package garden-gnome-package allows DOM-Based XSS.This issue affects Garden Gnome Package: from n/a through = 2.4.1...

5.9AI score0.00172EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-49330

Malicious code in bioql PyPI...

6.4CVSS6.5AI score0.00387EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-51155

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.00803EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 2:39 a.m.8 views

CVE-2023-5664

The Garden Gnome Package plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ggpkg' shortcode in all versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

6.4CVSS5.8AI score0.00557EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:23 a.m.5 views

CVE-2024-12854

The Garden Gnome Package plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the functionality that automatically extracts 'ggpkg' files that have been uploaded in all versions up to, and including, 2.3.0. This makes it possible for authenticated...

8.8CVSS7.8AI score0.00803EPSS
Exploits0References1
CVE
CVE
added 2025/01/08 9:18 a.m.48 views

CVE-2024-12854

CVE-2024-12854 concerns Garden Gnome Package (WordPress) where all versions up to 2.3.0 are vulnerable due to missing file type validation when extracting uploaded ggpkgs. This enables an attacker with Author+ privileges to upload arbitrary files to the server, with potential remote code executio...

8.8CVSS9.1AI score0.00803EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/08 9:18 a.m.9 views

CVE-2024-12854 Garden Gnome Package <= 2.3.0 - Authenticated (Author+) Arbitrary File Upload

The Garden Gnome Package plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the functionality that automatically extracts 'ggpkg' files that have been uploaded in all versions up to, and including, 2.3.0. This makes it possible for authenticated...

8.8CVSS7.8AI score0.00803EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/08 9:18 a.m.170 views

CVE-2024-12854 Garden Gnome Package <= 2.3.0 - Authenticated (Author+) Arbitrary File Upload

The Garden Gnome Package plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the functionality that automatically extracts 'ggpkg' files that have been uploaded in all versions up to, and including, 2.3.0. This makes it possible for authenticated...

8.8CVSS0.00803EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/01/08 12:0 a.m.4 views

WordPress plugin Garden Gnome Package 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

8.8CVSS8.5AI score0.00803EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/01/07 11:22 p.m.4 views

WordPress Garden Gnome Package plugin <= 2.3.0 - Authenticated (Author+) Arbitrary File Upload vulnerability

Authenticated Author+ Arbitrary File Upload vulnerability discovered by Lucio Sá in WordPress Plugin Garden Gnome Package versions = 2.3.0...

8.8CVSS7AI score0.00803EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/09/24 2:15 a.m.2 views

CVE-2024-8657

The Garden Gnome Package plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ggpkg shortcode in all versions up to, and including, 2.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.4CVSS5.9AI score0.00387EPSS
Exploits0References3
CVE
CVE
added 2024/09/24 1:56 a.m.49 views

CVE-2024-8657

The CVE-2024-8657 entry concerns the Garden Gnome Package plugin for WordPress (= 2.3.0 or apply vendor-provided patch; as a temporary measure, restrict access to the ggpkg shortcode to users below contributor level until patched.

6.4CVSS5.5AI score0.00387EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder