Lucene search
+L

107 matches found

CVE
CVE
added 2025/04/26 12:0 a.m.67 views

CVE-2025-46656

CVE-2025-46656 affects python-markdownify (markdownify) prior to 0.14.1. The flaw allows oversized heading prefixes (e.g., ) which can trigger excessive memory consumption when processing HTML to Markdown. Impact is Low (availability impact listed as Low in CVSS data; local attack vector with low...

3.3CVSS6.8AI score0.00192EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/04/26 12:0 a.m.6 views

CVE-2025-46656

python-markdownify aka markdownify before 0.14.1 allows large headline prefixes such as in addition to through . This causes memory consumption...

2.9CVSS6.8AI score0.00192EPSS
Exploits1References4
Patchstack
Patchstack
added 2025/02/21 9:57 p.m.5 views

WordPress Rife Elementor Extensions & Templates plugin <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Writing Effect Headline Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Writing Effect Headline Shortcode vulnerability discovered by zer0gh0st in WordPress Plugin Rife Elementor Extensions & Templates versions = 1.2.5...

6.4CVSS5.8AI score0.00278EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/01/02 12:15 p.m.6 views

CVE-2023-46195

Missing Authorization vulnerability in CoSchedule Headline Analyzer headline-analyzer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Headline Analyzer: from n/a through = 1.3.1...

6.5CVSS0.0031EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/02 12:0 p.m.7 views

CVE-2023-46195 WordPress Headline Analyzer plugin <= 1.3.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in CoSchedule Headline Analyzer headline-analyzer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Headline Analyzer: from n/a through = 1.3.1...

6.5CVSS7.3AI score0.0031EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/02 12:0 a.m.6 views

PT-2025-1506 · Coschedule · Coschedule Headline Analyzer

Name of the Vulnerable Software and Affected Versions: CoSchedule Headline Analyzer versions n/a through 1.3.1 Description: The issue is related to a Missing Authorization vulnerability in CoSchedule Headline Analyzer, which allows exploiting incorrectly configured access control security levels...

6.5CVSS9.4AI score0.0031EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/01/02 12:0 a.m.3 views

WordPress plugin Headline Analyzer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in th...

6.5CVSS8.5AI score0.0031EPSS
Exploits0References1
NVD
NVD
added 2024/09/12 6:15 a.m.20 views

CVE-2024-7860

The Simple Headline Rotator WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

6.1CVSS0.00177EPSS
Exploits1References1
OSV
OSV
added 2024/09/12 6:15 a.m.3 views

CVE-2024-7860

The Simple Headline Rotator WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

6.1CVSS5.8AI score0.00177EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/09/11 12:0 a.m.4 views

PT-2024-38637 · WordPress · Simple Headline Rotator

Name of the Vulnerable Software and Affected Versions: The Simple Headline Rotator WordPress plugin version 1.0 Description: The issue is related to the lack of CSRF checks in some places, as well as missing sanitization and escaping, which could allow attackers to make logged-in admins add Store...

6.1CVSS5.7AI score0.00177EPSS
Exploits1References7
Patchstack
Patchstack
added 2024/08/27 1:41 a.m.6 views

WordPress Simple Headline Rotator plugin <= 1.0 - Stored XSS via CSRF vulnerability

Stored XSS via CSRF vulnerability discovered by Daniel Ruf in WordPress Plugin Simple Headline Rotator versions = 1.0...

6.1CVSS6AI score0.00177EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2024/08/27 12:0 a.m.10 views

WordPress Simple Headline Rotator Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Simple Headline Rotator Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-7860 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 30c399c6a90f Credits Daniel Ruf...

6.1CVSS6.7AI score0.00177EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/07/02 8:15 a.m.6 views

CVE-2024-5504

The Rife Elementor Extensions & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute within the plugin's Writing Effect Headline widget in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user...

5.4CVSS6AI score0.00349EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/07/02 7:37 a.m.10 views

CVE-2024-5504 Rife Elementor Extensions & Templates <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Writing Effect Headline Widget

The Rife Elementor Extensions & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute within the plugin's Writing Effect Headline widget in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user...

6.4CVSS5.8AI score0.00349EPSS
Exploits0References4
CVE
CVE
added 2024/07/02 7:37 a.m.50 views

CVE-2024-5504

CVE-2024-5504 affects the Rife Elementor Extensions & Templates plugin for WordPress. The vulnerability is a Stored Cross-Site Scripting flaw in the Writing Effect Headline widget via the tag attribute, exploited by authenticated attackers with contributor-level access and above, due to insuffici...

6.4CVSS5.5AI score0.00349EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2024/07/02 2:3 a.m.4 views

WordPress Rife Elementor Extensions & Templates plugin <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Writing Effect Headline Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Writing Effect Headline Widget vulnerability discovered by wesley wcraft in WordPress Plugin Rife Elementor Extensions & Templates versions = 1.2.1...

6.4CVSS5.8AI score0.00349EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/07/02 12:0 a.m.5 views

WordPress plugin Rife Elementor Extensions & Templates Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.4CVSS6.1AI score0.00349EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/07/02 12:0 a.m.5 views

PT-2024-36463 · WordPress · Rife Elementor Extensions & Templates

Name of the Vulnerable Software and Affected Versions: Rife Elementor Extensions & Templates plugin for WordPress versions up to, and including, 1.2.1 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, specifically the tag attribute...

6.4CVSS7.2AI score0.00349EPSS
Exploits0References7
NVD
NVD
added 2024/04/24 3:15 p.m.18 views

CVE-2024-32806

Cross-Site Request Forgery CSRF vulnerability in CoSchedule Headline Analyzer.This issue affects Headline Analyzer: from n/a through 1.3.3...

4.3CVSS4.6AI score0.002EPSS
Exploits0References1
CVE
CVE
added 2024/04/24 2:52 p.m.58 views

CVE-2024-32806

Technical details for CVE-2024-32806 are not publicly available in the provided documents. Monitor for updates.

4.3CVSS5.1AI score0.002EPSS
Exploits0References1
Rows per page
Query Builder