Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 8:49 a.m.6 views

CVE-2025-23858

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hiren Patel Custom Users Order custom-users-order allows Reflected XSS.This issue affects Custom Users Order: from n/a through = 4.2...

7.1CVSS5.9AI score0.00257EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2025-2814

Malicious code in bioql PyPI...

7.6CVSS8.7AI score0.00574EPSS
Exploits0References1
NVD
NVD
added 2025/04/17 4:15 p.m.9 views

CVE-2025-23858

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hiren Patel Custom Users Order custom-users-order allows Reflected XSS.This issue affects Custom Users Order: from n/a through = 4.2...

7.1CVSS0.00257EPSS
Exploits0References1
CVE
CVE
added 2025/04/17 3:48 p.m.49 views

CVE-2025-23858

CVE-2025-23858 concerns the WordPress plugin Custom Users Order (versions n/a through 4.2). Multiple sources describe an improper neutralization of input during web page generation that enables Reflected XSS. The affected component is the plugin’s input handling/output rendering, with the root ca...

7.1CVSS5.9AI score0.00257EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/17 3:48 p.m.17 views

CVE-2025-23858 WordPress Custom Users Order Plugin <= 4.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hiren Patel Custom Users Order custom-users-order allows Reflected XSS.This issue affects Custom Users Order: from n/a through = 4.2...

7.1CVSS0.00257EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/11 5:43 p.m.13 views

CVE-2025-32645

Cross-Site Request Forgery CSRF vulnerability in Hiren Patel Custom Posts Order custom-posts-order allows Stored XSS.This issue affects Custom Posts Order: from n/a through = 4.4...

7.1CVSS7.2AI score0.00163EPSS
Exploits0References1
NVD
NVD
added 2025/04/09 5:15 p.m.25 views

CVE-2025-32645

Cross-Site Request Forgery CSRF vulnerability in Hiren Patel Custom Posts Order custom-posts-order allows Stored XSS.This issue affects Custom Posts Order: from n/a through = 4.4...

7.1CVSS0.00163EPSS
Exploits0References1
CVE
CVE
added 2025/04/09 4:9 p.m.51 views

CVE-2025-32645

CVE-2025-32645 : Affects WordPress plugin Custom Posts Order . Described as a CSRF to Stored Cross‑Site Scripting vulnerability with impact described as stored XSS. Affected versions: up to 4.4 (from the vulnerability entry). The provided documents do not include exploitation details, affected co...

7.1CVSS7.2AI score0.00163EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/09 12:0 a.m.10 views

PT-2025-15812 · Unknown · Hiren Patel Custom Posts Order

Name of the Vulnerable Software and Affected Versions: Hiren Patel Custom Posts Order versions through 4.4 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. Recommendations: For versions through 4.4, update to a version that includes a fix for this...

7.1CVSS7.5AI score0.00163EPSS
Exploits0References3
NVD
NVD
added 2025/01/07 4:15 p.m.6 views

CVE-2025-22536

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hiren.sabd WP Music Player wp-music-player allows SQL Injection.This issue affects WP Music Player: from n/a through = 1.3...

7.6CVSS0.00574EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/07 2:57 p.m.6 views

CVE-2025-22536 WordPress WP Music Player Plugin <= 1.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Hiren Patel WP Music Player allows SQL Injection.This issue affects WP Music Player: from n/a through 1.3...

7.6CVSS7.7AI score0.00574EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/07 2:57 p.m.19 views

CVE-2025-22536 WordPress WP Music Player Plugin <= 1.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hiren.sabd WP Music Player wp-music-player allows SQL Injection.This issue affects WP Music Player: from n/a through = 1.3...

7.6CVSS0.00574EPSS
Exploits0References1
Rows per page
Query Builder