Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.9 views

CVE-2026-8707

The NS Product icon badge plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

6.1CVSS5.7AI score0.00211EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/27 9:14 a.m.12 views

WordPress NS Product icon badge plugin <= 1.2.4 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin NS Product icon badge versions = 1.2.4...

6.1CVSS5.8AI score0.00211EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/27 7:16 a.m.17 views

CVE-2026-8707

The NS Product icon badge plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

6.1CVSS0.00211EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/27 5:31 a.m.12 views

CVE-2026-8707 NS Product icon badge <= 1.2.4 - Reflected Cross-Site Scripting via PHP_SELF

The NS Product icon badge plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

6.1CVSS6AI score0.00211EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.15 views

PT-2026-43504

The NS Product icon badge plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP SELF in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...

6.1CVSS6AI score0.00211EPSS
Exploits0References7
Rows per page
Query Builder