Lucene search
+L

95 matches found

Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.8 views

PT-2025-46259

Name of the Vulnerable Software and Affected Versions Precise Columns versions prior to 1.1 Description The Precise Columns plugin for WordPress is susceptible to Stored Cross-Site Scripting through the wrap id shortcode attribute. The plugin does not properly sanitize user input or escape output...

6.4CVSS5.2AI score0.00176EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/22 8:27 a.m.3 views

CVE-2025-11811 Simple Youtube Shortcode <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Simple Youtube Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedyoutube' shortcode in all versions up to, and including, 1.1.3. This is due to insufficient input sanitization and output escaping on the 'id' attribute. This makes it possible for...

6.4CVSS4.7AI score0.00216EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/22 8:27 a.m.10 views

CVE-2025-11811 Simple Youtube Shortcode <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Simple Youtube Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedyoutube' shortcode in all versions up to, and including, 1.1.3. This is due to insufficient input sanitization and output escaping on the 'id' attribute. This makes it possible for...

6.4CVSS0.00216EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/22 8:27 a.m.5 views

EUVD-2025-35323

The Simple Youtube Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedyoutube' shortcode in all versions up to, and including, 1.1.3. This is due to insufficient input sanitization and output escaping on the 'id' attribute. This makes it possible for...

6.4CVSS4.6AI score0.00216EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/22 8:27 a.m.6 views

EUVD-2025-35322

The JB News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the 'jbticker' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS4.7AI score0.00271EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2017-17755

Malware in sbrugna...

5.3CVSS7.3AI score0.01573EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2025/09/10 11:27 p.m.4 views

SUSE CVE-2025-9943

An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...

7.3CVSS7.9AI score0.00368EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/08/07 5:31 a.m.4 views

libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may acce...

7.8CVSS6.3AI score0.00339EPSS
Exploits1References5
Veracode
Veracode
added 2025/06/12 7:3 a.m.6 views

LDAP Injection

Mattermost is vulnerable to LDAP Injection. The vulnerability is due to improper validation due to failure to sanitize LDAP group ID attributes in the /api/v4/ldap/groups/remoteid/link API when objectGUID is used as the Group ID Attribute...

4.1CVSS4.2AI score0.00236EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2025/06/11 12:30 p.m.26 views

Mattermost allows authenticated administrator to execute LDAP search filter injection

Mattermost versions 10.7.x = 10.7.1, 10.6.x = 10.6.3, 10.5.x = 10.5.4, 9.11.x = 9.11.13 fail to properly validate LDAP group ID attributes, allowing an authenticated administrator with PermissionSysconsoleWriteUserManagementGroups permission to execute LDAP search filter injection via the PUT...

4.1CVSS7.4AI score0.00236EPSS
Exploits0References8Affected Software2
OSV
OSV
added 2025/06/11 12:30 p.m.6 views

GHSA-4R67-4X4P-FPRG Mattermost allows authenticated administrator to execute LDAP search filter injection

Mattermost versions 10.7.x = 10.7.1, 10.6.x = 10.6.3, 10.5.x = 10.5.4, 9.11.x = 9.11.13 fail to properly validate LDAP group ID attributes, allowing an authenticated administrator with PermissionSysconsoleWriteUserManagementGroups permission to execute LDAP search filter injection via the PUT...

4.1CVSS7.4AI score0.00236EPSS
Exploits0References8
CVE
CVE
added 2025/06/11 10:22 a.m.61 views

CVE-2025-4573

Mattermost LDAP issue (CVE-2025-4573): 10.5.x–10.7.x and 9.11.x up to 9.11.13 fail to validate LDAP group ID attributes. An authenticated administrator with PermissionSysconsoleWriteUserManagementGroups can trigger LDAP search filter injection via PUT /api/v4/ldap/groups/{remote_id}/link when obj...

4.1CVSS4.7AI score0.00236EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/06/05 5:48 a.m.5 views

BIT-JOOMLA-2024-40748 [20250102] - Core - XSS vector in the id attribute of menu lists

Lack of output escaping in the id attribute of menu lists...

7.5CVSS6.7AI score0.00411EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 2:37 a.m.10 views

CVE-2023-5048

The WDContactFormBuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ContactFormBuilder' shortcode in versions up to, and including, 1.0.72 due to insufficient input sanitization and output escaping on 'id' user supplied attribute. This makes it possible for...

6.4CVSS6.1AI score0.00407EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/18 12:0 a.m.4 views

WordPress plugin Simple Signup Form SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A SQL injection...

6.5CVSS9.3AI score0.00375EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/07 4:22 p.m.13 views

CVE-2024-40748 [20250102] - Core - XSS vector in the id attribute of menu lists

Lack of output escaping in the id attribute of menu lists...

6.9AI score0.00411EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/07 12:0 a.m.8 views

PT-2025-2598 · Joomla +2 · Joomla! +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to a lack of output escaping in the id attribute of menu lists. This could potentially lead to issues where user input is not...

7.5CVSS5.9AI score0.00411EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/10/09 12:0 a.m.5 views

PT-2024-39393 · WordPress · The Curator.Io

Name of the Vulnerable Software and Affected Versions: The Curator.io: Show all your social media posts in a beautiful feed. plugin for WordPress versions up to, and including, 1.9 Description: The issue is related to Stored Cross-Site Scripting via the feed id attribute due to insufficient input...

6.4CVSS5.8AI score0.00303EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/06/18 12:0 a.m.11 views

PT-2024-30637 · WordPress · The Master Slider

Name of the Vulnerable Software and Affected Versions: The Master Slider – Responsive Touch Slider plugin for WordPress versions up to, and including, 3.9.10 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'ms layer' shortcode due to insufficient input sanitizati...

6.4CVSS6.1AI score0.00322EPSS
Exploits0References6
OSV
OSV
added 2024/06/07 5:15 a.m.5 views

CVE-2024-5640

The Prime Slider – Addons For Elementor Revolution of a slider, Hero Slider, Ecommerce Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ attribute within the Pacific widget in all versions up to, and including, 3.14.7 due to insufficient input sanitization and...

5.4CVSS5.9AI score0.00321EPSS
Exploits0References4
Rows per page
Query Builder