Lucene search
K

11 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-25074

Malicious code in bioql PyPI...

5.4CVSS6.4AI score0.00222EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/12 12:0 a.m.4 views

PT-2025-32622 · WordPress · Simple Responsive Slider

Name of the Vulnerable Software and Affected Versions: Simple Responsive Slider versions prior to 2.0 Description: The Simple Responsive Slider plugin for WordPress is susceptible to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated...

6.4CVSS6.2AI score0.00232EPSS
Exploits0References8
Cvelist
Cvelist
added 2024/12/03 5:33 a.m.39 views

CVE-2024-10484 Spectra – WordPress Gutenberg Blocks <= 2.16.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Widget

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Team' widget in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00288EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/09/26 9:29 a.m.18 views

CVE-2024-9127 Super Testimonials <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via alignment Parameter

The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alignment’ parameter in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS0.00324EPSS
Exploits0References4
CVE
CVE
added 2024/07/18 2:3 a.m.24 views

CVE-2024-5964

CVE-2024-5964 (Zenon Lite theme) : WordPress Zenon Lite theme versions up to and including 1.9 are vulnerable to a stored XSS via the url parameter in the Button shortcode, caused by insufficient input sanitization and output escaping. Exploitation requires authentication at Contributor level or ...

6.4CVSS6AI score0.00302EPSS
Exploits0References2
NVD
NVD
added 2024/06/28 7:15 a.m.8 views

CVE-2024-5788

The Silesia theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ attribute within the theme's Button shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

6.4CVSS0.00331EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/15 5:45 a.m.18 views

CVE-2024-1399 Restaurant Menu and Food Ordering <= 2.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...

6.4CVSS5.8AI score0.00274EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/02 4:52 p.m.29 views

CVE-2024-2328 Real Media Library <= 4.22.11 - Authenticated (Author+) Stored Cross-Site Scripting

The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image title and alt text in all versions up to, and including, 4.22.11 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.8AI score0.00404EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/12/19 1:58 a.m.46 views

CVE-2023-6488 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'subutton', 'sumembers', and 'sutabs' shortcodes in all versions up to, and including, 7.0.0 due to insufficient input sanitization and output escaping on user supplie...

5.4CVSS5.2AI score0.00473EPSS
Exploits0References3
Prion
Prion
added 2023/11/07 12:15 p.m.11 views

Cross site scripting

The Bitly's plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpbitly' shortcode in all versions up to, and including, 2.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

4.9CVSS5.9AI score0.00521EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/04/19 9:38 a.m.30 views

CVE-2023-2169 TaxoPress <= 3.6.4 - Authenticated (Editor+) Stored Cross-Site Scripting

The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Related Posts functionality in versions up to, and including, 3.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Editor+ permissions to...

5.5CVSS5.2AI score0.0049EPSS
Exploits0References3
Rows per page
Query Builder